Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
An HTTP/2 (draft-ietf-httpbis-http2-06) client and server implementation for node.js.
npm install http2
The API is very similar to the standard node.js HTTPS API. The goal is the perfect API compatibility, with additional HTTP2 related extensions (like server push).
Detailed API documentation is primarily maintained in the lib/http.js
file and is available in
the wiki as well.
var options = {
key: fs.readFileSync('./example/localhost.key'),
cert: fs.readFileSync('./example/localhost.crt')
};
require('http2').createServer(options, function(request, response) {
response.end('Hello world!');
}).listen(8080);
process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";
require('http2').get('https://localhost:8080/', function(response) {
response.pipe(process.stdout);
});
An simple static file server serving up content from its own directory is available in the example
directory. Running the server:
$ node ./example/server.js
An example client is also available. Downloading the server's own source code from the server:
$ node ./example/client.js 'https://localhost:8080/server.js' >/tmp/server.js
For a server push example, see the source code of the example server and client.
There's a few library you will need to have installed to do anything described in the following
sections. After installing/cloning node-http2, run npm install
in its directory to install
development dependencies.
Used libraries:
For pretty printing logs, you will also need a global install of bunyan (npm install -g bunyan
).
The developer documentation is located in the doc
directory. The docs are usually updated only
before releasing a new version. To regenerate them manually, run npm run-script prepublish
.
There's a hosted version which is located here.
It's easy, just run npm test
. The tests are written in BDD style, so they are a good starting
point to understand the code.
To generate a code coverage report, run npm test --coverage
(which runs very slowly, be patient).
Code coverage summary as of version 1.0.1:
Statements : 93.26% ( 1563/1676 )
Branches : 84.85% ( 605/713 )
Functions : 94.81% ( 201/212 )
Lines : 93.23% ( 1557/1670 )
There's a hosted version of the detailed (line-by-line) coverage report here.
Logging is turned off by default. You can turn it on by passing a bunyan logger as log
option when
creating a server or agent.
When using the example server or client, it's very easy to turn logging on: set the HTTP2_LOG
environment variable to fatal
, error
, warn
, info
, debug
or trace
(the logging level).
To log every single incoming and outgoing data chunk, use HTTP2_LOG_DATA=1
besides
HTTP2_LOG=trace
. Log output goes to the standard error output. If the standard error is redirected
into a file, then the log output is in bunyan's JSON format for easier post-mortem analysis.
Running the example server and client with info
level logging output:
$ HTTP2_LOG=info node ./example/server.js
$ HTTP2_LOG=info node ./example/client.js 'http://localhost:8080/server.js' >/dev/null
Code contributions are always welcome! People who contributed to node-http2 so far:
Special thanks to Google for financing the development of this module as part of their Summer of Code program (project: HTTP/2 prototype server implementation), and Nick Hurley of Mozilla, my GSoC mentor, who helped with regular code review and technical advices.
The MIT License
Copyright (C) 2013 Gábor Molnár gabor@molnar.es
2.0.0 (2013-11-09) ###
Endpoint
class is not exported anymore. Use the
http2-protocol module if you want to use this low level interface.FAQs
An HTTP/2 client and server implementation
The npm package http2 receives a total of 37,166 weekly downloads. As such, http2 popularity was classified as popular.
We found that http2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.