Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@chromaui/localtunnel
Advanced tools
localtunnel exposes your localhost to the world for easy testing and sharing! No need to mess with DNS or deploy just to have others test out your changes.
Great for working with browser testing tools like browserling or external api callback services like twilio which require a public url for callbacks.
yarn add @chromaui/localtunnel
Assuming your local server is running on port 8000, just use the lt
command to start the tunnel.
lt --port 8000
Thats it! It will connect to the tunnel server, setup the tunnel, and tell you what url to use for your testing. This url will remain active for the duration of your session; so feel free to share it with others for happy fun time!
You can restart your local server all you want, lt
is smart enough to detect this and reconnect once it is back.
Below are some common arguments. See lt --help
for additional arguments
--subdomain
request a named subdomain on the localtunnel server (default is random characters)--local-host
proxy to a hostname other than localhostYou may also specify arguments via env variables. E.x.
PORT=3000 lt
The localtunnel client is also usable through an API (for test integration, automation, etc)
Creates a new localtunnel to the specified local port
. Will return a Promise that resolves once you have been assigned a public localtunnel url. options
can be used to request a specific subdomain
. A callback
function can be passed, in which case it won't return a Promise. This exists for backwards compatibility with the old Node-style callback API. You may also pass a single options object with port
as a property.
const localtunnel = require('@chromaui/localtunnel');
(async () => {
const tunnel = await localtunnel({ port: 3000 });
// the assigned public url for your tunnel
// i.e. https://abcdefgjhij.localtunnel.me
tunnel.url;
tunnel.on('close', () => {
// tunnels are closed
});
})();
port
(number) [required] The local port number to expose through localtunnel.subdomain
(string) Request a specific subdomain on the proxy server. Note You may not actually receive this name depending on availability.host
(string) URL for the upstream proxy server. Defaults to https://localtunnel.me
.local_host
(string) Proxy to this hostname instead of localhost
. This will also cause the Host
header to be re-written to this value in proxied requests.local_https
(boolean) Enable tunneling to local HTTPS server.local_cert
(string) Path to certificate PEM file for local HTTPS server.local_key
(string) Path to certificate key file for local HTTPS server.local_ca
(string) Path to certificate authority file for self-signed certificates.allow_invalid_cert
(boolean) Disable certificate checks for your local HTTPS server (ignore cert/key/ca options).Refer to tls.createSecureContext for details on the certificate options.
The tunnel
instance returned to your callback emits the following events
event | args | description |
---|---|---|
request | info | fires when a request is processed by the tunnel, contains method and path fields |
error | err | fires when an error happens on the tunnel |
close | fires when the tunnel has closed |
The tunnel
instance has the following methods
method | args | description |
---|---|---|
close | close the tunnel |
Clients in other languages
go gotunnelme
C#/.NET localtunnel-client
See localtunnel/server for details on the server that powers localtunnel.
MIT
FAQs
Expose localhost to the world
We found that @chromaui/localtunnel demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.