Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
A http/https file send
$ npm install file-send
var http = require('http');
var FileSend = require('file-send');
var through2 = require('through2');
http.createServer(function(request, response) {
FileSend(request, {
root: '/',
etag: false,
maxAge: '30d'
}) // Create a new file send stream
.on('headers', function(headers) {
// headers events
})
.on('dir', function(realpath, stats, next) {
// dir events
})
.on('error', function(error, next) {
// error events
})
.on('finish', function(headers) {
// finish events
})
.pipe(through2()) // Send file to custom stream
.pipe(response); // Send file to response
});
Create a new FileSend
for the given options to initialize.
String
Set server root.
String|Array
Set ignore rules, support glob string. see: micromatch
Object
Set micromatch options. see: micromatch
String
Set how "ignore" are treated when encountered.
The default value is 'deny'
.
'deny'
Send a 403 for any request for ignore matched.'ignore'
Pretend like the ignore matched does not exist and 404.String
Set Content-Type charset.
String
Set url.parse options. see node url module.
String
Set url.parse options. see node url module.
Boolean
Enable or disable etag generation, defaults to true.
String|Array|Boolean
By default send supports "index.html" files, to disable this set false
or to supply a new index pass a string or an array in preferred order.
Enable or disable Last-Modified
header, defaults to true. Uses the file system's last modified value.
Provide a max-age in milliseconds for http caching, defaults to 0. This can also be a string accepted by the ms module.
The pipe
method is like stream.pipe, but only hava one param.
The FileSend
is an event emitter and will emit the following events:
headers
the headers are about to be set on a file (headers)
dir
a directory was requested(realpath, stats, next)
error
an error occurred (error, next)
finish
streaming has completedBy default when no error
listeners are present an automatic response will be made, otherwise you have full control over the response, aka you may show a 5xx page etc.
It does not perform internal caching, you should use a reverse proxy cache such as Varnish for this, or those fancy things called CDNs. If your application is small enough that it would benefit from single-node memory caching, it's small enough that it does not need caching at all ;).
$ npm install
$ npm test
'use strict';
var http = require('http');
var FileSend = require('../index');
var colors = require('colors/safe');
var cluster = require('cluster');
var NUMCPUS = require('os').cpus().length;
// create server
function createServer(root, port) {
http.createServer(function(request, response) {
var send = new FileSend(request, {
root: root || '../',
maxAge: '3day',
ignore: ['/**/.*?(/*.*|/)'],
index: ['index.html']
});
send.pipe(response).on('headers', function(headers) {
var message = 'URL : ' + colors.green.bold(send.url) +
'\r\nPATH : ' + colors.yellow.bold(send.path) +
'\r\nROOT : ' + colors.magenta.bold(send.root) +
'\r\nREALPATH : ' + colors.magenta.bold(send.realpath) +
'\r\nSTATUS : ' + colors.cyan.bold(send.statusCode) +
'\r\nHEADERS : ' + colors.cyan.bold(JSON.stringify(headers, null, 2)) +
'\r\n-----------------------------------------------------------------------------------------';
process.send(message);
});
}).listen(port || 8080, '127.0.0.1');
}
if (cluster.isMaster) {
// fork workers
for (var i = 0; i < NUMCPUS; i++) {
var worker = cluster.fork().on('listening', (function(i) {
return function(address) {
// worker is listening
if (i === NUMCPUS - 1) {
console.log(
colors.green.bold('Server run at:'),
colors.cyan.bold(address.address + ':' + address.port),
'\r\n-----------------------------------------------------------------------------------------'
);
}
};
}(i)));
worker.on('message', function(message) {
console.log(message);
});
}
} else {
// workers can share any tcp connection
// in this case it is an http server
createServer();
}
FAQs
A http file send.
The npm package file-send receives a total of 86 weekly downloads. As such, file-send popularity was classified as not popular.
We found that file-send demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.
Security News
Biden's executive order pushes for AI-driven cybersecurity, software supply chain transparency, and stronger protections for federal and open source systems.