OpenInlets 4.2.2

What's Changed

UTMStrip: new universal tracking parameters

Seven additional ad-platform click IDs and affiliate tracking parameters are
now stripped from all URLs (added to universalExact):

Parameter	Platform
cjevent	CJ Affiliate (Commission Junction)
ef_id	Adobe Advertising Cloud
outbrain_cid	Outbrain (native ads)
rdt_cid	Reddit Ads
ScCid	Snapchat Ads
qclid	Quora Ads
tblci	Taboola (native ads)

Added wt_mc to the Walmart-specific parameter list. This Walmart marketing
channel tracking parameter was present in real URLs, but missing from the
strip list.

Test infrastructure

• Test runner (scripts/test-utmstrip.js) is now wired into npm test, so
  failures block the build.
• 16 new test cases covering: the 7 new parameters above, Walmart wt_mc
  (regression), case-insensitive stripping, LinkedIn midSig/midToken,
  AliExpress regional domains (.ru, etc.), eBay co.uk domain, YouTube
  nocookie domain, and IBM cm_mmca\d+ regex path.

Maintenance tooling

• Added docs/Maintenance-Plan-UtmStrip.md — quarterly review checklist,
  decision criteria, and a parameter decision log.
• Added .github/workflows/tracking-params-check.yml — monthly automated
  check (runs on the 1st of each month) that compares the DuckDuckGo tracking
  parameters list against src/utmstrip.ts and opens a GitHub issue when new
  parameters are detected.

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.2.2)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 4.2.0

What's Changed

Major update to browser coverage with addition of OpenInChrome, OpenInDDG,
OpenInEdge, OpenInOpera, & OpenInOrion. Improvements to unskim, UtmStrip,
& OpenURLParam. Refinements build process with updated dependencies.

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.2.0)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 4.1.1

feat(utmstrip): refactor; add more keys to remove including host-specific keys

• Refactored utmstrip.ts to use static arrays of params instead of complex regex
• Switched to URLSearchParams API for cleaner parameter handling
• Organized parameters by host (Amazon, AliExpress, eBay, LinkedIn, Target, Temu,
  TikTok, Twitter/X, Walmart, YouTube)
• Added 26 new universal exact-match static keys, +4 new universal prefixes
• Added 57 new host-specific keys/prefixes (across 7 new hosts)
• New removal of tracking and "clutter" keys from Google Search URLs
• Functional Google Search params remain (q, hl, safe, tbs, tbm, pagination))
• Integrated tests for new keys and host-specific keys/prefixes
• Net increase of 522 bytes to dist/utmstrip.bookmarklet (efficient changes)

chore(cspell): cleanup dictionary & use inline comments

• focus dictionary on proper names & tools
• use inline comments for keys in TypeScript & JavaScript files

OpenInlets 4.1.0

What's Changed

• feature: drop iPod support, streamline & modernize bookmarklet (#388) (3af8786)
• feature: streamline some bookmarklets & harden .npmrc more (25330f1)

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.1.0)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 4.0.2

What's Changed

• chore: update package*.json & README for release (#386) (cf7dc97)
• docs: update SECURITY.md (#385) (a9449ca)
• chore(security): block automatic lifecycle scripts, update dependencies (#384) (e423226)
• chore(package*.json): bump & pin dependencies; in lockfile too (#383) (3f4840e)
• chore: add .nvmrc for version (#382) (ad7cc8b)
• chore: tighten security even more- workflows, pinning, GH settings, etc (#381) (1a484c6)
• chore: revert engines to npm 11.6.2 for GitHub Actions (92b1bdf)
• Merge pull request #380 from mobilemind/chore/update-dependencies-and-lockfile (188e3ea)
• chore(package*.json): update engines & dependencies (1bf208f)
• Merge pull request #379 from mobilemind/dependabot/npm_and_yarn/all-dependencies-ec563f2f71 (dbd4f0b)
• chore(deps-dev): bump terser in the all-dependencies group (ff810c6)
• chore: bump engines to latest npm for node 24.12 (3b59665)
• chore: package*.json - make private, use @types/node ~25.0.9 (0deaf36)
• chore(lockfile): update package.json devDependencies & lockfile (626f349)
• Merge pull request #376 from mobilemind/chore/dependency-updates (4bdf700)
• chore: be more accepting of linter semver updates (a85436c)
• Merge pull request #375 from mobilemind/dependabot/npm_and_yarn/all-dependencies-16d45eb649 (a1c57c5)
• chore(deps-dev): bump the all-dependencies group with 3 updates (22a7d48)

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.0.2)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 4.0.1

What's Changed

This release includes improvements to LinkLighter and UTMStrip bookmarklets, along with dependency updates and documentation fixes.

LinkLighter 2.1.0

• Improved highlighting of text that may be repeated on the page, leveraging prefix & suffix
• Improved match consistency & reliability with word boundary checks
• Improved cross-browser compatibility
• Refactored logic to reduce code size
• Reworded alerts (shorter bookmarklet)
• dist version now < 2Kb

UTMStrip 2.1.0

• Removed duplicate aff_ handling of AliExpress URLs
• Add strip() substitute for repeated .replace() pattern throughout the code
• Merge checks using includes() with .test() for HubSpot, MailChimp, & Marketo
• Optimize cleanup of orphaned params or query string marker
• Reworded alerts (shorter bookmarklet)
• dist version now < 4Kb

UnSkim 2.0.1

• No source changes, Terser now makes it slightly smaller, so version was bumped

X-man 1.3.1

• Reworded alerts (shorter bookmarklet)
• Terser now makes it slightly smaller, too

Other Changes

• chore: update version & docs
• chore: fix README badge URL, more shell quoting in workflows/release.yml
• chore(deps-dev): bump the all-dependencies group with 6 updates
• chore(dependabot): check weekly for major, minor, & patch updates

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.0.1)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

Full Changelog: 4.0.0...4.0.1

OpenInlets 4.0.0

What's Changed

Migrate source and build process to use TypeScript for all bookmarklets.

Key Changes

• Migrated all source files from .js to .ts with comprehensive type annotations
• Implemented strict null checks and proper type guards throughout
• Updated build pipeline from 2-stage to 3-stage (compile → minify → bookmarklet-ify)
• Changed output from web/.js to dist/.bookmarklet for clearer distinction
• Replaced UglifyJS with Terser for minification
• Added TypeScript compiler and ESLint TypeScript support

Type Safety Improvements

• Null checks for DOM APIs (window.getSelection(), window.open(), element.parentNode)
• Proper typing for Selection, URL, URLSearchParams, NodeListOf
• Type guards for error handling in catch blocks
• Array.from() for NodeListOf iteration (TypeScript iterator requirement)
• Sanitize URLs extracted from URL query string params & ensure they're https: URLs

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 4.0.0)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 3.7.0

Release 3.7.0

Initial release

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 3.7.0)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.

OpenInlets 3.6.2

Release 3.6.2

Initial release

Verification

This release includes:

• Signed commits and tags (verify with git verify-tag 3.6.2)
• Software Bill of Materials (SBOM) in CycloneDX format
• Security audit results from CI pipeline

See SECURITY.md for verification procedures.