Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
request-ip
Advanced tools
Readme
A tiny Node.js module for retrieving a request's IP address.
Yarn
yarn add request-ip
npm
npm install request-ip --save
const requestIp = require('request-ip');
// inside middleware handler
const ipMiddleware = function(req, res, next) {
const clientIp = requestIp.getClientIp(req);
next();
};
// on localhost you'll see 127.0.0.1 if you're using IPv4
// or ::1, ::ffff:127.0.0.1 if you're using IPv6
const requestIp = require('request-ip');
app.use(requestIp.mw())
app.use(function(req, res) {
const ip = req.clientIp;
res.end(ip);
});
To see a full working code for the middleware, check out the examples folder.
The connect-middleware also supports retrieving the ip address under a custom attribute name, which also works as a container for any future settings.
It looks for specific headers in the request and falls back to some defaults if they do not exist.
The user ip is determined by the following order:
X-Client-IP
X-Forwarded-For
(Header may return multiple IP addresses in the format: "client IP, proxy 1 IP, proxy 2 IP", so we take the first one.)CF-Connecting-IP
(Cloudflare)Fastly-Client-Ip
(Fastly CDN and Firebase hosting header when forwared to a cloud function)True-Client-Ip
(Akamai and Cloudflare)X-Real-IP
(Nginx proxy/FastCGI)X-Cluster-Client-IP
(Rackspace LB, Riverbed Stingray)X-Forwarded
, Forwarded-For
and Forwarded
(Variations of #2)appengine-user-ip
(Google App Engine)req.connection.remoteAddress
req.socket.remoteAddress
req.connection.socket.remoteAddress
req.info.remoteAddress
Cf-Pseudo-IPv4
(Cloudflare fallback)request.raw
(Fastify)If an IP address cannot be found, it will return null
.
Make sure you have the necessary dev dependencies needed to run the tests:
npm install
Run the integration tests
npm test
Compiles the current ES6 code to ES5 using Babel.
npm build
See the wonderful changelog
To generate a new changelog, install github-changelog-generator then run npm run changelog
. This will require being on Ruby >= 3
Thank you to all the contributors!
The MIT License (MIT) - 2022
FAQs
A small Node.js module to retrieve the request's IP address
The npm package request-ip receives a total of 1,433,937 weekly downloads. As such, request-ip popularity was classified as popular.
We found that request-ip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.