Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

ftp-srv

Package Overview
Dependencies
Maintainers
2
Versions
72
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

ftp-srv

Modern, extensible FTP Server

  • 4.6.3
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
4.6K
increased by19.19%
Maintainers
2
Weekly downloads
 
Created
Source

ftp-srv

Modern, extensible FTP Server

npm circleci


Overview

ftp-srv is a modern and extensible FTP server designed to be simple yet configurable.

Features

  • Extensible file systems per connection
  • Passive and active transfers
  • Explicit & Implicit TLS connections
  • Promise based API

Install

npm install ftp-srv --save

Usage

// Quick start, create an active ftp server.
const FtpSrv = require('ftp-srv');

const port=21;
const ftpServer = new FtpSrv({
    url: "ftp://0.0.0.0:" + port,
    anonymous: true
});

ftpServer.on('login', ({ connection, username, password }, resolve, reject) => { 
    if(username === 'anonymous' && password === 'anonymous'){
        return resolve({ root:"/" });    
    }
    return reject(new errors.GeneralError('Invalid username or password', 401));
});

ftpServer.listen().then(() => { 
    console.log('Ftp server is starting...')
});

API

new FtpSrv({options})

url

URL string indicating the protocol, hostname, and port to listen on for connections. Supported protocols:

  • ftp Plain FTP
  • ftps Implicit FTP over TLS

Note: The hostname must be the external IP address to accept external connections. 0.0.0.0 will listen on any available hosts for server and passive connections.
Default: "ftp://127.0.0.1:21"

pasv_url

FTP-srv provides an IP address to the client when a PASV command is received in the handshake for a passive connection. Reference PASV verb. This can be one of two options:

  • A function which takes one parameter containing the remote IP address of the FTP client. This can be useful when the user wants to return a different IP address depending if the user is connecting from Internet or from an LAN address. Example:
const { networkInterfaces } = require('os');
const { Netmask } = require('netmask');

const nets = networkInterfaces();
function getNetworks() {
   let networks = {};
   for (const name of Object.keys(nets)) {
       for (const net of nets[name]) {
           if (net.family === 'IPv4' && !net.internal) {
               networks[net.address + "/24"] = net.address
           }
       }
   }
   return networks;
}

const resolverFunction = (address) => {
   // const networks = {
   //     '$GATEWAY_IP/32': `${public_ip}`, 
   //     '10.0.0.0/8'    : `${lan_ip}`
   // } 
   const networks = getNetworks();
   for (const network in networks) {
       if (new Netmask(network).contains(address)) {
           return networks[network];
       }
   }
   return "127.0.0.1";
}

new FtpSrv({pasv_url: resolverFunction});
  • A static IP address (ie. an external WAN IP address that the FTP server is bound to). In this case, only connections from localhost are handled differently returning 127.0.0.1 to the client.

If not provided, clients can only connect using an Active connection.

pasv_min

The starting port to accept passive connections.
Default: 1024

pasv_max

The ending port to accept passive connections.
The range is then queried for an available port to use when required.
Default: 65535

greeting

A human readable array of lines or string to send when a client connects.
Default: null

tls

Node TLS secure context object used for implicit (ftps protocol) or explicit (AUTH TLS) connections.
Default: false

anonymous

If true, will allow clients to authenticate using the username anonymous, not requiring a password from the user.
Can also set as a string which allows users to authenticate using the username provided.
The login event is then sent with the provided username and @anonymous as the password.
Default: false

blacklist

Array of commands that are not allowed.
Response code 502 is sent to clients sending one of these commands.
Example: ['RMD', 'RNFR', 'RNTO'] will not allow users to delete directories or rename any files.
Default: []

whitelist

Array of commands that are only allowed.
Response code 502 is sent to clients sending any other command.
Default: []

file_format

Sets the format to use for file stat queries such as LIST.
Default: "ls"
Allowable values:

log

A bunyan logger instance. Created by default.

timeout

Sets the timeout (in ms) after that an idle connection is closed by the server
Default: 0

CLI

ftp-srv also comes with a builtin CLI.

$ ftp-srv [url] [options]
$ ftp-srv ftp://0.0.0.0:9876 --root ~/Documents
url

Set the listening URL.

Defaults to ftp://127.0.0.1:21

--pasv_url

The hostname to provide a client when attempting a passive connection (PASV).
If not provided, clients can only connect using an Active connection.

--pasv_min

The starting port to accept passive connections.
Default: 1024

--pasv_max

The ending port to accept passive connections.
The range is then queried for an available port to use when required.
Default: 65535

--root / -r

Set the default root directory for users.

Defaults to the current directory.

--credentials / -c

Set the path to a json credentials file.

Format:

[
  {
    "username": "...",
    "password": "...",
    "root": "..." // Root directory
  },
  ...
]
--username

Set the username for the only user. Do not provide an argument to allow anonymous login.

--password

Set the password for the given username.

--read-only

Disable write actions such as upload, delete, etc.

Events

The FtpSrv class extends the node net.Server. Some custom events can be resolved or rejected, such as login.

client-error

ftpServer.on('client-error', ({connection, context, error}) => { ... });

Occurs when an error arises in the client connection.

connection client class object
context string of where the error occurred
error error object

disconnect

ftpServer.on('disconnect', ({connection, id, newConnectionCount}) => { ... });

Occurs when a client has disconnected.

connection client class object
id string of the disconnected connection id
id number of the new connection count (exclusive the disconnected client connection)

closed

ftpServer.on('closed', ({}) => { ... });

Occurs when the FTP server has been closed.

closing

ftpServer.on('closing', ({}) => { ... });

Occurs when the FTP server has started closing.

login

ftpServer.on('login', ({connection, username, password}, resolve, reject) => { ... });

Occurs when a client is attempting to login. Here you can resolve the login request by username and password.

connection client class object
username string of username from USER command
password string of password from PASS command
resolve takes an object of arguments:

  • fs
    • Set a custom file system class for this connection to use.
    • See File System for implementation details.
  • root
    • If fs is not provided, this will set the root directory for the connection.
    • The user cannot traverse lower than this directory.
  • cwd
    • If fs is not provided, will set the starting directory for the connection
    • This is relative to the root directory.
  • blacklist
    • Commands that are forbidden for only this connection
  • whitelist
    • If set, this connection will only be able to use the provided commands

reject takes an error object

server-error

ftpServer.on('server-error', ({error}) => { ... });

Occurs when an error arises in the FTP server.

error error object

RETR

connection.on('RETR', (error, filePath) => { ... });

Occurs when a file is downloaded.

error if successful, will be null
filePath location to which file was downloaded

STOR

connection.on('STOR', (error, fileName) => { ... });

Occurs when a file is uploaded.

error if successful, will be null
fileName name of the file that was uploaded

RNTO

connection.on('RNTO', (error, fileName) => { ... });

Occurs when a file is renamed.

error if successful, will be null
fileName name of the file that was renamed

Supported Commands

See the command registry for a list of all implemented FTP commands.

File System

The default file system can be overwritten to use your own implementation.
This can allow for virtual file systems, and more.
Each connection can set it's own file system based on the user.

The default file system is exported and can be extended as needed:

const {FtpSrv, FileSystem} = require('ftp-srv');

class MyFileSystem extends FileSystem {
  constructor() {
    super(...arguments);
  }

  get(fileName) {
    ...
  }
}

Custom file systems can implement the following variables depending on the developers needs:

Methods

currentDirectory()

Returns a string of the current working directory
Used in: PWD

get(fileName)

Returns a file stat object of file or directory
Used in: LIST, NLST, STAT, SIZE, RNFR, MDTM

list(path)

Returns array of file and directory stat objects
Used in: LIST, NLST, STAT

chdir(path)

Returns new directory relative to current directory
Used in: CWD, CDUP

mkdir(path)

Returns a path to a newly created directory
Used in: MKD

write(fileName, {append, start})

Returns a writable stream
Options:
append if true, append to existing file
start if set, specifies the byte offset to write to
Used in: STOR, APPE

read(fileName, {start})

Returns a readable stream
Options:
start if set, specifies the byte offset to read from
Used in: RETR

delete(path)

Delete a file or directory
Used in: DELE

rename(from, to)

Renames a file or directory
Used in: RNFR, RNTO

chmod(path)

Modifies a file or directory's permissions
Used in: SITE CHMOD

getUniqueName(fileName)

Returns a unique file name to write to. Client requested filename available if you want to base your function on it. Used in: STOU

Contributing

See CONTRIBUTING.md.

License

This software is licensed under the MIT Licence. See LICENSE.

References

Keywords

FAQs

Package last updated on 09 Oct 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc