Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
request-ip
Advanced tools
The request-ip npm package is used to retrieve a user's IP address from a request object in a Node.js application. It supports various types of requests and can extract the IP address from different sources such as headers, connection properties, and proxies.
Extract IP Address from Request
This feature allows you to extract the client's IP address from the request object in an Express.js application. The IP address is retrieved using the `getClientIp` method and can be used for logging, analytics, or other purposes.
const requestIp = require('request-ip');
const express = require('express');
const app = express();
app.use((req, res, next) => {
const clientIp = requestIp.getClientIp(req);
console.log(clientIp);
next();
});
app.get('/', (req, res) => {
res.send('Your IP address is: ' + requestIp.getClientIp(req));
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Support for Various Request Types
This feature demonstrates the ability to use the request-ip package with a plain Node.js HTTP server. The `getClientIp` method works seamlessly with different types of request objects, making it versatile for various Node.js applications.
const requestIp = require('request-ip');
const http = require('http');
const server = http.createServer((req, res) => {
const clientIp = requestIp.getClientIp(req);
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('Your IP address is: ' + clientIp);
});
server.listen(3000, () => {
console.log('Server is running on port 3000');
});
Extract IP Address from Proxies
This feature shows how to configure an Express.js application to trust proxy headers and extract the client's IP address when the application is behind a proxy. The `trust proxy` setting is enabled, allowing the `getClientIp` method to correctly identify the client's IP address.
const requestIp = require('request-ip');
const express = require('express');
const app = express();
app.set('trust proxy', true);
app.use((req, res, next) => {
const clientIp = requestIp.getClientIp(req);
console.log(clientIp);
next();
});
app.get('/', (req, res) => {
res.send('Your IP address is: ' + requestIp.getClientIp(req));
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
The 'ip' package provides utilities for IP address manipulation, including functions to validate, convert, and compare IP addresses. While it offers more general IP address utilities, it does not specifically focus on extracting IP addresses from request objects like request-ip.
The 'forwarded' package is used to parse the X-Forwarded-For header to get the client's IP address. It is more specialized in handling forwarded headers but lacks the broader support for different request types and sources that request-ip provides.
The 'express-ip' package is an Express.js middleware for retrieving the client's IP address. It is similar to request-ip but is specifically designed for Express.js applications and may not be as versatile for other types of Node.js applications.
A tiny Node.js module for retrieving a request's IP address.
Yarn
yarn add request-ip
npm
npm install request-ip --save
const requestIp = require('request-ip');
// inside middleware handler
const ipMiddleware = function(req, res, next) {
const clientIp = requestIp.getClientIp(req);
next();
};
// on localhost you'll see 127.0.0.1 if you're using IPv4
// or ::1, ::ffff:127.0.0.1 if you're using IPv6
const requestIp = require('request-ip');
app.use(requestIp.mw())
app.use(function(req, res) {
const ip = req.clientIp;
res.end(ip);
});
To see a full working code for the middleware, check out the examples folder.
The connect-middleware also supports retrieving the ip address under a custom attribute name, which also works as a container for any future settings.
It looks for specific headers in the request and falls back to some defaults if they do not exist.
The user ip is determined by the following order:
X-Client-IP
X-Forwarded-For
(Header may return multiple IP addresses in the format: "client IP, proxy 1 IP, proxy 2 IP", so we take the first one.)CF-Connecting-IP
(Cloudflare)Fastly-Client-Ip
(Fastly CDN and Firebase hosting header when forwared to a cloud function)True-Client-Ip
(Akamai and Cloudflare)X-Real-IP
(Nginx proxy/FastCGI)X-Cluster-Client-IP
(Rackspace LB, Riverbed Stingray)X-Forwarded
, Forwarded-For
and Forwarded
(Variations of #2)appengine-user-ip
(Google App Engine)req.connection.remoteAddress
req.socket.remoteAddress
req.connection.socket.remoteAddress
req.info.remoteAddress
Cf-Pseudo-IPv4
(Cloudflare fallback)request.raw
(Fastify)If an IP address cannot be found, it will return null
.
Make sure you have the necessary dev dependencies needed to run the tests:
npm install
Run the integration tests
npm test
Compiles the current ES6 code to ES5 using Babel.
npm build
See the wonderful changelog
To generate a new changelog, install github-changelog-generator then run npm run changelog
. This will require being on Ruby >= 3
Thank you to all the contributors!
The MIT License (MIT) - 2022
FAQs
A small Node.js module to retrieve the request's IP address
We found that request-ip demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.