
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
express-end
Advanced tools
Express middleware to emit end
event on res.end()
res
object has following events:
header
- when HTTP Header is written,close
- when connection is closed from client sidefinish
- when request processing finished (*)(*) Unfortunately, if client has closed its connection, there is no event signalling that the server side finished the processing of the request as finish
event does not fires in this case.
It may be correct from abstract framework perspective as the request to be terminated without response to the client (and network connection is closed) and looks like it's does not matter whether the server finished the processing or not.
However, there are several negative outcomes of this approach. One of them is that middleware has no information when the server has really finished the processing of the request.
This module overrides res.end()
function to emit end
when res.end()
is called, i.e. when processing by server is finished independently of whether the connection was closed by client or not.
Usage example:
'use strict';
var express = require('express');
var http = require('http');
var endMw = require('express-end');
//var endMw = require('../');
var app = express();
app.use(endMw);
var count = 0;
app.use(function(req, res, next) {
var current = ++count;
console.log('[%d] app.use()', current);
res.once('close', function() {
console.log('[%d] app.use(): res.once(close)', current);
});
res.once('end', function() {
console.log('[%d] app.use(): res.once(end)', current);
});
res.once('finish', function() {
console.log('[%d] app.use(): res.once(finish)', current);
});
next();
});
var httpPort = 8080;
var RESPONSE_DELAY = 1000; // Milliseconds
app.get('/test1', function (req, res) {
var result = { test: 'test' };
setTimeout(function() {
res
.status(200)
.send(result);
}, RESPONSE_DELAY);
});
var server = http.createServer(app);
server.listen(httpPort, function () {
console.log('* Server listening at %s:%d', server.address().address, server.address().port);
});
Log (first request completed by server, second request cancelled by client):
$ node app.js
* Server listening at :::8080
[1] app.use()
[1] app.use(): res.once(end)
[1] app.use(): res.once(finish)
[2] app.use()
[2] app.use(): res.once(close)
[2] app.use(): res.once(end)
The source code for this example is located in demo/
subdirectory of package
You may also have a look on the discussion on the topic at stackexchange: http://codereview.stackexchange.com/questions/20069/monkey-patching-extra-events-in-node-js-http-express
If you have different needs regarding the functionality, please add a feature request.
npm install --save express-end
github.com npmjs.com travis-ci.org coveralls.io inch-ci.org
MIT
FAQs
Express middleware to emit 'end' event on res.end()
The npm package express-end receives a total of 7,687 weekly downloads. As such, express-end popularity was classified as popular.
We found that express-end demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.