Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
An HTTP/2 (RFC 7540) client and server implementation for node.js.
npm install http2
The API is very similar to the standard node.js HTTPS API. The goal is the perfect API compatibility, with additional HTTP2 related extensions (like server push).
Detailed API documentation is primarily maintained in the lib/http.js
file and is available in
the wiki as well.
var options = {
key: fs.readFileSync('./example/localhost.key'),
cert: fs.readFileSync('./example/localhost.crt')
};
require('http2').createServer(options, function(request, response) {
response.end('Hello world!');
}).listen(8080);
require('http2').get('https://localhost:8080/', function(response) {
response.pipe(process.stdout);
});
An simple static file server serving up content from its own directory is available in the example
directory. Running the server:
$ node ./example/server.js
An example client is also available. Downloading the server's own source code from the server:
$ node ./example/client.js 'https://localhost:8080/server.js' >/tmp/server.js
For a server push example, see the source code of the example server and client.
There's a few library you will need to have installed to do anything described in the following
sections. After installing/cloning node-http2, run npm install
in its directory to install
development dependencies.
Used libraries:
For pretty printing logs, you will also need a global install of bunyan (npm install -g bunyan
).
The developer documentation is generated from the source code using docco and can be viewed online
here. If you'd like to have an offline copy, just run
npm run-script doc
.
It's easy, just run npm test
. The tests are written in BDD style, so they are a good starting
point to understand the code.
To generate a code coverage report, run npm test --coverage
(which runs very slowly, be patient).
Code coverage summary as of version 3.0.1:
Statements : 92.09% ( 1759/1910 )
Branches : 82.56% ( 696/843 )
Functions : 91.38% ( 212/232 )
Lines : 92.17% ( 1753/1902 )
There's a hosted version of the detailed (line-by-line) coverage report here.
Logging is turned off by default. You can turn it on by passing a bunyan logger as log
option when
creating a server or agent.
When using the example server or client, it's very easy to turn logging on: set the HTTP2_LOG
environment variable to fatal
, error
, warn
, info
, debug
or trace
(the logging level).
To log every single incoming and outgoing data chunk, use HTTP2_LOG_DATA=1
besides
HTTP2_LOG=trace
. Log output goes to the standard error output. If the standard error is redirected
into a file, then the log output is in bunyan's JSON format for easier post-mortem analysis.
Running the example server and client with info
level logging output:
$ HTTP2_LOG=info node ./example/server.js
$ HTTP2_LOG=info node ./example/client.js 'https://localhost:8080/server.js' >/dev/null
The co-maintainer of the project is Nick Hurley.
Code contributions are always welcome! People who contributed to node-http2 so far:
Special thanks to Google for financing the development of this module as part of their Summer of Code program (project: HTTP/2 prototype server implementation), and Nick Hurley of Mozilla, my GSoC mentor, who helped with regular code review and technical advices.
The MIT License
Copyright (C) 2013 Gábor Molnár gabor@molnar.es
3.3.7 (2017-09-21) ###
FAQs
An HTTP/2 client and server implementation
The npm package http2 receives a total of 39,271 weekly downloads. As such, http2 popularity was classified as popular.
We found that http2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.