fast-uri is a dependency-free RFC 3986 URI toolbox for Node.js that provides helpers to parse, serialize, resolve, normalize, and compare URIs. It is useful when you need to work with URI components consistently, including configurable parsing options and scheme-specific processing rules.
Project status
- Actively maintained, with very recent upstream activity (last push 2026-06-29) and multiple updates published in late June 2026 (v4.0.1, v3.1.3, and v4.0.0 within about a week to two weeks).
- Apparent update cadence is fairly active recently, with at least one update every few weeks and, in June 2026, several updates clustered closely together (including same-day tags), suggesting ongoing security and correctness work.
AI summary generated
Recent updates
v3.1.3
v3.1.3 is a security release referencing GHSA-4c8g-83qw-93j6. The release notes do not describe any functional behavior changes beyond the advisory fix.
Securityv4.0.1
fast-uri v4.0.1 ships a security release (GHSA-4c8g-83qw-93j6) and includes a documented change to normalize the parsed URI scheme to lowercase. The code diff, however, shows additional behavior changes around Unicode percent-encoding and IDN host canonicalization, plus TypeScript type export removals that are not described in the release notes.
BreakingSecurityv4.0.0
v4.0.0 migrates the type-test setup from tsd to tstyche, expands CI coverage to Node 26, and removes previously deprecated type exports. It also includes a fix to the percent-encoding/escaping logic used during URI normalization and escaping, with accompanying tests.
Breakingv3.1.2
fast-uri v3.1.2 is a security-focused release. Release notes state that malformed fragment decoding is now handled as a parse error instead of throwing. The code diff shows additional security and behavior changes beyond the documented fragment handling.
SecurityFeaturesv3.1.1
fast-uri v3.1.1 is primarily presented as a security release, with several CI and dev dependency maintenance updates. However, the code diff shows substantial changes to URI percent-encoding and path-escape normalization logic that can affect outputs of parse/normalize/equal and also changes what is exported from the package.
BreakingSecurityv3.1.0
v3.1.0 focuses on CI and test pipeline updates (node 24, browser testing, hardened workflow permissions) plus several URI correctness fixes. The library code also received substantial internal refactors in scheme handling and URI normalization utilities (IPv4/IPv6, dot segment removal, URN handling).
Featuresv3.0.6
v3.0.6 makes small refactors to the URI parsing and scheme detection logic, mainly simplifying condition checks and removing what the maintainers call “useless assertions.” It also adjusts the repository automation to reduce Dependabot update frequency.
v3.0.5
Release v3.0.5 focuses on maintaining compatibility with older Node.js versions (Node 10). The code changes mainly remove optional chaining syntax and the CI workflow adds a Node 10 regression test job. No runtime API changes are documented or evident in the diff.
v3.0.4
v3.0.4 mainly performs internal refactors and performance tweaks (cached IPv4 regex, optional chaining) while updating development tooling from Standard to NeoStandard/Eslint. It also includes README and CI/workflow configuration updates.
v3.0.3
Release v3.0.3 makes a small metadata correction in the fast-uri package manifest. The main change is updating the published npm license field.
Breakingv3.0.2
fast-uri v3.0.2 is a small release that switches the test runner from tap to tape, includes a minor serialization performance optimization, and updates the GitHub Actions workflows. It also claims a fix for parsing userinfo in URIs. The code diff shows the expected push-call optimizations and test framework changes, but there is an additional behavioral change in URI parsing for userinfo that is not spelled out in the release notes.
v3.0.1
v3.0.1 primarily addresses a fragment parsing incompatibility related to how URI fragments are decoded and re-encoded. The code change adjusts fragment handling behavior in the core `parse` function, and the release also adds an AJV-based test to validate URI resolver compatibility.
v3.0.0
v3.0.0 updates fast-uri parsing logic to better distinguish IP hosts from domain names during IDN conversion, and it improves internal IPv6 hex normalization. The release also adds extensive compatibility tests derived from uri-js and adjusts CI/test tooling.
Features