Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
connect-livereload
Advanced tools
The `connect-livereload` npm package is a middleware for Connect and Express that injects a script into your HTML to enable live reloading. This is particularly useful during development as it allows for automatic reloading of the web page when changes are detected, improving the development workflow.
Automatic Script Injection
This feature automatically injects the livereload script into your HTML, enabling live reloading of the page when changes are detected. The code sample demonstrates how to set up an Express server with the `connect-livereload` middleware.
const connectLivereload = require('connect-livereload');
const express = require('express');
const app = express();
app.use(connectLivereload());
app.get('/', (req, res) => {
res.send('<html><body><h1>Hello World</h1></body></html>');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Custom Script Injection
This feature allows you to specify a custom URL for the livereload script. The code sample shows how to configure the middleware to use a custom script URL.
const connectLivereload = require('connect-livereload');
const express = require('express');
const app = express();
app.use(connectLivereload({
src: 'http://localhost:35729/livereload.js?snipver=1'
}));
app.get('/', (req, res) => {
res.send('<html><body><h1>Hello World</h1></body></html>');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
The `livereload` package provides a standalone server that watches for file changes and notifies the browser to reload. Unlike `connect-livereload`, it is not a middleware but a separate server that can be used in conjunction with any web server.
The `browser-sync` package offers a more comprehensive solution for live reloading, including features like synchronized browser testing, form replication, and more. It is more feature-rich compared to `connect-livereload` and can be used as a standalone server or middleware.
The `webpack-dev-server` package is specifically designed for use with Webpack. It provides live reloading, hot module replacement, and other development features. It is more tightly integrated with Webpack compared to `connect-livereload`.
connect middleware for adding the livereload script to the response. no browser plugin is needed. if you are happy with a browser plugin, then you don't need this middleware.
npm install connect-livereload --save-dev
note: if you use this middleware, you should make sure to switch off the Browser LiveReload Extension if you have it installed.
this middleware can be used with a LiveReload module e.g. grunt-contrib-connect or grunt-contrib-watch.
connect-livereload
itself does not serve the livereload.js
script.
In your connect or express application add this after the static and before the dynamic routes.
If you need liveReload on static html files, then place it before the static routes.
ignore
gives you the possibility to ignore certain files or url's from being handled by connect-livereload
.
app.use(require('connect-livereload')({
port: 35729
}));
please see the examples for the app and Grunt configuration.
Options are not mandatory: app.use(require('connect-livereload')());
The Options have to be provided when the middleware is loaded:
e.g.:
app.use(require('connect-livereload')({
port: 35729,
ignore: ['.js', '.svg']
}));
These are the available options with the following defaults:
// `ignore` and `include`: array with strings and regex expressions elements.
// strings: included/ignored when the url contains this string
// regex: any expression: e.g. starts with pattern: /^.../ ends with pattern: /...$/
ignore: [
/\.js(\?.*)?$/, /\.css(\?.*)?$/, /\.svg(\?.*)?$/, /\.ico(\?.*)?$/, /\.woff(\?.*)?$/,
/\.png(\?.*)?$/, /\.jpg(\?.*)?$/, /\.jpeg(\?.*)?$/, /\.gif(\?.*)?$/, /\.pdf(\?.*)?$/
],
// include all urls by default
include: [/.*/],
// this function is used to determine if the content of `res.write` or `res.end` is html.
html: function (str) {
if (!str) return false;
return /<[:_-\w\s\!\/\=\"\']+>/i.test(str);
},
// rules are provided to find the place where the snippet should be inserted.
// the main problem is that on the server side it can be tricky to determine if a string will be valid html on the client.
// the function `fn` of the first `match` is executed like this `body.replace(rule.match, rule.fn);`
// the function `fn` has got the arguments `fn(w, s)` where `w` is the matches string and `s` is the snippet.
rules: [{
match: /<\/body>(?![\s\S]*<\/body>)/i,
fn: prepend
}, {
match: /<\/html>(?![\s\S]*<\/html>)/i,
fn: prepend
}, {
match: /<\!DOCTYPE.+?>/i,
fn: append
}],
// port where the script is loaded
port: 35729,
// location where the script is provided (not by connect-livereload). Change this e.g. when serving livereload with a proxy.
src: "http://localhost:35729/livereload.js?snipver=1",
please see the examples for the app and Grunt configuration.
The following example is from an actual Gruntfile that uses grunt-contrib-connect
connect: {
options: {
port: 3000,
hostname: 'localhost'
},
dev: {
options: {
middleware: function (connect) {
return [
require('connect-livereload')(), // <--- here
checkForDownload,
mountFolder(connect, '.tmp'),
mountFolder(connect, 'app')
];
}
}
}
}
For use as middleware in grunt simply add the following to the top of your array of middleware.
require('connect-livereload')(),
You can pass in options to this call if you do not want the defaults.
dev
is simply the name of the server being used with the task grunt connect:dev
. The other items in the middleware
array are all functions that either are of the form function (req, res, next)
like checkForDownload
or return that like mountFolder(connect, 'something')
.
An alternative would be to install the LiveReload browser plugin.
run the tests with
mocha
FAQs
connect middleware for adding the livereload script to the response
The npm package connect-livereload receives a total of 312,255 weekly downloads. As such, connect-livereload popularity was classified as popular.
We found that connect-livereload demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.