Encode a URL into a percent-encoded form, leaving already-encoded sequences alone. Useful for safely encoding user-controlled URLs for cases like building HTML output or header values, without throwing errors. It percent-encodes non-URL code points as UTF-8 and avoids re-encoding characters like “%” when it is part of a valid escape sequence.
Project status
- The source appears to have ongoing repository activity (upstream push on 2026-01-03), but there are no documented updates after v2.0.0 (2024-03-29), so it looks mostly quiet with occasional changes rather than consistently active maintenance.
- Update cadence is low: the last tagged update was in Mar 2024, which is over a year ago relative to 2026-06-09, suggesting a slower release rhythm.
AI summary generated
Recent updates
v2.0.0
v2.0.0 changes encodeurl's percent-encoding behavior to better align with the WHATWG URL specification. The release specifically focuses on stopping encoding for the characters backslash, caret, and pipe, which also addresses a security concern described in the release notes.
BreakingSecurityv1.0.2
Release v1.0.2 contains a fix for how the module encodes a trailing percent sign character. The core code change adjusts the URL-encoding regex, and the test suite is updated accordingly to reflect the new behavior.
v1.0.1
Release v1.0.1 contains a targeted fix for how the library handles unpaired surrogate code points when they occur at the beginning or end of the input string. The code change updates the surrogate-detection regular expression to correctly match these edge positions, and the test suite was expanded to cover those cases.
v1.0.0
This release is version 1.0.0 and is labeled as the initial release. No release notes details are provided beyond stating that the project is newly published.