Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The connect npm package is a middleware layer for Node.js, designed to be used as a part of the 'http' module. It allows developers to create a series of middleware functions to handle requests and responses in a sequential manner. Connect is often used to set up middleware that can perform various tasks such as logging, parsing, session handling, and more.
Logging
This feature allows you to log every request that comes into the server with the method and URL.
const connect = require('connect');
const app = connect();
// Middleware for logging
function logger(req, res, next) {
console.log('%s %s', req.method, req.url);
next();
}
app.use(logger);
app.listen(3000);
Static File Serving
This feature serves static files from a specified directory, in this case, 'public'.
const connect = require('connect');
const serveStatic = require('serve-static');
const app = connect();
app.use(serveStatic('public'));
app.listen(3000);
Body Parsing
This feature allows you to parse the body of incoming requests in middleware before handling them.
const connect = require('connect');
const bodyParser = require('body-parser');
const app = connect();
app.use(bodyParser.json());
app.use(function(req, res) {
res.end(JSON.stringify(req.body));
});
app.listen(3000);
Cookie Parsing
This feature allows you to parse cookies attached to the client request object.
const connect = require('connect');
const cookieParser = require('cookie-parser');
const app = connect();
app.use(cookieParser());
app.use(function(req, res) {
res.end(JSON.stringify(req.cookies));
});
app.listen(3000);
Express is a web application framework for Node.js, built on top of connect. It extends connect's middleware model with additional functionality like routing, template engine support, and more. Express is more feature-rich and is considered a de facto standard for Node.js web applications.
Koa is a web framework designed by the creators of Express, aiming to be a smaller, more expressive, and more robust foundation for web applications and APIs. Koa uses async functions to eliminate callbacks and greatly increase error-handling capabilities. It does not bundle any middleware within its core, and it provides an elegant suite of methods that make writing servers fast and enjoyable.
Hapi is a rich framework for building applications and services. It enables developers to focus on writing reusable application logic instead of spending time building infrastructure. Hapi is known for its powerful plugin system and comprehensive API.
Restify is a Node.js web service framework optimized for building semantically correct RESTful web services ready for production use at scale. It is somewhat similar to Express but is more focused on enabling the building of correct REST web services.
Connect is an extensible HTTP server framework for node using "plugins" known as middleware.
var connect = require('connect');
var http = require('http');
var app = connect();
// gzip/deflate outgoing responses
var compression = require('compression');
app.use(compression());
// store session state in browser cookie
var cookieSession = require('cookie-session');
app.use(cookieSession({
keys: ['secret1', 'secret2']
}));
// parse urlencoded request bodies into req.body
var bodyParser = require('body-parser');
app.use(bodyParser.urlencoded({extended: false}));
// respond to all requests
app.use(function(req, res){
res.end('Hello from Connect!\n');
});
//create node.js http server and listen on port
http.createServer(app).listen(3000);
Connect is a simple framework to glue together various "middleware" to handle requests.
$ npm install connect
The main component is a Connect "app". This will store all the middleware added and is, itself, a function.
var app = connect();
The core of Connect is "using" middleware. Middleware are added as a "stack"
where incoming requests will execute each middleware one-by-one until a middleware
does not call next()
within it.
app.use(function middleware1(req, res, next) {
// middleware 1
next();
});
app.use(function middleware2(req, res, next) {
// middleware 2
next();
});
The .use()
method also takes an optional path string that is matched against
the beginning of the incoming request URL. This allows for basic routing.
app.use('/foo', function fooMiddleware(req, res, next) {
// req.url starts with "/foo"
next();
});
app.use('/bar', function barMiddleware(req, res, next) {
// req.url starts with "/bar"
next();
});
There are special cases of "error-handling" middleware. There are middleware
where the function takes exactly 4 arguments. When a middleware passes an error
to next
, the app will proceed to look for the error middleware that was declared
after that middleware and invoke it, skipping any error middleware above that
middleware and any non-error middleware below.
// regular middleware
app.use(function (req, res, next) {
// i had an error
next(new Error('boom!'));
});
// error middleware for errors that occurred in middleware
// declared before this
app.use(function onerror(err, req, res, next) {
// an error occurred!
});
The last step is to actually use the Connect app in a server. The .listen()
method
is a convenience to start a HTTP server (and is identical to the http.Server
's listen
method in the version of Node.js you are running).
var server = app.listen(port);
The app itself is really just a function with three arguments, so it can also be handed
to .createServer()
in Node.js.
var server = http.createServer(app);
These middleware and libraries are officially supported by the Connect/Express team:
bodyParser
, json
, and urlencoded
. You may also be interested in:
compress
timeout
cookieParser
cookieSession
csrf
error-handler
session
method-override
logger
response-time
favicon
directory
static
vhost
Most of these are exact ports of their Connect 2.x equivalents. The primary exception is cookie-session
.
Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead:
cookieParser
limit
multipart
query
staticCache
Checkout http-framework for many other compatible middleware!
The Connect API is very minimalist, enough to create an app and add a chain of middleware.
When the connect
module is required, a function is returned that will construct
a new app when called.
// require module
var connect = require('connect')
// create app
var app = connect()
The app
itself is a function. This is just an alias to app.handle
.
Calling the function will run the middleware stack against the given Node.js
http request (req
) and response (res
) objects. An optional function out
can be provided that will be called if the request (or error) was not handled
by the middleware stack.
Start the app listening for requests. This method will internally create a Node.js
HTTP server and call .listen()
on it.
This is an alias to the server.listen()
method in the version of Node.js running,
so consult the Node.js documentation for all the different variations. The most
common signature is app.listen(port)
.
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in the order that app.use
is called. The function
is called with three arguments:
app.use(function (req, res, next) {
// req is the Node.js http request object
// res is the Node.js http response object
// next is a function to call to invoke the next middleware
})
In addition to a plan function, the fn
argument can also be a Node.js HTTP server
instance or another Connect app instance.
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in which the URL (req.url
property) starts with
the given route
string in the order that app.use
is called. The function is
called with three arguments:
app.use('/foo', function (req, res, next) {
// req is the Node.js http request object
// res is the Node.js http response object
// next is a function to call to invoke the next middleware
})
In addition to a plan function, the fn
argument can also be a Node.js HTTP server
instance or another Connect app instance.
The route
is always terminated at a path separator (/
) or a dot (.
) character.
This means the given routes /foo/
and /foo
are the same and both will match requests
with the URLs /foo
, /foo/
, /foo/bar
, and /foo.bar
, but not match a request with
the URL /foobar
.
The route
is matched in a case-insensitive manor.
In order to make middleware easier to write to be agnostic of the route
, when the
fn
is invoked, the req.url
will be altered to remove the route
part (and the
original will be available as req.originalUrl
). For example, if fn
is used at the
route /foo
, the request for /foo/bar
will invoke fn
with req.url === '/bar'
and req.originalUrl === '/foo/bar'
.
npm install
npm test
The Connect project would not be the same without all the people involved.
The original author of Connect is TJ Holowaychuk
The current lead maintainer is Douglas Christopher Wilson
< 1.x
- node 0.2
1.x
- node 0.4
< 2.8
- node 0.6
>= 2.8 < 3
- node 0.8
>= 3
- node 0.10
, 0.12
, 4.x
, 5.x
, 6.x
, 7.x
, 8.x
, 9.x
, 10.x
, 11.x
, 12.x
; io.js 1.x
, 2.x
, 3.x
FAQs
High performance middleware framework
The npm package connect receives a total of 2,601,826 weekly downloads. As such, connect popularity was classified as popular.
We found that connect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.