Security News
crates.io Ships Security Tab and Tightens Publishing Controls
crates.io adds a Security tab backed by RustSec advisories and narrows trusted publishing paths to reduce common CI publishing risks.
By Sarah Gooding - Jan 27, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
Http2Lite
zero dependency tools for DIY http2 in node or browser (with a build tool that understands require)
TODO
- more documentation
- fix "code smells"
- put something meaningful into the readme
- build a simple default hpack context
- add an example (or two)
- fix generated API documentation
API
Table of Contents
- constructor
- _writeHttp
- writeFrame
- alloc
- allocUnsafe
- readUInt8
- readUInt24BE
- readUInt32BE
- writeUInt8
- writeUInt24BE
- writeUInt32BE
- concat
constructor
Parameters
nextStreamIdNumber default is 1 for client, passing 2 would be for server (optional, default1)
_writeHttp
Parameters
streamIdNumbertypeNumber frame type from constantspayloadUint8ArrayendsStreamBooleanendsHeadersBooleanpadLengthNumberpriorityNumberstreamDependencyNumberisExclusiveBoolean
writeFrame
Emit any new http messages. Emit new streams when necessary.
Parameters
frameUint8Array partial and/or multiple encoded http messages
alloc
Parameters
sizeNumber
Returns Uint8Array
allocUnsafe
Parameters
sizeNumber
Returns Uint8Array
readUInt8
Parameters
ui8aUint8ArrayoffsetNumber
Returns Number
readUInt24BE
Parameters
ui8aUint8ArrayoffsetNumber
Returns Number
readUInt32BE
Parameters
ui8aUint8ArrayoffsetNumber
Returns Number
writeUInt8
Parameters
ui8aUint8ArrayvalueNumberoffsetNumber
writeUInt24BE
Parameters
ui8aUint8ArrayvalueNumberoffsetNumber
writeUInt32BE
Parameters
ui8aUint8ArrayvalueNumberoffsetNumber
concat
Parameters
ui8asArray<Uint8Array>
Returns Uint8Array
FAQs
http2 in browser streams
The npm package http2lite receives a total of 0 weekly downloads. As such, http2lite popularity was classified as not popular.
We found that http2lite demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 20 Feb 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A Chrome extension claiming to hide Amazon ads was found secretly hijacking affiliate links, replacing creators’ tags with its own without user consent.
By Kush Pandya - Jan 27, 2026
Security News
curl Shuts Down Bug Bounty Program After Flood of AI Slop Reports
A surge of AI-generated vulnerability reports has pushed open source maintainers to rethink bug bounties and tighten security disclosure processes.
By Sarah Gooding - Jan 23, 2026