New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@hint/hint-no-http-redirects

Package Overview
Dependencies
Maintainers
4
Versions
53
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hint/hint-no-http-redirects

hint for best practices related to HTTP redirects

  • 3.0.8
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
14K
decreased by-15.09%
Maintainers
4
Weekly downloads
 
Created
Source

Avoid HTTP redirects (no-http-redirects)

no-http-redirects checks if there are any HTTP redirects in the page webhint is analyzing.

Why is this important?

Consider the following simplified description of what happens when a user requests a URL within a browser:

  1. DNS Lookup: Translate the server domain to an IP. If the browser doesn’t know it, it asks a DNS server which in some cases involves multiple queries until the final IP is obtained.
  2. Open a TCP connection to the server IP address requesting the URL.
  3. The server responds to that request by sending some content over the TCP connection. If the resource uses SSL, then TLS negotiation(s) happens as well.

When a redirect occurs, 3. contains the new URL the browser needs to request, repeating the whole sequence of steps. DNS Lookup isn’t cheap, neither is creating a TCP connection. The impact of redirects is felt even more by mobile users, where the network latency is usually higher. As a rule of thumb, the more you can avoid redirects the better.

What does the hint check?

This hint checks:

  • If the target URL passed to webhint has any redirect. E.g.: http://www.example.com --> http://example.com
  • If any resource in the page has any redirect. E.g.: http://example.com/script.js --> https://example.com/script.js

and alerts if at least one is found.

Examples that trigger the hint

  • Any URL passed to webhint that redirects to another one
  • Any page with a resource (script, css, image) behind a redirect

Examples that pass the hint

  • No redirect for resources nor the target URL.

Can the hint be configured?

By default, no redirects are allowed but you can change this behavior.

The following hint configuration used in the .hintrc file will allow 3 redirects for resources and 1 for the main URL:

{
    "connector": {...},
    "formatters": [...],
    "hints": {
        "no-http-redirects": ["error", {
            "max-resource-redirects": 3,
            "max-html-redirects": 1
        }],
        ...
    },
    ...
}

How to use this hint?

This package is installed automatically by webhint:

npm install hint --save-dev

To use it, activate it via the .hintrc configuration file:

{
    "connector": {...},
    "formatters": [...],
    "hints": {
        "no-http-redirects": "error",
        ...
    },
    "parsers": [...],
    ...
}

Note: The recommended way of running webhint is as a devDependency of your project.

Further Reading

Keywords

FAQs

Package last updated on 29 Oct 2021

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts

Security News

Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts

Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.

By Sarah Gooding  -  Jan 24, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc