Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
@tinyhttp/send
Advanced tools
@tinyhttp/send
Extensions for sending a response, including send, sendStatus, status and json. Works with any backend framework.
sendFileis in the works, track the progress in this issue.
Install
pnpm i @tinyhttp/send
API
import { send, sendStatus, status, json } from '@tinyhttp/send'
send(body) 
Sends the HTTP response.
The body parameter can be a Buffer object, a string, an object, or an array.
Example
res.send(Buffer.from('whoop'))
res.send({ some: 'json' })
res.send('<p>some html</p>')
res.status(404).send('Sorry, we cannot find that!')
res.status(500).send({ error: 'something blew up' })
json(body)
Sends a JSON response. This method sends a response (with the correct content-type) that is the parameter converted to a JSON string using JSON.stringify().
The parameter can be any JSON type, including object, array, string, boolean, number, or null, and you can also use it to convert other values to JSON.
Example
res.json(null)
res.json({ user: 'tobi' })
res.status(500).json({ error: 'message' })
status(number)
Sets the HTTP status for the response. It is a chainable alias of Node’s response.statusCode.
Example
res.status(403).end()
res.status(400).send('Bad Request')
sendStatus
Sets the response HTTP status code to statusCode and send its string representation as the response body.
Example
res.sendStatus(200) // equivalent to res.status(200).send('OK')
res.sendStatus(403) // equivalent to res.status(403).send('Forbidden')
res.sendStatus(404) // equivalent to res.status(404).send('Not Found')
res.sendStatus(500) // equivalent to res.status(500).send('Internal Server Error')
If an unsupported status code is specified, the HTTP status is still set to statusCode and the string version of the code is sent as the response body.
Example
import { createServer } from 'http'
import { send } from '@tinyhttp/send'
createServer((req, res) => {
send(req, res)('Hello World')
}).listen(3000)
License
MIT © v1rtl
FAQs
json, send, sendFile, status and sendStatus methods for tinyhttp
The npm package @tinyhttp/send receives a total of 182,010 weekly downloads. As such, @tinyhttp/send popularity was classified as popular.
We found that @tinyhttp/send demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Sep 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025