{"id":15754961,"url":"https://github.com/killmenot/valid-data-url","last_synced_at":"2025-10-10T10:46:44.732Z","repository":{"id":50455754,"uuid":"58363083","full_name":"killmenot/valid-data-url","owner":"killmenot","description":"Detect if a string is a data URL","archived":false,"fork":false,"pushed_at":"2023-10-19T04:29:07.000Z","size":187,"stargazers_count":23,"open_issues_count":2,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-29T16:06:09.220Z","etag":null,"topics":["data-uri","data-url","validation"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/killmenot.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-05-09T09:02:08.000Z","updated_at":"2025-06-30T02:26:01.000Z","dependencies_parsed_at":"2024-06-18T15:28:44.750Z","dependency_job_id":null,"html_url":"https://github.com/killmenot/valid-data-url","commit_stats":{"total_commits":60,"total_committers":4,"mean_commits":15.0,"dds":0.08333333333333337,"last_synced_commit":"01c3ae1eeab8a9ad6867fc360da8cbe8e288513e"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/killmenot/valid-data-url","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/killmenot%2Fvalid-data-url","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/killmenot%2Fvalid-data-url/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/killmenot%2Fvalid-data-url/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/killmenot%2Fvalid-data-url/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/killmenot","download_url":"https://codeload.github.com/killmenot/valid-data-url/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/killmenot%2Fvalid-data-url/sbom","scorecard":{"id":560123,"data":{"date":"2025-08-11","repo":{"name":"github.com/killmenot/valid-data-url","commit":"01c3ae1eeab8a9ad6867fc360da8cbe8e288513e"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.8,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 2/28 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/ci.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":5,"reason":"dependency not pinned by hash detected -- score normalized to 5","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/killmenot/valid-data-url/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/killmenot/valid-data-url/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/killmenot/valid-data-url/ci.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yaml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/killmenot/valid-data-url/ci.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yaml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/killmenot/valid-data-url/ci.yaml/master?enable=pin","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   2 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 5 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"11 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5","Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-20T13:25:31.053Z","repository_id":50455754,"created_at":"2025-08-20T13:25:31.053Z","updated_at":"2025-08-20T13:25:31.053Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279003547,"owners_count":26083595,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-10T02:00:06.843Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-uri","data-url","validation"],"created_at":"2024-10-04T08:06:06.274Z","updated_at":"2025-10-10T10:46:44.715Z","avatar_url":"https://github.com/killmenot.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Detect if a string is a data URL\n\n[![Build Status](https://github.com/killmenot/valid-data-url/actions/workflows/ci.yaml/badge.svg?branch=master)](https://github.com/killmenot/valid-data-url/actions?query=branch%3Amaster) [![Coverage Status](https://coveralls.io/repos/github/killmenot/valid-data-url/badge.svg?branch=master)](https://coveralls.io/github/killmenot/valid-data-url?branch=master) [![Dependency Status](https://img.shields.io/librariesio/release/npm/valid-data-url)](https://libraries.io/npm/valid-data-url) [![npm](https://img.shields.io/npm/v/valid-data-url.svg)](https://www.npmjs.com/package/valid-data-url) [![npm](https://img.shields.io/npm/dm/valid-data-url.svg)](https://www.npmjs.com/package/valid-data-url)\n\nBased on [Brian Grinstead](https://github.com/bgrins)'s solution https://gist.github.com/bgrins/6194623. Special thanks to [Jamie Davis](https://github.com/davisjam) for helping to fix [ReDoS](https://www.regular-expressions.info/redos.html) exploit.\n\n\n## Syntax\n\nThe \"data\" URL scheme is described here [RFC2397](https://tools.ietf.org/html/rfc2397)\n\n    dataurl    := \"data:\" [ mediatype ] [ \";base64\" ] \",\" data\n    mediatype  := [ type \"/\" subtype ] *( \";\" parameter )\n    data       := *urlchar\n    parameter  := attribute \"=\" value\n\nwhere `urlchar` is imported from [RFC2396](https://www.ietf.org/rfc/rfc2045.txt), and `type`, `subtype`, `attribute` and `value` are the corresponding tokens from [RFC2045](https://www.ietf.org/rfc/rfc2045.txt), represented using URL escaped encoding of [RFC2396](https://www.ietf.org/rfc/rfc2396.txt) as necessary.\n\nAttribute values in [RFC2045](https://www.ietf.org/rfc/rfc2045.txt) are allowed to be either represented as tokens or as quoted strings. However, within a `data` URL, the `quoted-string` representation would be awkward, since the quote mark is itself not a valid urlchar. For this reason, parameter values should use the URL Escaped encoding instead of quoted string if the parameter values contain any `tspecial`.\n\nThe `;base64` extension is distinguishable from a content-type parameter by the fact that it doesn't have a following `=` sign.\n\n\n## Install\n\n```\nnpm install valid-data-url\n\n```\n\n\n## Example\n\n```javascript\n'use strict';\n\nvar validDataUrl = require('valid-data-url');\nvar isValid = validDataUrl('data:text/plain;base64,SGVsbG8sIFdvcmxkIQ%3D%3D'); // true\n\n```\n\n## People\n\nThe original author is [Brian Grinstead](https://github.com/bgrins)\n\n\n## Contributors\n\n - [Gary Guagliardo Jr](https://github.com/guag)\n - [Steve Powell](https://github.com/steve-p-com)\n - [Rob Garrison](https://github.com/Mottie)\n - [Frank Tan](https://github.com/tansongyang)\n - [Jamie Davis](https://github.com/davisjam)\n - [Bogdan Chadkin](https://github.com/TrySound)\n - [Jon Ursenbach](https://github.com/erunion)\n\n\n## Licence\n\nThe MIT License (MIT)\n\n    Permission is hereby granted, free of charge, to any person obtaining a copy\n    of this software and associated documentation files (the \"Software\"), to deal\n    in the Software without restriction, including without limitation the rights\n    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n    copies of the Software, and to permit persons to whom the Software is\n    furnished to do so, subject to the following conditions:\n\n    The above copyright notice and this permission notice shall be included in all\n    copies or substantial portions of the Software.\n\n    THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\n    SOFTWARE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkillmenot%2Fvalid-data-url","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkillmenot%2Fvalid-data-url","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkillmenot%2Fvalid-data-url/lists"}