Version 2, remove querystring and use node/browser inbuilt capabilities

.travis.yml

@@ -1,5 +1,5 @@
 language: node_js
 node_js:
-  - 8
+  - 10
   - node
   - lts/*

Changelog.md

@@ -1,7 +1,16 @@
+# 2.0.0
+
+    * Removed querystring dependency
+    * Update node minimum requirement to [node 10.X+](https://nodejs.org/docs/latest-v6.x/api/url.html)
+    * Officially support [current web browsers](https://caniuse.com/#search=URLSearchParams)
+    * Fix [command injection vulnerability](https://npmjs.com/advisories/146) - note this only affected testing, not using `gravatar`
+
 # 1.8.0
+
     * Allows pass `cdn` information when generating gravatar url (sqlwwx)
 
 # 1.7.0
+
     * yarn support
     * Node 8+ compatibility
     * Upgraded deps

Readme.md

@@ -1,15 +1,16 @@
 [![Build Status](https://secure.travis-ci.org/emerleite/node-gravatar.svg)](http://travis-ci.org/emerleite/node-gravatar)
 
-Node.js Gravatar library
+Gravatar
 ========================
-A library to generate Gravatar URLs in Node.js
+A library to generate [Gravatar](http://gravatar.com) URLs in the browser or node.js
 Based on gravatar specs - <http://en.gravatar.com/site/implement/hash/> and <http://en.gravatar.com/site/implement/images/>
 
 Dependencies
 ------------
 
 ### Runtime
-* Node 0.8.X+
+* [node 10.X+](https://nodejs.org/docs/latest-v10.x/api/url.html) and newer
+* A [current web browser](https://caniuse.com/#search=URLSearchParams)
 
 ### Development/Tests
 * mocha
@@ -96,12 +97,11 @@ gravatar profile somebody@example.com
 ```
 
 
-Running tests (3 ways)
+Running tests (2 ways)
 ----------------------
 ```sh
-$ npm test
-$ mocha (installed global)
-$ node_modules/mocha/bin/mocha
+$ npm run test
+$ npx mocha 
 ```
 
 To-Do

lib/gravatar.js

@@ -1,59 +1,58 @@
 var md5 = require('blueimp-md5'),
-    querystring = require('querystring'),
-    MD5_REGEX = /^[0-9a-f]{32}$/;
+  MD5_REGEX = /^[0-9a-f]{32}$/;
 
 function params(options) {
-  var params = {}, removing = {protocol:1, format:1};
+  var params = {}, removing = { protocol: 1, format: 1 };
   for (var key in options) {
     if (!removing[key]) params[key] = options[key];
   }
   return params;
 }
 function proto(options, protocol) {
   if (!options) return;
-  if(typeof options.protocol === 'boolean') return options.protocol;
+  if (typeof options.protocol === 'boolean') return options.protocol;
   return options.protocol === "http" ? false
-       : options.protocol === "https" ? true
-       : undefined;
+    : options.protocol === "https" ? true
+      : undefined;
 }
-function getHash(email){
+function getHash(email) {
   email = (typeof email === 'string') ? email.trim().toLowerCase() : 'unspecified';
   return email.match(MD5_REGEX) ? email : md5(email);
 }
 
-function getQueryString(options){
-  var queryData = querystring.stringify(params(options));
+function getQueryString(options) {
+  var queryData = new URLSearchParams(params(options)).toString();
   return (queryData && "?" + queryData) || "";
 }
 
 var gravatar = module.exports = {
 
-    url: function (email, options, protocol) {
-      var baseURL = "//www.gravatar.com/avatar/";
-      if (options && options.cdn) {
-        baseURL = options.cdn + '/avatar/';
-        delete options.cdn;
-      } else {
-        if (options && options.protocol) protocol = proto(options);
-        if(typeof protocol !== 'undefined') {
-          baseURL = protocol ? "https://s.gravatar.com/avatar/" : 'http://www.gravatar.com/avatar/';
-        }
+  url: function (email, options, protocol) {
+    var baseURL = "//www.gravatar.com/avatar/";
+    if (options && options.cdn) {
+      baseURL = options.cdn + '/avatar/';
+      delete options.cdn;
+    } else {
+      if (options && options.protocol) protocol = proto(options);
+      if (typeof protocol !== 'undefined') {
+        baseURL = protocol ? "https://s.gravatar.com/avatar/" : 'http://www.gravatar.com/avatar/';
       }
-      var query = getQueryString(options);
-      return baseURL + getHash(email) + query;
-    },
+    }
+    var query = getQueryString(options);
+    return baseURL + getHash(email) + query;
+  },
 
-    profile_url: function (email, options, https) {
-      var format = options != undefined && options.format != undefined ?  String(options.format) : 'json'
-      var baseURL
-      if (options && options.cdn) {
-        baseURL = options.cdn + '/';
-        delete options.cdn;
-      } else {
-        if (options && options.protocol) https = proto(options);
-        var baseURL = (https && "https://secure.gravatar.com/") || 'http://www.gravatar.com/';
-      }
-      var query = getQueryString(options);
-      return baseURL + getHash(email) + '.' + format + query;
+  profile_url: function (email, options, https) {
+    var format = options != undefined && options.format != undefined ? String(options.format) : 'json'
+    var baseURL
+    if (options && options.cdn) {
+      baseURL = options.cdn + '/';
+      delete options.cdn;
+    } else {
+      if (options && options.protocol) https = proto(options);
+      var baseURL = (https && "https://secure.gravatar.com/") || 'http://www.gravatar.com/';
     }
+    var query = getQueryString(options);
+    return baseURL + getHash(email) + '.' + format + query;
+  }
 };