Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
finalhandler
Advanced tools
The finalhandler npm package is a Node.js module designed to ensure that the final response is sent to the client. It acts as a final step in the request-response cycle, handling any remaining tasks such as sending a 404 response if no middleware has handled the request, or handling errors that may have occurred during the request processing.
Error Handling
This code demonstrates how finalhandler can be used to handle errors that occur during the request processing. If an error is thrown, finalhandler will ensure that an appropriate HTTP error response is sent to the client.
const finalhandler = require('finalhandler');
const http = require('http');
http.createServer(function (req, res) {
const done = finalhandler(req, res);
throw new Error('Something went wrong!');
}).listen(3000);
Uncaught Exception Handling
This code sample shows how finalhandler can handle exceptions that are not caught within the context of the request. It ensures that the server remains operational and sends an error response to the client.
const finalhandler = require('finalhandler');
const http = require('http');
http.createServer(function (req, res) {
const done = finalhandler(req, res);
process.nextTick(function () {
throw new Error('Async error!');
});
done();
}).listen(3000);
404 Not Found Response
This example illustrates how finalhandler can be used to send a 404 Not Found response when no middleware or routes have handled the request.
const finalhandler = require('finalhandler');
const http = require('http');
http.createServer(function (req, res) {
const done = finalhandler(req, res);
// No routes or middleware respond
done();
}).listen(3000);
The 'on-finished' package is similar to finalhandler in that it is used to execute a callback when a HTTP response is finished or when an error occurs. It is a lower-level utility than finalhandler and does not handle the response itself, but rather provides a way to detect when the response has been completed.
Connect is an extensible HTTP server framework for node, which uses 'middleware' to enhance Node.js features. While not a direct alternative to finalhandler, it includes similar error handling and final response capabilities within its middleware stack.
Node.js function to invoke as the final step to respond to HTTP request.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install finalhandler
var finalhandler = require('finalhandler')
Returns function to be invoked as the final step for the given req
and res
.
This function is to be invoked as fn(err)
. If err
is falsy, the handler will
write out a 404 response to the res
. If it is truthy, an error response will
be written out to the res
or res
will be terminated if a response has already
started.
When an error is written, the following information is added to the response:
res.statusCode
is set from err.status
(or err.statusCode
). If
this value is outside the 4xx or 5xx range, it will be set to 500.res.statusMessage
is set according to the status code.env
is
'production'
, otherwise will be err.stack
.err.headers
object.The final handler will also unpipe anything from req
when it is invoked.
By default, the environment is determined by NODE_ENV
variable, but it can be
overridden by this option.
Provide a function to be called with the err
when it exists. Can be used for
writing errors to a central location without excessive function generation. Called
as onerror(err, req, res)
.
var finalhandler = require('finalhandler')
var http = require('http')
var server = http.createServer(function (req, res) {
var done = finalhandler(req, res)
done()
})
server.listen(3000)
var finalhandler = require('finalhandler')
var fs = require('fs')
var http = require('http')
var server = http.createServer(function (req, res) {
var done = finalhandler(req, res)
fs.readFile('index.html', function (err, buf) {
if (err) return done(err)
res.setHeader('Content-Type', 'text/html')
res.end(buf)
})
})
server.listen(3000)
var finalhandler = require('finalhandler')
var http = require('http')
var serveStatic = require('serve-static')
var serve = serveStatic('public')
var server = http.createServer(function (req, res) {
var done = finalhandler(req, res)
serve(req, res, done)
})
server.listen(3000)
var finalhandler = require('finalhandler')
var fs = require('fs')
var http = require('http')
var server = http.createServer(function (req, res) {
var done = finalhandler(req, res, { onerror: logerror })
fs.readFile('index.html', function (err, buf) {
if (err) return done(err)
res.setHeader('Content-Type', 'text/html')
res.end(buf)
})
})
server.listen(3000)
function logerror (err) {
console.error(err.stack || err.toString())
}
FAQs
Node.js final http responder
The npm package finalhandler receives a total of 33,520,247 weekly downloads. As such, finalhandler popularity was classified as popular.
We found that finalhandler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.