jshttp/content-disposition
Last release: 1 week ago
Creates and parses the HTTP Content-Disposition header for JavaScript and Node.js, with helpers to generate header strings and decode or encode parameters (including Unicode via RFC 5987). Useful when sending files for download or handling browser multipart/form-data headers.
Project status
- Actively maintained: Recent tags include v2.0.1 (2026-05-28), following a major v2.0.0 (2026-05-11) refactor, and an earlier v1.1.0 (2026-04-07), with the upstream repo showing a recent push on 2026-06-01.
- Update cadence: Updates appear to come in roughly 2 to 3 week intervals (2026-04-07, 2026-05-11, 2026-05-28), suggesting ongoing development rather than maintenance-only mode.
AI summary generated Today
Recent updates
v2.0.1
1 week agov2.0.1 primarily adjusts how Content-Disposition parameters are parsed and formatted. The change set updates RFC references and improves handling of empty parameter values, with additional logic around extended (RFC 8187) parameters and duplicates.
v2.0.0
3 weeks agov2.0.0 is a major refactor that rewrites the Content-Disposition parser for speed and more permissive handling, adds new parsing options (extended and multipart behaviors), and switches the public API to named exports. It also changes how `create` generates filenames, removing basename-style normalization and limiting the basic `filename` parameter to ASCII while using extended parameters for Unicode. The project is migrated to TypeScript and reorganized around a new `dist/` build output.
BreakingFeaturesv1.1.0
2 months agov1.1.0 focuses on making content-disposition usable outside Node.js by removing the `node:path` dependency and changing UTF-8 extended-field decoding logic. The main runtime changes are in `index.js`, where UTF-8 decoding now prefers `decodeURIComponent` with a fallback path for invalid encodings.
Featuresv1.0.1
6 months agov1.0.1 is primarily a maintenance release that drops the safe-buffer dependency, raises the supported Node.js runtime to Node 18+, and modernizes the test setup. It also updates documentation badges/examples and significantly refreshes GitHub Actions workflows (CI, CodeQL, scorecard) plus adds Dependabot.
Breakingv1.0.0
6 months agoRelease v1.0.0 primarily modernizes the project for Node.js 18+ and adjusts internal string handling by replacing deprecated String.prototype.substr() usages with slice(). It also adds support for decoding the content-disposition charset token "utf8" as an alias for "utf-8" and updates CI tooling, including adding an OSSF Scorecard workflow.
BreakingSecurityFeaturesv0.5.4
12/10/2021Release v0.5.4 primarily updates the runtime dependency safe-buffer from 5.1.2 to 5.2.1. The code diff also includes multiple non-runtime changes, including CI migration from Travis to GitHub Actions, tooling upgrades (eslint, mocha, eslint plugins), lint configuration changes, and test assertion updates.
v0.5.3
12/17/2018Release v0.5.3 updates the library to use `safe-buffer` for Buffer API safety. The code diff also includes additional internal behavior changes beyond this stated goal.
v0.5.2
12/9/2016Release v0.5.2 primarily adjusts the `parse` logic to be more permissive about linear whitespace (LWS) characters when parsing Content-Disposition header values. The code diff also includes internal regex refactors and some repository-level tooling and CI updates (linting, Travis matrix, devDependencies).
v0.5.1
1/17/2016Release 0.5.1 is described as a performance tweak to enable strict mode. The code change is limited to adding 'use strict' to the main entry file, but the release also includes CI and dev dependency updates that are not mentioned in the release notes.
v0.5.0
10/11/2014Release 0.5.0 adds a new API, `contentDisposition.parse`, and updates documentation to describe parsing of HTTP `Content-Disposition` headers. The implementation also includes substantial internal refactoring of `index.js`, including new RFC grammar regexes and a different code path for building/formatting `Content-Disposition` output.
Features