Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
connect-modrewrite
Advanced tools
connect-modrewrite adds modrewrite functionality to connect/express server
connect-modrewrite
adds modrewrite functionality to connect/express server.
Install connect-modrewrite
with:
npm install connect-modrewrite --save
Require it:
var modRewrite = require('connect-modrewrite');
An example configuration:
var app = connect() // express() for express 3.x server
// app.configure(function() { for express 3.x server
.use(modRewrite([
'^/test$ /index.html',
'^/test/\\d*$ /index.html [L]',
'^/test/\\d*/\\d*$ /flag.html [L]'
]))
.use(connect.static(options.base))
.listen(3000)
// }) for express 3.x server
In the example above, modRewrite
take as an Array
of rewrite rules as an argument.
Each rewrite rule is a string with the syntax:
MATCHING_PATHS REPLACE_WITH [FLAGS]
.
MATCHING_PATHS
should be defined using a regex string. And that string is passed as an argument to the javascript RegExp Object
for matching of paths. REPLACE_WITH
is the replacement string for matching paths. Flags is optional and is defined using hard brackets.
Begin with !
for inverted URL matching.
Just wrap the defined param with ()
and access it with $n
. This is defined in JS .replace
in https://developer.mozilla.org/en/docs/JavaScript/Reference/Global_Objects/String/replace.
^/blog/(.*) /$1
A dash indicates that no substitution should be performed.
^/blog/(.*) - [L]
If a path matches, any subsequent rewrite rules will be disregarded.
Proxy your requests
'^/test/proxy/(.*)$ http://nodejs.org/$1 [P]'
Issue a redirect for request.
Regex match will be case-insensitive.
Gives a HTTP 403 forbidden response.
Gives a HTTP 410 gone response.
Sets content-type to the specified one.
Match on host.
For more info about available flags, please go to the Apache page: http://httpd.apache.org/docs/current/rewrite/flags.html
Tingan Ho, @tingan87
Licensed under the MIT license.
L10ns is an internationalization workflow and formatting tool. It handles complex localization problems like pluralization, genus based formatting etc. It also provides a workflow similar to XGettext.
FAQs
connect-modrewrite adds modrewrite functionality to connect/express server
We found that connect-modrewrite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.