Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@eropple/blob-server
Advanced tools
This HTTP server is a file server that accepts a query string JWT to enable access to private content.
@eropple/blob-server
This HTTP server is a file server that accepts a query string JWT to enable access to private content.
This is an extremely alpha project. If you want to use it, you should spend a little time reading it. I'm not offering any help for this one, just some quick notes:
GetEnv
), it's required!JWTPayload
below, and the JWT should be passed as the q
query string parameter.q
can access unauthenticatedPaths
, which defaults to "anything under the /p
path".unauthenticatedPaths
.// calls to `GetEnv` *without* a second argument mean
// that the environemnt variable is REQUIRED.
// REQUIRED: the JWT HS384 key
export const jwtKey = GetEnv.string(`${envKeyPrefix}_JWT_KEY`);
// REQUIRED: the path on the file system (defaults to /srv/blob-server in Docker)
export const blobPath = Path.resolve(GetEnv.string(`${envKeyPrefix}_FILE_STORE_PATH`));
export const unauthenticatedPaths: ReadonlyArray<string> =
GetEnv.string(`${envKeyPrefix}_UNAUTHENTICATED_PATHS`, '/p/**/*').split(':');
export const address = GetEnv.string(`${envKeyPrefix}_HTTP_ADDRESS`, '0.0.0.0');
export const port = GetEnv.int(`${envKeyPrefix}_HTTP_PORT`, 13305);
export const cacheSize = GetEnv.int(`${envKeyPrefix}_CACHE_SIZE`, 1000);
// the JWT payload that you sign with `jwtKey` must include
// the following. `paths` is an array of globstar paths that
// the bearer of this JWT can download.
export const JWTPayload = RT.Record({
sub: RT.String,
exp: RT.Number,
paths: RT.Array(RT.String),
});
export type JWTPayload = RT.Static<typeof JWTPayload>;
FAQs
This HTTP server is a file server that accepts a query string JWT to enable access to private content.
We found that @eropple/blob-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.