Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
connect-modrewrite
Advanced tools
connect-modrewrite is a middleware for connect. It adds modrewrite functionality to your project
connect-modrewrite
is a middleware for grunt-contrib-connect. It adds modrewrite functionality to your grunt project.
Install connect-modrewrite
with:
npm install connect-modrewrite
Require it in your Gruntfile.js file:
var modRewrite = require('connect-modrewrite');
In grunt.initConfig please add the following code snippet:
connect: {
server: {
options: {
port: 9001,
base: 'example',
keepalive: true,
middleware: function(connect, options) {
return [
modRewrite([
'^/test$ /index.html',
'^/test/\\d*$ /index.html [L]',
'^/test/\\d*/\\d*$ /flag.html [L]'
]),
connect.static(options.base)
]
}
}
}
}
In the example above, modRewrite
take as an Array
of rewrite rules as an argument.
Each rewrite rule is a string with the syntax:
MATCHING_PATHS REPLACE_WITH [FLAGS]
.
MATCHING_PATHS
should be defined using a regex string. And that string is passed as an argument to the javascript RegExp Object
for matching of paths. REPLACE_WITH
is the replacement string for matching paths. Flags is optional and is defined using hard brackets. We currently only support the last flag [L]
. Please give suggestions to more flags that makes sense for connect-modrewrite
. Keep in mind that grunt-contrib-connect
is meant to be a simple static server.
If a path matches, any subsequent rewrite rules will be disregarded.
Tingan Ho, tingan87[at]gmail.com
Copyright (c) 2012 Tingan Ho Licensed under the MIT license.
FAQs
connect-modrewrite adds modrewrite functionality to connect/express server
The npm package connect-modrewrite receives a total of 12,752 weekly downloads. As such, connect-modrewrite popularity was classified as popular.
We found that connect-modrewrite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.