Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
$ cd /path/to/your/project
$ luvi
luvi listening on 4444
By default, luvi
acts as a static server, serving the files in cwd
.
On launch, luvi
will open a tab in your default browser pointing to your
defined root (you can pass a -n
flag to disable this).
Originally forked from freddie.
lv
shorthand. Use a shell alias.lv
shorthand. This will still work until it's removed in
3.0.0. Please update any scripts using lv
to use luvi
.luvi
no longer has a proxying utility.src/util
is now src/lib
.src/
is now project root (src/lib
is now /lib
)package.json
is fixed so luvi
works as a module again. Sorry about that!npm rm -g luvi
and then npm i -g luvi
to upgrade!$ npm i -g luvi
$ luvi [server, ...] [options]
luvi
looks inside cwd
for a .luvi.json
config file.
If there is no config file, the default static server is launched.
If you'd rather not install globally, you can use npx
:
npx luvi [server, ...] [options]
.
$ luvi foo bar
foo listening on port 4444
bar listening on port 8888
List of named servers to launch. Only names matching the ones in config file will be launched.
Command-line arguments take priority over config files and defaults.
In a path with a .luvi.json
file, running luvi
will follow the options in
the file, unless any options are passed; if there are multiple servers in the
.luvi.json
file, every server's options will be overridden. Project root is
cwd
by default.
♡ luvi (a server)
------------------
usage:
♡ luvi # launch default server
♡ luvi foo bar # start servers 'foo' & 'bar'
♡ luvi -p 1337 # listen on specified port
♡ luvi -r /path # serve from specified dir
♡ luvi -n # doesn't open the browser after start
♡ luvi -v # luvi version
♡ luvi -h # this help
--------------------
see the readme for config options and api usage
To configure a single server: { "root": "public", "port": 9090 }
.
The object will be passed directly to luvi
.
For multiple servers, simply use an array of single-server configs.
Use the name
option to keep track of servers in logs.
[
{
"name": "drafts",
"root": "src",
"port": 1337
},
{
"name": "testing",
"root": "build",
"noOpen": true
},
{
"name": "todo",
"root": "doc",
"port": 6565,
"notFound": "/var/www/404.html"
}
]
You can pass an object to luvi()
for custom settings; otherwise, these
defaults are applied:
const luvi = require('luvi')
luvi({
name: 'luvi',
root: process.cwd(),
port: 4444
})
This is exactly the same as just calling luvi()
, with no config object.
These defaults are merged with whatever you pass, so if, for example, you only
pass in a custom server name, luvi
will still run on port 4444 and use cwd
as the root to serve.
Multiple servers can be launched from the same script, with different configs,
by calling luvi()
again with different options.
string
(default: process.cwd()
)
index.html
. Can be absolute or relative.root: '/path/to/document/root'
number
(default: 4444
)
luvi
will look for a free port.port: 3000
string
(default: luvi
)
name: 'foo'
(name: string, port: number): void
(Default: console.log ; open
)
luvi
starts listening.onListen: (name, port) => { console.log(name, 'is listening on', port) }
string
(default: undefined
)
notFound: '/path/to/404.html'
bool
(default: undefined
)
noOpen: true
Please do, if you'd like! Any issue reports/fixes are welcome. I am not considering adding any features.
License: MIT
FAQs
Simple dev server with Markdown support, CLI, and API.
The npm package luvi receives a total of 59 weekly downloads. As such, luvi popularity was classified as not popular.
We found that luvi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.