Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
http-server
Advanced tools
The http-server npm package is a simple, zero-configuration command-line HTTP server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development, and learning.
Serving static files
This command serves the current directory at localhost:8080. It can be used to view static websites or any static files.
http-server -p 8080
Customizable port
This command serves the current directory on a specified port, in this case, port 3000.
http-server -p 3000
Specify the directory to serve
This command serves the specified directory instead of the current directory.
http-server /path/to/directory
HTTPS support
This command serves the current directory over HTTPS using the specified certificate and key files.
http-server --ssl --cert path/to/cert.pem --key path/to/key.pem
Enable CORS
This command serves files with CORS enabled, allowing resources to be requested from another domain.
http-server -c-1 --cors
Similar to http-server, serve is a static file serving and directory listing package. It is also simple to use but comes with a few more features like clean URLs and single-page application (SPA) support.
Lite-server is a lightweight development only node server that serves a web app, opens it in the browser, and refreshes when html or javascript files change. It is built on top of BrowserSync and is more tailored towards serving SPAs.
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. Unlike http-server, Express requires more setup but is much more powerful and extensible.
http-server
is a simple, zero-configuration command-line http server. It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development, and learning.
Installation via npm
. If you don't have npm
yet:
curl https://npmjs.org/install.sh | sh
Once you have npm
:
npm install http-server -g
This will install http-server
globally so that it may be run from the command line.
http-server [path] [options]
[path]
defaults to ./public
if the folder exists, and ./
otherwise.
mkdir myapp
cd myapp/
jitsu install http-server
If you do not have jitsu
installed you can install it via npm install jitsu -g
node bin/http-server
Now you can visit http://localhost:8080 to view your server
jitsu deploy
You will now be prompted for a subdomain
to deploy your application on
-p
Port to listen for connections on (defaults to 8080)
-a
Address to bind to (defaults to '0.0.0.0')
-d
Show directory listings (defaults to 'True')
-i
Display autoIndex (defaults to 'True')
-e
or --ext
Default file extension (defaults to 'html')
-s
or --silent
In silent mode, log messages aren't logged to the console.
-h
or --help
Displays a list of commands and exits.
-c
Set cache time (in seconds) for cache-control max-age header, e.g. -c10 for 10 seconds. To disable caching, use -c-1.
FAQs
A simple zero-configuration command-line http server
The npm package http-server receives a total of 2,493,361 weekly downloads. As such, http-server popularity was classified as popular.
We found that http-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.