Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The 'accepts' npm package is a utility for content negotiation in Node.js. It allows a server to interpret the content types that a client can handle and respond with the most appropriate content type. It is commonly used in HTTP server frameworks like Express to simplify the process of determining what MIME types the client accepts in the 'Accept' HTTP header.
Content Type Negotiation
This code demonstrates how to use the 'accepts' package to determine the best response content type based on the client's 'Accept' header. The server responds with either JSON, HTML, or plain text.
const accepts = require('accepts');
const http = require('http');
http.createServer(function (req, res) {
var accept = accepts(req);
var preferredType = accept.type(['json', 'html']);
if (preferredType === 'json') {
res.setHeader('Content-Type', 'application/json');
res.end(JSON.stringify({ message: 'Hello, JSON!' }));
} else if (preferredType === 'html') {
res.setHeader('Content-Type', 'text/html');
res.end('<p>Hello, HTML!</p>');
} else {
res.setHeader('Content-Type', 'text/plain');
res.end('Hello, plain text!');
}
}).listen(3000);
Language Negotiation
This code snippet shows how to use the 'accepts' package to determine the client's preferred language from the 'Accept-Language' header and respond accordingly.
const accepts = require('accepts');
const http = require('http');
http.createServer(function (req, res) {
var accept = accepts(req);
var preferredLanguage = accept.language(['en', 'es', 'fr']);
res.end('Preferred language: ' + preferredLanguage);
}).listen(3000);
Encoding Negotiation
This example illustrates how to use the 'accepts' package to negotiate the content encoding that the client supports, such as 'gzip' or 'deflate'.
const accepts = require('accepts');
const http = require('http');
http.createServer(function (req, res) {
var accept = accepts(req);
var preferredEncoding = accept.encoding(['gzip', 'deflate']);
res.end('Preferred encoding: ' + preferredEncoding);
}).listen(3000);
Charset Negotiation
This code sample demonstrates how to use the 'accepts' package to determine which charset the client prefers, such as 'utf-8' or 'iso-8859-1'.
const accepts = require('accepts');
const http = require('http');
http.createServer(function (req, res) {
var accept = accepts(req);
var preferredCharset = accept.charset(['utf-8', 'iso-8859-1']);
res.end('Preferred charset: ' + preferredCharset);
}).listen(3000);
The 'negotiator' package is similar to 'accepts' and provides an HTTP content negotiation algorithm that is compliant with RFC 7231. It offers more detailed control over the negotiation process compared to 'accepts', but it might be more complex to use for simple scenarios.
The 'negotiate' package is another alternative for content negotiation in Node.js. It is designed to be a simple and lightweight solution, but it may not be as feature-rich or widely used as 'accepts'.
Higher level content negotiation based on negotiator. Extracted from koa for general use.
In addition to negotiator, it allows:
(['text/html', 'application/json'])
as well as ('text/html', 'application/json')
.json
.false
when no types match*
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install accepts
var accepts = require('accepts')
Create a new Accepts
object for the given req
.
Return the first accepted charset. If nothing in charsets
is accepted,
then false
is returned.
Return the charsets that the request accepts, in the order of the client's preference (most preferred first).
Return the first accepted encoding. If nothing in encodings
is accepted,
then false
is returned.
Return the encodings that the request accepts, in the order of the client's preference (most preferred first).
Return the first accepted language. If nothing in languages
is accepted,
then false
is returned.
Return the languages that the request accepts, in the order of the client's preference (most preferred first).
Return the first accepted type (and it is returned as the same text as what
appears in the types
array). If nothing in types
is accepted, then false
is returned.
The types
array can contain full MIME types or file extensions. Any value
that is not a full MIME types is passed to require('mime-types').lookup
.
Return the types that the request accepts, in the order of the client's preference (most preferred first).
This simple example shows how to use accepts
to return a different typed
respond body based on what the client wants to accept. The server lists it's
preferences in order and will get back the best match between the client and
server.
var accepts = require('accepts')
var http = require('http')
function app (req, res) {
var accept = accepts(req)
// the order of this list is significant; should be server preferred order
switch (accept.type(['json', 'html'])) {
case 'json':
res.setHeader('Content-Type', 'application/json')
res.write('{"hello":"world!"}')
break
case 'html':
res.setHeader('Content-Type', 'text/html')
res.write('<b>hello, world!</b>')
break
default:
// the fallback is text/plain, so no need to specify it above
res.setHeader('Content-Type', 'text/plain')
res.write('hello, world!')
break
}
res.end()
}
http.createServer(app).listen(3000)
You can test this out with the cURL program:
curl -I -H'Accept: text/html' http://localhost:3000/
FAQs
Higher-level content negotiation
The npm package accepts receives a total of 23,681,007 weekly downloads. As such, accepts popularity was classified as popular.
We found that accepts demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.