Creates and parses the HTTP Content-Disposition header for JavaScript and Node.js, with helpers to generate header strings and decode or encode parameters (including Unicode via RFC 5987). Useful when sending files for download or handling browser multipart/form-data headers.
Project status
- Actively maintained: The project shows recent GitHub activity (last upstream push 2026-06-01) and multiple versioned updates in 2026, including v2.0.1 (2026-05-28) and v2.0.0 (2026-05-11).
- Update cadence: After the major v2.0.0, a follow-up v2.0.1 arrived about 17 days later, suggesting an active, responsive maintenance pattern in the current period (as of 2026-06-11).
AI summary generated
Recent updates
v2.0.1
v2.0.1 primarily adjusts how Content-Disposition parameters are parsed and formatted. The change set updates RFC references and improves handling of empty parameter values, with additional logic around extended (RFC 8187) parameters and duplicates.
v2.0.0
v2.0.0 is a major refactor that rewrites the Content-Disposition parser for speed and more permissive handling, adds new parsing options (extended and multipart behaviors), and switches the public API to named exports. It also changes how `create` generates filenames, removing basename-style normalization and limiting the basic `filename` parameter to ASCII while using extended parameters for Unicode. The project is migrated to TypeScript and reorganized around a new `dist/` build output.
BreakingFeaturesv1.1.0
v1.1.0 focuses on making content-disposition usable outside Node.js by removing the `node:path` dependency and changing UTF-8 extended-field decoding logic. The main runtime changes are in `index.js`, where UTF-8 decoding now prefers `decodeURIComponent` with a fallback path for invalid encodings.
Featuresv1.0.1
v1.0.1 is primarily a maintenance release that drops the safe-buffer dependency, raises the supported Node.js runtime to Node 18+, and modernizes the test setup. It also updates documentation badges/examples and significantly refreshes GitHub Actions workflows (CI, CodeQL, scorecard) plus adds Dependabot.
Breakingv1.0.0
Release v1.0.0 primarily modernizes the project for Node.js 18+ and adjusts internal string handling by replacing deprecated String.prototype.substr() usages with slice(). It also adds support for decoding the content-disposition charset token "utf8" as an alias for "utf-8" and updates CI tooling, including adding an OSSF Scorecard workflow.
BreakingSecurityFeaturesv0.5.4
Release v0.5.4 primarily updates the runtime dependency safe-buffer from 5.1.2 to 5.2.1. The code diff also includes multiple non-runtime changes, including CI migration from Travis to GitHub Actions, tooling upgrades (eslint, mocha, eslint plugins), lint configuration changes, and test assertion updates.
v0.5.3
Release v0.5.3 updates the library to use `safe-buffer` for Buffer API safety. The code diff also includes additional internal behavior changes beyond this stated goal.
v0.5.2
Release v0.5.2 primarily adjusts the `parse` logic to be more permissive about linear whitespace (LWS) characters when parsing Content-Disposition header values. The code diff also includes internal regex refactors and some repository-level tooling and CI updates (linting, Travis matrix, devDependencies).
v0.5.1
Release 0.5.1 is described as a performance tweak to enable strict mode. The code change is limited to adding 'use strict' to the main entry file, but the release also includes CI and dev dependency updates that are not mentioned in the release notes.
v0.5.0
Release 0.5.0 adds a new API, `contentDisposition.parse`, and updates documentation to describe parsing of HTTP `Content-Disposition` headers. The implementation also includes substantial internal refactoring of `index.js`, including new RFC grammar regexes and a different code path for building/formatting `Content-Disposition` output.
Features