Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
fastboot-express-middleware
Advanced tools
An Express middleware for rendering Ember apps with FastBoot
This middleware is a small wrapper around the fastboot package, which renders Ember.js apps in Node.js.
By adding this middleware to your Express app, you can serve HTML from a
rendered Ember.js app to clients that don't support JavaScript, such as
curl
, search crawlers, or users with JavaScript disabled.
Note that this is just an Express middleware and there is more needed to serve apps in a production environment. If you want to server-side rendered Ember applications without doing a lot of work, you are recommended to consider the FastBoot App Server, which manages many of the hard parts for you.
That said, this middleware is designed to be easy to integrate for those who already have existing Express stacks, or who want maximum flexibility in how requests are handled.
const express = require('express');
const fastbootMiddleware = require('fastboot-express-middleware');
let app = express();
app.get('/*', fastbootMiddleware('/path/to/dist'));
app.listen(3000, function () {
console.log('FastBoot app listening on port 3000!');
});
Before you can use your app with FastBoot, you must first install the
ember-cli-fastboot addon and build your app by
running ember build
. The build process will compile your app into a
version that is compatible with both Node.js and the browser and put it
in the dist
directory. This dist
directory is the path you should
provide to the middleware to specify which Ember app to load and render.
By default, errors during render will cause the middleware to send an
HTTP 500 status code as the response. In order to swallow errors and
return a 200
status code with an empty HTML page, set the resilient
flag to
true:
app.get('/*', fastbootMiddleware({
distPath: '/path/to/dist',
resilient: true
}));
Resilient mode still calls next(err)
to propagate your error to any subsequent
middleware that you apply after this one.
You can use this feature to track errors or log analytics.
However, because FastBoot is reslient still sends the response to the client.
You cannot alter the response
with any of your post-fastboot middleware.
For more control over the FastBoot instance that is created to render the Ember app, you can pass a custom instance that the middleware will use instead of creating its own:
let fastboot = new FastBoot({
distPath: 'path/to/dist'
});
let middleware = fastbootMiddleware({
fastboot: fastboot
});
app.get('/*', middleware);
// ...later
fastboot.reload();
By default, the middleware writes the complete response at once but response chunking (aka HTTP Streaming) is available via a config switch:
app.get('/*', fastbootMiddleware({
distPath: '/path/to/dist',
chunkedResponse: true
}));
Enabling response chunking will result in the response being delivered in multiple chunks (one for the head, one for the body and one for each shoebox) which helps getting the HTML to clients faster.
For sending over additional metadata so that it could be leveraged by the consuming app/addon, you can pass the visitOptions
option that contains any extra information that might be necessary.
Example usecase: If an addon relies on some metadata that is set by the consuming app, then in that case the addon will not have the access to the metadata value. In such cases, developing against dummy app becomes difficult. Hence, passing in the visitOptions
will enable smoother local addon development.
app.get('/*', fastbootMiddleware({
distPath: '/path/to/dist',
visitOptions: {
metadata: {
foo: 'bar'
}
}
}));
npm test
FAQs
An Express middleware for rendering Ember apps with FastBoot
We found that fastboot-express-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.