Skip to content

Commit

Permalink
doc: clarify the meaning of legacy status
Browse files Browse the repository at this point in the history
Fixes: nodejs#42230
Fixes: nodejs#42232

Signed-off-by: Darshan Sen <raisinten@gmail.com>

PR-URL: nodejs#42269
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Mestery <mestery@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
  • Loading branch information
RaisinTen authored and xtx1130 committed Apr 25, 2022
1 parent 0f37a9d commit bfa9b88
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 8 deletions.
10 changes: 7 additions & 3 deletions doc/api/documentation.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,13 @@ The stability indices are as follows:
<!-- separator -->

> Stability: 3 - Legacy. The feature is no longer recommended for use. While it
> likely will not be removed, and is still covered by semantic-versioning
> guarantees, use of the feature should be avoided.
> Stability 3 - Legacy. Although this feature is unlikely to be removed and is
> still covered by semantic-versioning guarantees, it is no longer actively
> maintained, and other alternatives are available.
Features are marked as legacy rather than being deprecated if their use does no
harm, and they are widely relied upon within the npm ecosystem. Bugs found in
legacy features are unlikely to be fixed.

Use caution when making use of Experimental features, particularly within
modules. Users may not be aware that experimental features are being used.
Expand Down
17 changes: 12 additions & 5 deletions doc/api/url.md
Original file line number Diff line number Diff line change
Expand Up @@ -1559,11 +1559,18 @@ A `TypeError` is thrown if `urlString` is not a string.

A `URIError` is thrown if the `auth` property is present but cannot be decoded.

Use of the legacy `url.parse()` method is discouraged. Users should
use the WHATWG `URL` API. Because the `url.parse()` method uses a
lenient, non-standard algorithm for parsing URL strings, security
issues can be introduced. Specifically, issues with [host name spoofing][] and
incorrect handling of usernames and passwords have been identified.
`url.parse()` uses a lenient, non-standard algorithm for parsing URL
strings. It is prone to security issues such as [host name spoofing][]
and incorrect handling of usernames and passwords.

`url.parse()` is an exception to most of the legacy APIs. Despite its security
concerns, it is legacy and not deprecated because it is:

* Faster than the alternative WHATWG `URL` parser.
* Easier to use with regards to relative URLs than the alternative WHATWG `URL` API.
* Widely relied upon within the npm ecosystem.

Use with caution.

### `url.resolve(from, to)`

Expand Down

0 comments on commit bfa9b88

Please sign in to comment.