Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
epipe
epipe是一个方便Web项目调试、检测的开源项目;
-
监听http请求,观察网络web请求、及参数、数据响应
-
分析网络性能
-
调试项目、请求改写、转发
-
自定义路由
安装
npm install epipe -g
使用
-
- 建议用法:在项目目录中建立规则文件
epipe-rules.js直接执行命令epipe即可,规则文件参考epipe/epipe-rules.js
- 建议用法:在项目目录中建立规则文件
-
- 制定规则文件用法、执行命令
epipe file=custom-rule.js, 文件相对命令当前目录
- 制定规则文件用法、执行命令
-
- 使用规则集合,自由切换
epipe port=8189 mod=fengchao conser
参数说明
| port | 代理端口 | 默认8188 |
| file | 规则文件 | 以当前路径为相对路径;或指定为绝对路径位置 |
| mod | 规则模块名 | 指定当前使用规则集合 mod=fengchao |
| debug | 调试方式 | 再规则中利用debug切换调试模式 默认false |
| conser | 打开命令行交互 | epipe conser 无需参数 |
- 使用自定义规则文件
epipe port=8189 mod=fengchao file=fengchao-pipe.js
交互命令
- 使用交互命令设置参数、可以动态增加服务、加载规则、切换显示方式、改变调试方式
epipe
> listen 8188
> mod fengchao
> debug true
> fiddle fengchao
> include ./rules/fengchao
| listen | 在监听端口创建服务 | listen 8181 ; 创建新的监听端口 |
| include | 加载规则文件 | include fc.js 将规则文件加入规则库 |
| mod | 规则模块名 | mod fengchao 指定当前使用规则集合 |
| debug | 调试方式 | debug true 改变调试模式 |
| showlog | 显示访问日志 | |
| hidelog | 隐藏访问日志 | 默认即隐藏访问日志 |
| help | 显示可用命令及帮助 |
nirvana / phoenix 用法说明
-
启动本地开发环境,确定能够正常访问
- 访问 phoenix
-
启动
epipe port=8189 mod=fengchao conser- port 表示代理端口
- mod 表示规则集合 nirvana/ phoenix 通用为fengchao
- conser 表示进入epipe命令交互方式
-
配置本地http代理服务器,不要配置https代理
- http 代理
127.0.0.1 8189 - 确保'跳过本地地址的代理服务器'
- 建议用pac方式配置
- 参考内部代理pac http://uedc.baidu.com/proxy [内部bae不稳定];
- 改为线上服务http://liandong.org/proxy.pac[稳定线上地址]
- 联调 fctest配置host为对应服务器IP地址即可
- http 代理
-
访问任意网站,在epipe命令中输入
showlog检查是否显示历史记录 -
访问nirvana / phoenix 是否能够正常访问及显示log
-
进入联调模式,在epipe 中输入
debug true- 输入info 查看状态信息
debug false退出联调模式
FAQs
epipe - elabrary http-request pipe for debug or monitor
We found that epipe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 May 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026