Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
proxy-middleware
Advanced tools
Usage:
var connect = require('connect');
var url = require('url');
var proxy = require('proxy-middleware');
var app = connect();
app.use('/api', proxy(url.parse('https://example.com/endpoint')));
// now requests to '/api/x/y/z' are proxied to 'https://example.com/endpoint/x/y/z'
//same as example above but also uses a short hand string only parameter
app.use('/api-string-only', proxy('https://example.com/endpoint'));
Documentation:
proxyMiddleware(options)
options allows any options that are permitted on the http or https request options.
Other options:
route: you can pass the route for connect middleware within the options, as well.via: by default no via header is added. If you passtruefor this option the local hostname will be used for the via header. You can also pass a string for this option in which case that will be used for the via header.cookieRewrite: this option can be used to support cookies via the proxy by rewriting the cookie domain to that of the proxy server. By default cookie domains are not rewritten. ThecookieRewriteoption works as theviaoption - if you passtruethe local hostname will be used, and if you pass a string that will be used as the rewritten cookie domain.preserveHost: When enabled, this option will pass the Host: line from the incoming request to the proxied host. Default:false.
Usage with route:
var proxyOptions = url.parse('https://example.com/endpoint');
proxyOptions.route = '/api';
var middleWares = [proxy(proxyOptions) /*, ...*/];
// Grunt connect uses this method
connect(middleWares);
Other packages similar to proxy-middleware
http-proxy-middleware
The 'http-proxy-middleware' package is a more feature-rich alternative to 'proxy-middleware'. It provides additional functionalities such as context matching, path rewriting, and more advanced proxying options. It is also actively maintained and widely used in the community.
node-http-proxy
The 'node-http-proxy' package is a powerful HTTP proxy library for Node.js. It offers a wide range of features including WebSocket proxying, load balancing, and more. It is more complex than 'proxy-middleware' but provides greater flexibility and control over proxying behavior.
express-http-proxy
The 'express-http-proxy' package is designed specifically for use with Express.js. It provides a simple way to proxy requests in an Express application, with support for custom headers, path rewriting, and more. It is a good choice if you are already using Express.js in your project.
FAQs
http(s) proxy as connect middleware
The npm package proxy-middleware receives a total of 204,252 weekly downloads. As such, proxy-middleware popularity was classified as popular.
We found that proxy-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Oct 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025