![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
hono
Advanced tools
Package description
Hono is a small, simple, and fast web framework for building web applications and APIs in Node.js. It is designed to be lightweight and efficient, making it suitable for high-performance applications.
Basic Routing
Hono allows you to define routes for your web application. In this example, a basic GET route is defined that responds with 'Hello, Hono!' when accessed.
const { Hono } = require('hono');
const app = new Hono();
app.get('/', (c) => c.text('Hello, Hono!'));
app.listen(3000);
Middleware Support
Hono supports middleware, allowing you to execute code before your route handlers. This example demonstrates a simple logger middleware that logs the request method and URL.
const { Hono } = require('hono');
const app = new Hono();
const logger = (c, next) => {
console.log(`${c.req.method} ${c.req.url}`);
return next();
};
app.use(logger);
app.get('/', (c) => c.text('Hello, Hono!'));
app.listen(3000);
Error Handling
Hono provides a way to handle errors globally. In this example, an error is thrown in the route handler, and the global error handler responds with a 500 status code and a message.
const { Hono } = require('hono');
const app = new Hono();
app.get('/', (c) => {
throw new Error('Something went wrong!');
});
app.onError((err, c) => {
c.status(500);
return c.text('Internal Server Error');
});
app.listen(3000);
Express is a widely-used web framework for Node.js, known for its simplicity and flexibility. It offers a robust set of features for web and mobile applications, including routing, middleware support, and more. Compared to Hono, Express has a larger community and more extensive documentation, but Hono aims to be more lightweight and faster.
Koa is a web framework designed by the team behind Express. It aims to be a smaller, more expressive, and more robust foundation for web applications and APIs. Koa uses async functions to help eliminate callback hell and improve error handling. Compared to Hono, Koa is more modern and has a different approach to middleware, using a stack-like structure.
Fastify is a web framework highly focused on providing the best developer experience with the least overhead and a powerful plugin architecture. It is designed for high performance and low overhead. Compared to Hono, Fastify is more feature-rich and has a more extensive ecosystem, but Hono aims to be simpler and more lightweight.
Readme
Documentation π hono.dev
Now supports JSR and deno.land/x
is deprecated! See Migration guide.
Hono - means flameπ₯ in Japanese - is a small, simple, and ultrafast web framework built on Web Standards. It works on any JavaScript runtime: Cloudflare Workers, Fastly Compute, Deno, Bun, Vercel, AWS Lambda, Lambda@Edge, and Node.js.
Fast, but not only fast.
import { Hono } from 'hono'
const app = new Hono()
app.get('/', (c) => c.text('Hono!'))
export default app
npm create hono@latest
RegExpRouter
is really fast. Not using linear loops. Fast.hono/tiny
preset is under 13kB. Hono has zero dependencies and uses only the Web Standard API.The documentation is available on hono.dev.
The migration guide is available on docs/MIGRATION.md.
Twitter and Discord channel are available.
Contributions Welcome! You can contribute in the following ways.
For more details, see docs/CONTRIBUTING.md.
Thanks to all contributors!
Yusuke Wada https://github.com/yusukebe
RegExpRouter, SmartRouter, LinearRouter, and PatternRouter are created by Taku Amano https://github.com/usualoma
Distributed under the MIT License. See LICENSE for more information.
FAQs
Unknown package
We found that hono demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.