Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
connect-timeout
Advanced tools
The connect-timeout npm package is a middleware for Connect/Express applications that allows you to set a timeout for HTTP requests. If a request takes longer than the specified timeout, it will be aborted and a timeout error will be sent to the client.
Setting a basic timeout
This feature allows you to set a basic timeout for all incoming HTTP requests. If a request takes longer than the specified time (in this case, 5 seconds), it will be aborted and a timeout error will be sent to the client.
const express = require('express');
const timeout = require('connect-timeout');
const app = express();
// Set a timeout of 5 seconds
app.use(timeout('5s'));
app.get('/', (req, res) => {
// Simulate a long-running request
setTimeout(() => {
res.send('Hello, world!');
}, 6000);
});
app.use((err, req, res, next) => {
if (req.timedout) {
res.status(503).send('Service unavailable. Please try again later.');
} else {
next(err);
}
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Custom timeout handler
This feature allows you to define a custom timeout handler. If a request times out, the custom handler will send a specific message to the client.
const express = require('express');
const timeout = require('connect-timeout');
const app = express();
// Set a timeout of 5 seconds
app.use(timeout('5s'));
app.get('/', (req, res) => {
// Simulate a long-running request
setTimeout(() => {
res.send('Hello, world!');
}, 6000);
});
// Custom timeout handler
app.use((req, res, next) => {
if (req.timedout) {
res.status(503).send('Custom timeout message: Service unavailable.');
} else {
next();
}
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Conditional timeout
This feature allows you to set a conditional timeout based on the request path. In this example, the '/slow' endpoint has a longer timeout of 10 seconds, while other endpoints do not have a timeout.
const express = require('express');
const timeout = require('connect-timeout');
const app = express();
// Set a conditional timeout
app.use((req, res, next) => {
if (req.path === '/slow') {
timeout('10s')(req, res, next);
} else {
next();
}
});
app.get('/slow', (req, res) => {
// Simulate a long-running request
setTimeout(() => {
res.send('This is a slow endpoint.');
}, 11000);
});
app.get('/fast', (req, res) => {
res.send('This is a fast endpoint.');
});
app.use((err, req, res, next) => {
if (req.timedout) {
res.status(503).send('Service unavailable. Please try again later.');
} else {
next(err);
}
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
The express-timeout-handler package provides similar functionality to connect-timeout by allowing you to set timeouts for HTTP requests in Express applications. It also offers more advanced features such as custom error messages and different timeout strategies. Compared to connect-timeout, express-timeout-handler provides more flexibility and customization options.
The express-timeout package is another middleware for setting timeouts in Express applications. It is simpler and more lightweight compared to connect-timeout, making it a good choice for projects that require basic timeout functionality without additional features.
Times out a request in the Connect/Express application framework.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install connect-timeout
NOTE This module is not recommend as a "top-level" middleware (i.e.
app.use(timeout('5s'))
) unless you take precautions to halt your own
middleware processing. See as top-level middleware
for how to use as a top-level middleware.
While the library will emit a 'timeout' event when requests exceed the given timeout, node will continue processing the slow request until it terminates. Slow requests will continue to use CPU and memory, even if you are returning a HTTP response in the timeout callback. For better control over CPU/memory, you may need to find the events that are taking a long time (3rd party HTTP requests, disk I/O, database calls) and find a way to cancel them, and/or close the attached sockets.
Returns middleware that times out in time
milliseconds. time
can also
be a string accepted by the ms
module. On timeout, req
will emit "timeout"
.
The timeout
function takes an optional options
object that may contain
any of the following keys:
Controls if this module will "respond" in the form of forwarding an error.
If true
, the timeout error is passed to next()
so that you may customize
the response behavior. This error has a .timeout
property as well as
.status == 503
. This defaults to true
.
Clears the timeout on the request. The timeout is completely removed and will not fire for this request in the future.
true
if timeout fired; false
otherwise.
Because of the way middleware processing works, once this module passes the request to the next middleware (which it has to do in order for you to do work), it can no longer stop the flow, so you must take care to check if the request has timedout before you continue to act on the request.
var bodyParser = require('body-parser')
var cookieParser = require('cookie-parser')
var express = require('express')
var timeout = require('connect-timeout')
// example of using this top-level; note the use of haltOnTimedout
// after every middleware; it will stop the request flow on a timeout
var app = express()
app.use(timeout('5s'))
app.use(bodyParser())
app.use(haltOnTimedout)
app.use(cookieParser())
app.use(haltOnTimedout)
// Add your routes here, etc.
function haltOnTimedout (req, res, next) {
if (!req.timedout) next()
}
app.listen(3000)
var express = require('express')
var bodyParser = require('body-parser')
var timeout = require('connect-timeout')
var app = express()
app.post('/save', timeout('5s'), bodyParser.json(), haltOnTimedout, function (req, res, next) {
savePost(req.body, function (err, id) {
if (err) return next(err)
if (req.timedout) return
res.send('saved as id ' + id)
})
})
function haltOnTimedout (req, res, next) {
if (!req.timedout) next()
}
function savePost (post, cb) {
setTimeout(function () {
cb(null, ((Math.random() * 40000) >>> 0))
}, (Math.random() * 7000) >>> 0)
}
app.listen(3000)
var bodyParser = require('body-parser')
var connect = require('connect')
var timeout = require('connect-timeout')
var app = connect()
app.use('/save', timeout('5s'), bodyParser.json(), haltOnTimedout, function (req, res, next) {
savePost(req.body, function (err, id) {
if (err) return next(err)
if (req.timedout) return
res.send('saved as id ' + id)
})
})
function haltOnTimedout (req, res, next) {
if (!req.timedout) next()
}
function savePost (post, cb) {
setTimeout(function () {
cb(null, ((Math.random() * 40000) >>> 0))
}, (Math.random() * 7000) >>> 0)
}
app.listen(3000)
FAQs
Request timeout middleware for Connect/Express
The npm package connect-timeout receives a total of 260,473 weekly downloads. As such, connect-timeout popularity was classified as popular.
We found that connect-timeout demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.