Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

express-combo

Package Overview
Dependencies
Maintainers
7
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-combo

Combo handler for express applications

latest
Source
npmnpm
Version
1.0.0
Version published
Maintainers
7
Created
Source

This repository has been deprecated

Express Combo

Combo handler for express applications.

Build Status

Goals

  • register and serve static assets from a specific folder
  • register and serve static assets based on an explicit mapping to protect other files that should not be exposed
  • serve combo urls based on the static assets that were registered

Installation

Install using npm:

$ npm install express-combo

Usage

var express = require('express'),
    app = express(),
    statichandler = require('express-combo');

app.get('/static', statichandler.folder('public', 'full/path/to/folder/'));

app.get('/static', statichandler.map('protected', {
    'something/foo.js": "full/path/to/something/foo.js',
    'bar.js": "full/path/to/something/bar.js'
}));

app.get('/static', statichandler.combine({
    comboBase: '/combo~',
    comboSep: '~'
}));

The example above will allow you to access any file within the folder full/path/to/folder/ by following the route:

In this case, serving files without any protection, which means all files could be accessed. Under the hood this is equivalent to use express.static middleware. It also expose two files, but this time adding some explicit mapping for them, exposing:

It protects any other file within the those folders. It also provides a nice abstraction where filenames and paths in the filesystem are not longer relevant when it comes to serve them, and the mapping has to be explicit.

And last, but not least, it turns on the combo capabilities for all the previous registered assets, and doing so by defining the separator token. As a result, a urls like these will be valid:

Note: the /static prefix is optional, and you can remove it all together, and even use app.use() directly for those middleware.

TODO

  • support custom filters (regex) to include and/or exclude assets thru folder and map.
  • css relative path correction when serving thru combo

License

This software is free to use under the Yahoo! Inc. BSD license. See the LICENSE file for license text and copyright information.

Contribute

See the CONTRIBUTE file for info.

Keywords

framework
combo
mojito
modown
static

FAQs

Package last updated on 16 Aug 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Named Top Sales Organization by RepVue

Company News

Socket Named Top Sales Organization by RepVue

Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.

By Sarah Gooding  -  Apr 17, 2026
Socket Selected for OpenAI's Cybersecurity Grant Program

Company News

/

Security News

Socket Selected for OpenAI's Cybersecurity Grant Program

Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.

By Sarah Gooding  -  Apr 16, 2026