localhost-cert
Advanced tools
If you need to enable HTTPS when starting a local development server, then Localhost Cert is the tool you need. It allows you to quickly obtain pre-generated certificates.
Similar to most proxy tools, you still need to install the root certificate. This is because Localhost Cert uses a self-signed certificate, which is not trusted by default in browsers. Although installing the root certificate locally is safe.
If you have a basic understanding of HTTPS, you know that installing a CA root certificate locally can be risky. This is because the root certificate can be used to sign any domain, such as google.com, enabling man-in-the-middle attacks. However, Localhost Cert immediately discards the private key of the root certificate after generating the localhost domain certificate. Therefore, it is impossible for anyone to use this root certificate to sign other websites.
To ensure that the private key is not remembered, Localhost Cert utilizes GitHub Actions to generate the root certificate. The process of generating the certificate and the code at that time are fully traceable on GitHub. If you're interested, you can view the GitHub Action for more details.
In summary, it is completely secure due to two reasons:
npm install localhost-https --save-dev
const getHttps = require('localhost-https');
// webpack config
module.exports = {
devServer: {
https: getHttps(),
},
};
// vite config
const getHttps = require('localhost-https');
export default defineConfig({
server: {
https: getHttps(),
},
});
Localhost Cert is licensed under the MIT License.
FAQs
A secure and convenient solution for enabling HTTPS on localhost
The npm package localhost-cert receives a total of 4 weekly downloads. As such, localhost-cert popularity was classified as not popular.
We found that localhost-cert demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm invalidated all granular access tokens that bypass 2FA after a fresh Mini Shai-Hulud wave compromised 323 npm packages. Staged publishing also entered public preview.
Research
/Security News
Compromised npm package art-template delivered a Coruna-like iOS Safari exploit framework through a watering-hole attack.
Company News
As AI accelerates how code is written and shipped, Socket is scaling to protect the software supply chain from the growing wave of attacks targeting open source dependencies.