You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



A simple zero-configuration command-line http server

Version published

Package description

What is http-server?

The http-server npm package is a simple, zero-configuration command-line HTTP server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development, and learning.

What are http-server's main functionalities?

Serving static files

This command serves the current directory at localhost:8080. It can be used to view static websites or any static files.

http-server -p 8080

Customizable port

This command serves the current directory on a specified port, in this case, port 3000.

http-server -p 3000

Specify the directory to serve

This command serves the specified directory instead of the current directory.

http-server /path/to/directory

HTTPS support

This command serves the current directory over HTTPS using the specified certificate and key files.

http-server --ssl --cert path/to/cert.pem --key path/to/key.pem

Enable CORS

This command serves files with CORS enabled, allowing resources to be requested from another domain.

http-server -c-1 --cors

Other packages similar to http-server



GitHub Workflow Status (master) npm homebrew npm downloads license

http-server: a simple static HTTP server

http-server is a simple, zero-configuration command-line static HTTP server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development and learning.

Example of running http-server


Running on-demand:

Using npx you can run the script without installing it first:

npx http-server [path] [options]
Globally via npm
npm install --global http-server

This will install http-server globally so that it may be run from the command line anywhere.

Globally via Homebrew
brew install http-server
As a dependency in your npm package:
npm install http-server


 http-server [path] [options]

[path] defaults to ./public if the folder exists, and ./ otherwise.

Now you can visit http://localhost:8080 to view your server

Note: Caching is on by default. Add -c-1 as an option to disable caching.

Available Options:

-p or --portPort to use. Use -p 0 to look for an open port, starting at 8080. It will also read from process.env.PORT.8080
-aAddress to use0.0.0.0
-dShow directory listingstrue
-iDisplay autoIndextrue
-g or --gzipWhen enabled it will serve ./public/some-file.js.gz in place of ./public/some-file.js when a gzipped version of the file exists and the request accepts gzip encoding. If brotli is also enabled, it will try to serve brotli first.false
-b or --brotliWhen enabled it will serve ./public/ in place of ./public/some-file.js when a brotli compressed version of the file exists and the request accepts br encoding. If gzip is also enabled, it will try to serve brotli first.false
-e or --extDefault file extension if none suppliedhtml
-s or --silentSuppress log messages from output
--corsEnable CORS via the Access-Control-Allow-Origin header
-o [path]Open browser window after starting the server. Optionally provide a URL path to open. e.g.: -o /other/dir/
-cSet cache time (in seconds) for cache-control max-age header, e.g. -c10 for 10 seconds. To disable caching, use -c-1.3600
-U or --utcUse UTC time format in log messages.
--log-ipEnable logging of the client's IP addressfalse
-P or --proxyProxies all requests which can't be resolved locally to the given url. e.g.: -P
--proxy-optionsPass proxy options using nested dotted objects. e.g.: false
--usernameUsername for basic authentication
--passwordPassword for basic authentication
-S, --tls or --sslEnable secure request serving with TLS/SSL (HTTPS)false
-C or --certPath to ssl cert filecert.pem
-K or --keyPath to ssl key filekey.pem
-r or --robotsAutomatically provide a /robots.txt (The content of which defaults to User-agent: *\nDisallow: /)false
--no-dotfilesDo not show dotfiles
--mimetypesPath to a .types file for custom mimetype definition
-h or --helpPrint this list and exit.
-v or --versionPrint the version and exit.

Magic Files

  • index.html will be served as the default file to any directory requests.
  • 404.html will be served if a file is not found. This can be used for Single-Page App (SPA) hosting to serve the entry page.

Catch-all redirect

To implement a catch-all redirect, use the index page itself as the proxy with:

http-server --proxy http://localhost:8080?

Note the ? at the end of the proxy URL. Thanks to @houston3 for this clever hack!


First, you need to make sure that openssl is installed correctly, and you have key.pem and cert.pem files. You can generate them using this command:

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

You will be prompted with a few questions after entering the command. Use as value for Common name if you want to be able to install the certificate in your OS's root certificate store or browser so that it is trusted.

This generates a cert-key pair and it will be valid for 3650 days (about 10 years).

Then you need to run the server with -S for enabling SSL and -C for your certificate file.

http-server -S -C cert.pem

If you wish to use a passphrase with your private key you can include one in the openssl command via the -passout parameter (using password of foobar)

e.g. openssl req -newkey rsa:2048 -passout pass:foobar -keyout key.pem -x509 -days 365 -out cert.pem

For security reasons, the passphrase will only be read from the NODE_HTTP_SERVER_SSL_PASSPHRASE environment variable.

This is what should be output if successful:

Starting up http-server, serving ./ through https

http-server settings:
CORS: disabled
Cache: 3600 seconds
Connection Timeout: 120 seconds
Directory Listings: visible
AutoIndex: visible
Serve GZIP Files: false
Serve Brotli Files: false
Default File Extension: none

Available on:
Hit CTRL-C to stop the server


Checkout this repository locally, then:

$ npm i
$ npm start

Now you can visit http://localhost:8080 to view your server

You should see the turtle image in the screenshot above hosted at that URL. See the ./public folder for demo content.



Package last updated on 31 May 2022

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc