nodejs · nodejs-github-bot · Mar 23, 2023 · Mar 21, 2023 · Mar 22, 2023
diff --git a/doc/api/deprecations.md b/doc/api/deprecations.md
@@ -3288,14 +3288,17 @@ Node-API callbacks.
 
 <!-- YAML
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/47203
+    description: Added support for `--pending-deprecation`.
   - version:
       - v19.0.0
       - v18.13.0
     pr-url: https://github.com/nodejs/node/pull/44919
     description: Documentation-only deprecation.
 -->
 
-Type: Documentation-only
+Type: Documentation-only (supports [`--pending-deprecation`][])
 
 [`url.parse()`][] behavior is not standardized and prone to errors that
 have security implications. Use the [WHATWG URL API][] instead. CVEs are not

diff --git a/lib/url.js b/lib/url.js
@@ -62,6 +62,8 @@ const {
   formatUrl,
 } = internalBinding('url');
 
+const { getOptionValue } = require('internal/options');
+
 // Original url.parse() API
 
 function Url() {
@@ -146,7 +148,20 @@ const {
   CHAR_COLON,
 } = require('internal/constants');
 
+let urlParseWarned = false;
+
 function urlParse(url, parseQueryString, slashesDenoteHost) {
+  if (!urlParseWarned && getOptionValue('--pending-deprecation')) {
+    urlParseWarned = true;
+    process.emitWarning(
+      '`url.parse()` behavior is not standardized and prone to ' +
+      'errors that have security implications. Use the WHATWG URL API ' +
+      'instead. CVEs are not issued for `url.parse()` vulnerabilities.',
+      'DeprecationWarning',
+      'DEP0169',
+    );
+  }
+
   if (url instanceof Url) return url;
 
   const urlObject = new Url();