Product
Socket Now Supports uv.lock Files
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
By Trevor Norris - Jan 09, 2025
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
What is is-https?
The is-https npm package is a simple utility to check if a request is made over HTTPS. It is particularly useful in server-side applications where you need to ensure secure connections.
What are is-https's main functionalities?
Check if request is HTTPS
This feature allows you to check if an incoming request is made over HTTPS. The code sample demonstrates a simple HTTP server that responds differently based on whether the request is HTTPS or not.
const isHttps = require('is-https');
const http = require('http');
const server = http.createServer((req, res) => {
if (isHttps(req)) {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('Request is HTTPS');
} else {
res.writeHead(400, { 'Content-Type': 'text/plain' });
res.end('Request is not HTTPS');
}
});
server.listen(3000, () => {
console.log('Server running at http://localhost:3000/');
});Other packages similar to is-https
express
Express is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications. It includes middleware to check if a request is secure, similar to is-https, but offers a much broader range of functionalities.
helmet
Helmet helps you secure your Express apps by setting various HTTP headers. While it doesn't specifically check if a request is HTTPS, it can enforce HTTPS connections and provide additional security features.
is-https
Check if the given request is HTTPS
Usage
Install package:
yarn add is-https
# or
npm install is-https
const isHTTPS = require('is-https')
// or
import isHTTPS from 'is-https'
function isHTTPS(req: IncomingMessage, trustProxy: Boolean = true): Boolean | undefined
Behaviour
isHTTPS function tries to use 2 different methods for HTTPS detection:
- Test if
x-forwarded-protoheader containshttps- Can be disabled by setting
trustProxyargument tofalse
- Can be disabled by setting
- Test if
req.connection.encryptedistrue
Returns either true or false based on checks or undefined if no check was reliable.
TIP: If you want to redirect users from http to https, it is better using isHTTPS(req) === false to avoid redirect loops.
Related
- redirect-ssl - Connect middleware to enforce HTTPS
License
MIT
FAQs
Check if the given request is HTTPS
The npm package is-https receives a total of 203,851 weekly downloads. As such, is-https popularity was classified as popular.
We found that is-https demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Dec 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims' Wallets
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.
By Kirill Boychenko - Jan 08, 2025
Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
By Sarah Gooding - Jan 07, 2025