From c422c1b15c3d1419c38725917f0f1bce3b3bbdfb Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Mon, 3 Feb 2020 01:26:05 +0700
Subject: [PATCH 1/6] Add note about browser usage

---
 readme.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/readme.md b/readme.md
index ac99b1a..82a29e9 100644
--- a/readme.md
+++ b/readme.md
@@ -10,6 +10,8 @@ Useful when you need to display, store, deduplicate, sort, compare, etc, URLs.
 $ npm install normalize-url
 ```
 
+*If you need to use this in the browser, use version 4: `npm i normalize-url@4`*
+
 ## Usage
 
 ```js

From e69796d35f858e593f6ea50ce4274942a3bb352c Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Sat, 25 Apr 2020 13:35:18 +0800
Subject: [PATCH 2/6] Add test for #108

---
 test.js | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/test.js b/test.js
index b2b226a..cdd1e02 100644
--- a/test.js
+++ b/test.js
@@ -263,3 +263,8 @@ test('data URL', t => {
 	t.is(normalizeUrl('data:,foo#bar', options), 'data:,foo');
 	t.is(normalizeUrl('data:,www.sindresorhus.com', options), 'data:,www.sindresorhus.com');
 });
+
+test('prevents homograph attack', t => {
+	// The input string uses Unicode to make it look like a valid `ebay.com` URL.
+	t.is(normalizeUrl('https://ebаy.com'), 'https://xn--eby-7cd.com');
+});

From 17177aa02eaa19a59a417dec6126750443450f77 Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Sat, 25 Apr 2020 13:39:52 +0800
Subject: [PATCH 3/6] Fix readme example

---
 index.d.ts | 4 ++--
 readme.md  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/index.d.ts b/index.d.ts
index 9339d73..2b73768 100644
--- a/index.d.ts
+++ b/index.d.ts
@@ -200,8 +200,8 @@ import normalizeUrl = require('normalize-url');
 normalizeUrl('sindresorhus.com');
 //=> 'http://sindresorhus.com'
 
-normalizeUrl('HTTP://xn--xample-hva.com:80/?b=bar&a=foo');
-//=> 'http://êxample.com/?a=foo&b=bar'
+normalizeUrl('//www.sindresorhus.com:80/../baz?b=bar&a=foo');
+//=> 'http://sindresorhus.com/baz?a=foo&b=bar'
 ```
 */
 declare function normalizeUrl(url: string, options?: normalizeUrl.Options): string;
diff --git a/readme.md b/readme.md
index 82a29e9..d09d3f6 100644
--- a/readme.md
+++ b/readme.md
@@ -20,8 +20,8 @@ const normalizeUrl = require('normalize-url');
 normalizeUrl('sindresorhus.com');
 //=> 'http://sindresorhus.com'
 
-normalizeUrl('HTTP://xn--xample-hva.com:80/?b=bar&a=foo');
-//=> 'http://êxample.com/?a=foo&b=bar'
+normalizeUrl('//www.sindresorhus.com:80/../baz?b=bar&a=foo');
+//=> 'http://sindresorhus.com/baz?a=foo&b=bar'
 ```
 
 ## API

From 14b79c6e35b11d8b16af11595000975ebcbbf01d Mon Sep 17 00:00:00 2001
From: George Cox <gcox18@gmail.com>
Date: Sun, 2 Aug 2020 07:05:52 -0400
Subject: [PATCH 4/6] Allow any protocol in the duplicate slashes normalization
 (#115)

---
 index.js |  2 +-
 test.js  | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 4bf5823..f7fc2e6 100644
--- a/index.js
+++ b/index.js
@@ -117,7 +117,7 @@ const normalizeUrl = (urlString, options) => {
 
 	// Remove duplicate slashes if not preceded by a protocol
 	if (urlObj.pathname) {
-		urlObj.pathname = urlObj.pathname.replace(/(?<!https?:)\/{2,}/g, '/');
+		urlObj.pathname = urlObj.pathname.replace(/(?<!\b(?:[a-z][a-z\d+\-.]{1,50}:))\/{2,}/g, '/');
 	}
 
 	// Decode URI octets
diff --git a/test.js b/test.js
index cdd1e02..4165f9a 100644
--- a/test.js
+++ b/test.js
@@ -205,6 +205,18 @@ test('remove duplicate pathname slashes', t => {
 	t.is(normalizeUrl('http://sindresorhus.com///foo'), 'http://sindresorhus.com/foo');
 	t.is(normalizeUrl('http://sindresorhus.com:5000//foo'), 'http://sindresorhus.com:5000/foo');
 	t.is(normalizeUrl('http://sindresorhus.com//foo'), 'http://sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com/s3://sindresorhus.com'), 'http://sindresorhus.com/s3://sindresorhus.com');
+	t.is(normalizeUrl('http://sindresorhus.com/s3://sindresorhus.com//foo'), 'http://sindresorhus.com/s3://sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com//foo/s3://sindresorhus.com'), 'http://sindresorhus.com/foo/s3://sindresorhus.com');
+	t.is(normalizeUrl('http://sindresorhus.com/git://sindresorhus.com'), 'http://sindresorhus.com/git://sindresorhus.com');
+	t.is(normalizeUrl('http://sindresorhus.com/git://sindresorhus.com//foo'), 'http://sindresorhus.com/git://sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com//foo/git://sindresorhus.com//foo'), 'http://sindresorhus.com/foo/git://sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com/a://sindresorhus.com//foo'), 'http://sindresorhus.com/a:/sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com/alongprotocolwithin50charlimitxxxxxxxxxxxxxxxxxxxx://sindresorhus.com//foo'), 'http://sindresorhus.com/alongprotocolwithin50charlimitxxxxxxxxxxxxxxxxxxxx://sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com/alongprotocolexceeds50charlimitxxxxxxxxxxxxxxxxxxxxx://sindresorhus.com//foo'), 'http://sindresorhus.com/alongprotocolexceeds50charlimitxxxxxxxxxxxxxxxxxxxxx:/sindresorhus.com/foo');
+	t.is(normalizeUrl('http://sindresorhus.com/a2-.+://sindresorhus.com'), 'http://sindresorhus.com/a2-.+://sindresorhus.com');
+	t.is(normalizeUrl('http://sindresorhus.com/a2-.+_://sindresorhus.com'), 'http://sindresorhus.com/a2-.+_:/sindresorhus.com');
+	t.is(normalizeUrl('http://sindresorhus.com/2abc://sindresorhus.com'), 'http://sindresorhus.com/2abc:/sindresorhus.com');
 });
 
 test('data URL', t => {

From 0ee9d949e5ade23e3d1199fa697a7974ec335613 Mon Sep 17 00:00:00 2001
From: George Cox <george@tundaware.com>
Date: Sun, 2 Aug 2020 07:34:22 -0400
Subject: [PATCH 5/6] Improve `stripWWW` logic (#117)

---
 index.js | 7 ++++---
 test.js  | 7 +++++++
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/index.js b/index.js
index f7fc2e6..e615cf8 100644
--- a/index.js
+++ b/index.js
@@ -147,10 +147,11 @@ const normalizeUrl = (urlString, options) => {
 		urlObj.hostname = urlObj.hostname.replace(/\.$/, '');
 
 		// Remove `www.`
-		if (options.stripWWW && /^www\.(?:[a-z\-\d]{2,63})\.(?:[a-z.]{2,5})$/.test(urlObj.hostname)) {
-			// Each label should be max 63 at length (min: 2).
-			// The extension should be max 5 at length (min: 2).
+		if (options.stripWWW && /^www\.(?!www\.)(?:[a-z\-\d]{1,63})\.(?:[a-z.\-\d]{2,63})$/.test(urlObj.hostname)) {
+			// Each label should be max 63 at length (min: 1).
 			// Source: https://en.wikipedia.org/wiki/Hostname#Restrictions_on_valid_host_names
+			// Each TLD should be up to 63 characters long (min: 2).
+			// It is technically possible to have a single character TLD, but none currently exist.
 			urlObj.hostname = urlObj.hostname.replace(/^www\./, '');
 		}
 	}
diff --git a/test.js b/test.js
index 4165f9a..fc5b5c2 100644
--- a/test.js
+++ b/test.js
@@ -75,6 +75,13 @@ test('stripWWW option', t => {
 	t.is(normalizeUrl('www.sindresorhus.com', options), 'http://www.sindresorhus.com');
 	t.is(normalizeUrl('http://www.êxample.com', options), 'http://www.xn--xample-hva.com');
 	t.is(normalizeUrl('sindre://www.sorhus.com', options), 'sindre://www.sorhus.com');
+
+	const options2 = {stripWWW: true};
+	t.is(normalizeUrl('http://www.vue.amsterdam', options2), 'http://vue.amsterdam');
+	t.is(normalizeUrl('http://www.sorhus.xx--bck1b9a5dre4c', options2), 'http://sorhus.xx--bck1b9a5dre4c');
+
+	const tooLongTLDURL = 'http://www.sorhus.' + ''.padEnd(64, 'a');
+	t.is(normalizeUrl(tooLongTLDURL, options2), tooLongTLDURL);
 });
 
 test('removeQueryParameters option', t => {

From ea4706f87d9ccd96e28e7f8dc0daa77a58a98e97 Mon Sep 17 00:00:00 2001
From: Sindre Sorhus <sindresorhus@gmail.com>
Date: Sun, 2 Aug 2020 13:35:30 +0200
Subject: [PATCH 6/6] 5.1.0

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 39b953a..f177130 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "normalize-url",
-	"version": "5.0.0",
+	"version": "5.1.0",
 	"description": "Normalize a URL",
 	"license": "MIT",
 	"repository": "sindresorhus/normalize-url",