{"id":42940012,"url":"https://github.com/mobilemind/js2uri","last_synced_at":"2026-01-30T20:04:34.047Z","repository":{"id":6161686,"uuid":"7391322","full_name":"mobilemind/js2uri","owner":"mobilemind","description":"grunt plugin to convert a JavaScript file into a javascript: URI.","archived":false,"fork":false,"pushed_at":"2025-12-24T07:53:09.000Z","size":1296,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-25T06:38:57.165Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"IQSS/dataverse","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mobilemind.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-MIT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2012-12-31T22:10:28.000Z","updated_at":"2025-12-24T07:53:11.000Z","dependencies_parsed_at":"2023-01-14T11:32:34.763Z","dependency_job_id":"f16035c5-e3f9-4018-b594-f49998ef778f","html_url":"https://github.com/mobilemind/js2uri","commit_stats":{"total_commits":548,"total_committers":4,"mean_commits":137.0,"dds":0.25,"last_synced_commit":"6c6c90dfb857ae41b131b096e19210a485ef250e"},"previous_names":[],"tags_count":84,"template":false,"template_full_name":null,"purl":"pkg:github/mobilemind/js2uri","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilemind%2Fjs2uri","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilemind%2Fjs2uri/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilemind%2Fjs2uri/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilemind%2Fjs2uri/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mobilemind","download_url":"https://codeload.github.com/mobilemind/js2uri/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mobilemind%2Fjs2uri/sbom","scorecard":{"id":655396,"data":{"date":"2025-08-11","repo":{"name":"github.com/mobilemind/js2uri","commit":"fc433bd2797aa4b672df17aac0a68743d061ce8f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":6,"checks":[{"name":"Maintained","score":10,"reason":"17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/13 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/linter.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/linter.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/linter.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/linter.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-grunt.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/npm-grunt.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-grunt.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/mobilemind/js2uri/npm-grunt.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/linter.yml:27","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:20","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:21","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: no topLevel permission defined: .github/workflows/linter.yml:1","Warn: no topLevel permission defined: .github/workflows/npm-grunt.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-MIT:0","Info: FSF or OSI recognized license: MIT License: LICENSE-MIT:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: SAST configuration detected: CodeQL","Info: all commits (26) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":7,"reason":"3 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T14:30:58.494Z","repository_id":6161686,"created_at":"2025-08-21T14:30:58.499Z","updated_at":"2025-08-21T14:30:58.499Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28918235,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T19:10:10.838Z","status":"ssl_error","status_checked_at":"2026-01-30T19:06:40.573Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-30T20:04:33.436Z","updated_at":"2026-01-30T20:04:34.039Z","avatar_url":"https://github.com/mobilemind.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# js2uri\n\n![repo version](https://img.shields.io/github/package-json/v/mobilemind/js2uri.svg)\n [![Latest version on npmjs.com][npm-image]][npm-url]\n [![Downloads from npmjs.com][npm-downloads]][npm-url]\n [![CodeQL](https://github.com/mobilemind/js2uri/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/mobilemind/js2uri/actions/workflows/codeql-analysis.yml)\n [![CI Tests](https://github.com/mobilemind/js2uri/actions/workflows/ci.yml/badge.svg)](https://github.com/mobilemind/js2uri/actions/workflows/ci.yml)\n [![Codacy Badge](https://app.codacy.com/project/badge/Grade/e2c182cf61e942a8bffdc038a7301be9)](https://www.codacy.com/gh/mobilemind/js2uri/dashboard?utm_source=github.com\u0026amp;utm_medium=referral\u0026amp;utm_content=mobilemind/js2uri\u0026amp;utm_campaign=Badge_Grade)\n\ngrunt plugin to convert a JavaScript file to a URI, such as a `javascript:`\nbookmarklet or an iOS app protocol scheme link.\n\n## Zero Dependencies\n\n**js2uri has ZERO production dependencies.** This means:\n\n- **Enhanced Security:** No transitive dependency vulnerabilities\n- **Supply Chain Safety:** Minimal attack surface for supply chain attacks\n- **Faster Installs:** Nothing to download or install\n- **Zero Maintenance Burden:** No dependency updates or compatibility issues\n- **Complete Transparency:** Easy to audit and verify\n\nThe only peerDependency is `grunt` (\u003e=1.6.1), which you install separately if needed. Tests use Node.js built-in test runner - no external test frameworks required.\n\n## Compatibility\n\n**Current Version:** Requires Node.js \u003e=22.12.0 and npm \u003e=11.5.1\n\nVersion 1.18.2 harden build \u0026 ci for greater resistance against supply chain attack\n\nVersion 1.18.1 improved supply security, refined .npmrc, \u0026 reduced published package size\n\nVersion 1.14.4 drops support \u0026 testing for node \u003c 20.19.5 (tests node 25.x \u0026 drops 23.x)\n\nVersion 1.14.0 drops support \u0026 testing for node \u003c 18.20.0\n\nVersion 1.13.5 drops support \u0026 testing for node \u003c 18.15.0\n\nVersion 1.13.0 drops support \u0026 testing for node \u003c 18.13.0\n\nVersion 1.12.0 drops support \u0026 testing for node \u003c 16.14.0\n\nVersion 1.11.2 drops support \u0026 testing for node \u003c 16.13.0\n\nVersion 1.11.0 drops support \u0026 testing for node \u003c 16.8.0\n\nVersion 1.10.0 drops support \u0026 testing for node \u003c 14.18.4\n\nVersion 1.9.0 drops support \u0026 testing for node \u003c 12.0.1\n\nVersion 1.8.0 drops snyk in build process as it doubled the dependencies\n\nVersion 1.7.0 drops support \u0026 testing for node \u003c 10.0.0\n\nVersion 1.6.1 drops support \u0026 testing for node \u003c 9.0.0\n\nVersion 1.4.0 begins a focus on the contemporary LTS releases of `node`.\n\nVersion 1.3.0 begins grunt 0.4.0 compatibility and ends compatibility with\nearlier versions of grunt. Use [js2uri 1.2.0] if you require grunt 0.3.x\ncompatibility.\n\n## Example\n\nThe code\n\n```javascript\nalert(\"Hi. The active URL is: \" + location.href);\n```\n\nbecomes\n\n```url\njavascript:alert('Hi.%20The%20active%20URL%20is:%20'%20+%20location.href);void'0'\n```\n\nNote that the \"0\" in `void'0'` can be used to embed a custom version number in\na bookmarklet.\n\n## Getting Started\n\n### Install\n\nInstall this grunt plugin into the project with:\n`npm install js2uri --save-dev`. The `--save-dev` option adds `js2uri` to the\n_devDependencies_ section of the project [package.json] file.\n\n### Edit Gruntfile.js\n\nAdd the following to the `grunt.initConfig` section of the project\n`Gruntfile.js` file:\n\n```javascript\n\"js2uri\": {\n  \"dist/uriVersionOflintedAndMinifiedFile.js\": [\"dist/lintedAndMinifiedFile.js\"]\n}\n```\n\nEdit the values for the `dist/uriVersion...` (destination) and\n`dist/linted...` (source) as appropriate.\n\nBelow `grunt.initConfig` section, add this line to the project `Gruntfile.js`.\n\n```javascript\n// load external task\ngrunt.loadNpmTasks(\"js2uri\");\n```\n\nFinally, ensure that `jshint` (or `eslint`) and `uglify` tasks are called\nbefore `js2uri`, such as here:\n\n```javascript\n// default task\ngrunt.registerTask(\"default\", [\"jshint\", \"uglify\", \"js2uri\"]);\n```\n\n## Documentation\n\nThe elaborated `Gruntfile.js` below may clarify expectations and options\nrelating to `js2uri`. As of js2uri v1.3.0 the [grunt] 0.4.x \"target data\"\nformats are supported for specifying files. See\n[gruntjs documentation - Configuring Tasks: files].\n\n```javascript\ngrunt.initConfig({\n  // eslint - Critical eslint rules to disable: no-void, no-script-url\n  // Example .eslintrc.yml config file--\n  // \"env\":\n  //   \"browser\": true\n  //   \"es6\": true\n  //   \"node\": true\n  // \"extends\": \"eslint:recommended\"\n  // \"rules\":\n  //   \"no-void\": 0\n  //   \"no-script-url\": 0\n  //\n  // jshint - Critical jshint option: browser \u0026 scripturl (allow)\n  // \"jshint\": {\n  //   \"options\": {\n  //     \"browser\": true,\n  //     \"scripturl\": true\n  //   }\n  // },\n  //\n  // uglify-js - Note: you may need to 'tune' options for your source\n  // \"uglify\": {\n  //   \"options\": {\n  //     \"codegen\": {\"quote_keys\": false}\n  //     \"mangle\": {\"toplevel\": true},\n  //     \"squeeze\": {\"conditionals\": false, \"hoist_vars\": true, \"sequences\": false},\n  //   }\n  // },\n  //\n  // ** js2uri ** default options are shown\n  \"js2uri\": {\n    \"options\": {\n      \"appendVersion\": false,\n      \"appendVoid\": true,\n      \"customVersion\": \"\", // use this if set, ELSE use meta shown below (if available)\n      \"entityEncode\": false,\n      \"forceLastSemicolon\": false,\n      \"noLastSemicolon\": true,\n      \"protocol\": \"javascript:\",\n      \"useNewlineEOL\": true,\n      \"useSingleQuote\": false\n    }\n  },\n  // if meta object exists js2uri will use version as options.customVersion value\n  \"meta\": {\n    \"version\": \"1.0.0\",\n  }\n});\n// ...\n// Load \"js2uri\" plugin\ngrunt.loadNpmTasks(\"js2uri\");\n// Default task could start w/eslint or jshint\ngrunt.registerTask(\"default\", [\"eslint\", \"uglify\", \"js2uri\"]);\n```\n\n## Contributing\n\nIn lieu of a formal style guide, take care to maintain the existing coding\nstyle. Add unit tests for any new or changed functionality. Lint and test the\ncode.\n\n## Release History\n\n1.18.0: requires npm \u003e=11.5.1; migrates to npm trusted publishing with OIDC (eliminates token management)\n\n1.17.0: drops support for node \u003c 22.12 and begins \"zero dependency\" approach\nwith new CI\n\n1.16.0: drops support for node \u003c 22.12 and begins \"zero dependency\" approach\nwith new CI\n\n1.15.4: update test coverage to node 25.x, update to node \u003e=20.19.5 \u0026 bump version, update README \u0026 regenerate package-lock.json\n\n1.15.3: no functional changes; update ci actions for node 24.x, bump version, update lockfile, republish\n\n1.15.1: no functional change; integrate cspell for use with git pre-push hook,\nfix typos, update lockfile\n\n1.15.0: require node ≥ 20.18.0 (node 20 in maintenance mode), drop support for\nnode 18, bump version, update lockfile\n\n1.14.0: require node ≥ 18.20.0 (node 18 in maintenance mode), bump version,\nupdate lockfile\n\n1.13.6: require node \u003e 18.18.1 (node 18 in maintenance mode)\n\n1.13.0: requires node \u003e18.12.1 \u0026 drops node 16 tests; update README \u0026 lockfile\n\n1.12.0: requires node \u003e16.14; updated devDependencies with\ngrunt-contrib-nodeunit 5.0.0\n\n1.11.0: update grunt \u0026 node dependencies; now requires node \u003e16.8\n\n1.10.2: update CI \u0026 docs, republish w/new npm credentials\n\n1.10.0: drop support for node 12, as 14 becomes node LTS\n\n1.9.0: drop support for node 10, as 12 becomes node LTS\n\n1.8.0: drop snyk as it doubled dependencies \u0026 increased build time; rely on renovatebot\n\n1.7.0: drop node 8 support; require node 10+\n\n1.6.3: add `.npmignore` to repo to facilitate `npm publish` ; bump version\n\n1.6.2: at long last properly make `grunt` a _peerDependency_ ; bump version\n\n1.6.0: drop support for node \u003c= 7.0; bump version\n\n1.5.0: drop node 5 support; revise for eslint 4.0.0 reviews, bump version\n\n1.4.0: update to use LTS releases of `node` (4.x, 5.x) and `grunt-contrib-...`\n1.x releases\n\n1.3.0: February 18, 2013 - Update for compatibility to [grunt] v0.4.x,\nimproved package.json, update README\n\n1.2.0 January 9, 2013 - add more tests, add `entityEncode:` option for\nencoding '\u003c', '\u003e' and '\u0026'.\n\n1.1.0 January 6, 2013 - adds new options for `protocol:`, `customVersion:`,\nand `forceLastSemicolon:`.\n\n1.0.0 December 31, 2012 - initial release\n\n## License\n\nCopyright (c) 2012-2026 Tom King\nLicensed under the MIT license.\n\n\u003c!-- reference URLs --\u003e\n\n[npm-image]: https://img.shields.io/npm/v/js2uri.svg\n\n[npm-downloads]: https://img.shields.io/npm/dm/js2uri.svg\n\n[npm-url]: https://www.npmjs.com/package/js2uri\n\n[grunt]: http://gruntjs.com/\n\n[gruntjs documentation - Configuring Tasks: files]: http://gruntjs.com/configuring-tasks#files\n\n[package.json]: https://docs.npmjs.com/files/package.json\n\n[js2uri 1.2.0]: https://github.com/mobilemind/js2uri/tree/1.2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobilemind%2Fjs2uri","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmobilemind%2Fjs2uri","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmobilemind%2Fjs2uri/lists"}