Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
@kumori/http-message
Advanced tools
Http Message
Http server for Kumori Platform components.
Description
This library extends NodeJS HTTP server to support Kumori's channels (see Kumori's documentation for more information about channels and Kumori's service application model).
const http = require('@kumori/http-message')
let server = http.createServer((req, res) => {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('okay');
})
server.listen(channel, (error) => {
// Do something
})
This HTTP server is compatible with most of the existing http frameworks like ExpressJS.
Table of Contents
Installation
Install it as a npm package
npm install -g @kumori/http-message
Usage
Kumori Platform incorporates a communication mechanism specifically designed for elastic software and is based on channels. A channel is an object a service component can use to communicate with other components. In this document we assume you already know what a Kumori component. If that is not the case, please refere to Kumori's documentation.
Http Message package has been developed specifically for Kumori's channels. It mimmics http NodeJS server API but changes some methods to use Kumori's channels instead of ports, IPs and/or domains. Let's see it in a couple of examples.
Simple Server
This is a simple hello world server encapsulated in a Kumori's component. It is based on the example used in NodeJS documentation.
const BaseComponent = require('component');
const http = require('@kumori/http-message');
class Component extends BaseComponent {
constructor
(runtime
,role
,iid
,incnum
,localData
,resources
,parameters
,dependencies
,offerings
) {
super(runtime, role, iid, incnum, localData, resources, parameters, dependencies, offerings);
this.httpChannel = offerings.endpoint;
}
run () {
super.run();
const server = http.createServer();
server.on('request', (req, res) => {
res.statusCode = 200;
res.setHeader('Content-Type', 'text/plain');
res.end('Hello World\n');
});
server.listen(this.httpChannel);
}
}
module.exports = Component;
Simple Client
Http Message can be also used to communicate with an http server deployed as a Kumori component.
const BaseComponent = require('component');
const http = require('@kumori/http-message');
class Component extends BaseComponent {
constructor
(runtime
,role
,iid
,incnum
,localData
,resources
,parameters
,dependencies
,offerings
) {
super(runtime, role, iid, incnum, localData, resources, parameters, dependencies, offerings);
this.httpChannel = offerings.endpoint;
}
run () {
super.run();
const options = {
channel: this.httpChannel,
method: 'POST',
path: '/upload'
};
const req = http.request(options, (res) => {
res.on('data', (chunk) => {
doThings(chunk)
});
res.on('end', () => {
doThings()
}
});
req.on('error', (e) => {
doThings(e)
});
req.write(dataToSend);
req.end();
}
}
module.exports = Component;
WARNIG: currently, setTimeout and abort method are not supported.
License
MIT © Kumori Systems
FAQs
HTTP server for Kumori platform
We found that @kumori/http-message demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 01 Oct 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026