Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
node-httpx
Advanced tools
Provides a TLS-agnostic HTTP server and eliminates the redundancy in providing both secure and insecure servers.
node-httpx provides a nodejs library for managing http and https servers at the same time. It also provides http and https requests.
This module, httpx , is published under the MIT license. It was written by Nate Watson and Oluwafunmiwo Judah Sholola.
node-httpx was written in response to this change request: https://github.com/joyent/node/issues/8827
Navigate to the directory where the script is needed with "cd directory".
Run the following command:
npm install node-httpx
Make sure you have the right to make global NPM installations. If you don't have it, get it.
Run the following command:
npm install -g node-httpx
Navigate to the directory node-httpx is installed in.
Run the following command:
node httpxTester.js
Read the printout. It should print out a massive webpage. If it does not, perform network diagnostics. If the network is working properly, file a bug on github for httpx.
Open a browser on the same machine. Navigate to "https://localhost" or "http://localhost". Both work. Ignore any security errors.
The page should load correctly, and the script should end. If one of these things fails to happen, check the network. If the network is working correctly, file a bug on github for httpx.
Assuming you have not reached the "file a bug on github" statements, the script is installed correctly. If you have reached one of those, try reinstalling.
var httpx = require("./httpx.js");
var fs = require("fs");
console.dir(httpx.STATUS_CODES);
var config = {};
config.key = fs.readFileSync("./pd69744_privatekey.pem");
config.cert = fs.readFileSync("./pd69744_cert.pem");
var testServer = httpx.createServer(config, function(req, res){
res.writeHead(200, {'Connection': 'close'});
res.write("Hello World! I provided this page with a single module that takes a single callback function, and works with both HTTP and HTTPS. But I don't get overtime, so screw you world!");
res.end();
testServer.close(function(){console.log("goodbye");});
});
testServer.listen();
var options = {};
options.hostname = "encrypted.google.com";
options.path = "/";
options.method = "get";
var googleRequest = httpx.request(options, function(res){
var answer = "";
res.on("data", function(d){
answer += d;
});
res.on("end", function(){
console.log(answer);
});
});
googleRequest.write("text");
googleRequest.end();
console.log("By some miracle, the script didn\'t crash");
Node-httpx provides http's status codes object:
console.dir(httpx.STATUS_CODES);
httpx.createServer(config, function(req, res) {
});
This follows the same general behavior as https.createServer.
This is the configuration object for this server. The following members are required:
workingServer.listen();
This starts the servers. Note that this feature is still being improved.
req is the request. res is the response. This callback is identical to what is found in node.http and node.https.
workingServer.close(callback);
This closes the http and https servers in this instance of an httpx server. Because of the HTTP 1.1 and 2.0 specifications, this action is very prone to causing crashes. Use it at your own risk. It can be used with a callback function.
workingServer.setTimeout(time, callback);
Calling this function changes this.timeout to time, sets the timeouts of the internal servers to time, and calls the callback function. The default is 0.
In addition to native request objects, node-httpx provides the request and get functions of the http and https modules.
Function | Treat As | Documentation |
---|---|---|
httpx.httpRequest | http.request | https://nodejs.org/api/http.html#http_http_request_options_callback |
httpx.httpGet | http.get | https://nodejs.org/api/http.html#http_http_get_options_callback |
httpx.httpsRequest | https.request | https://nodejs.org/api/https.html#https_https_request_options_callback |
httpx.httpsGet | https.get | https://nodejs.org/api/https.html#https_https_get_options_callback |
httpx.request is for running http-style requests via httpx. By default, when a request is initiated, first the module tries to use https.request. If that fails for some reason, plain http.request is used instead with the same configuration. If that fails, an error is thrown.
Example:
var options = {};
options.hostname = "encrypted.google.com";
options.path = "/";
options.method = "get";
var googleRequest = httpx.request(options, function(res){
var answer = "";
res.on("data", function(d){
answer += d;
});
res.on("end", function(){
console.log(answer);
});
});
googleRequest.write("text");
googleRequest.end();
This function is used to write context to a working httpx request object. This should not be used in httpx.get.
This function states that everything has been sent that will be sent for this request. This should not be used in httpx.get.
function (res) {
}
Res is an event emmiter that is emmited once per request.
res.on("error", errObject);
This is emmited when both https.request and http.request failed with the given configuration. It contains the error object from node.http.
res.on("timeout", action);
This is emmited when the https attempt fails or times out, and the http request times out.
res.on("data", segment);
This is emmited when a section of the response arrives properly at the client. Segment is usually a string.
res.on("end", callback);
This is emmited when there is no more data that will come in the response. The callback function is required.
This is httpx.request, but the request is assumed to be a GET request, the payload is automatically empty, and the transmission ended automatically. The event listeners, configurations, and callbacks are identical.
FAQs
Provides a TLS-agnostic HTTP server and eliminates the redundancy in providing both secure and insecure servers.
We found that node-httpx demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.