Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
resolve-alpn
Advanced tools
Detects the ALPN protocol
Weekly downloads
Package description
The resolve-alpn npm package is designed to help Node.js applications determine the Application-Layer Protocol Negotiation (ALPN) protocol that a server supports. ALPN is a TLS extension used for negotiating which protocol should be performed over a secure connection. This is particularly useful for applications that need to decide between different protocols like HTTP/2 or HTTP/1.1 when connecting to a server.
Determining ALPN protocol
This feature allows developers to programmatically determine the ALPN protocol supported by a server. The code sample demonstrates how to use the resolve-alpn package to check which ALPN protocol ('http/1.1', 'h2', etc.) a server supports by specifying the host and port.
const resolveAlpn = require('resolve-alpn');
resolveAlpn({
host: 'example.com',
port: 443
}).then((negotiatedProtocol) => {
console.log(negotiatedProtocol);
}).catch((error) => {
console.error(error);
});
Similar to resolve-alpn, alpn-agent is designed to negotiate ALPN protocols in Node.js. However, alpn-agent is more focused on providing an HTTP Agent that automatically negotiates the ALPN protocol, making it slightly more specialized for HTTP requests.
While not exclusively focused on ALPN negotiation, http2-wrapper includes functionality for automatically negotiating HTTP/2 connections using ALPN. It provides a higher-level API for making HTTP requests over either HTTP/1.1 or HTTP/2, depending on server support. This makes it a more comprehensive solution for HTTP communication compared to resolve-alpn, which is more narrowly focused on the ALPN negotiation process.
Readme
resolve-alpn
Returns an object with an alpnProtocol
property. The socket
property may be also present.
const result = await resolveALPN({
host: 'nghttp2.org',
port: 443,
ALPNProtocols: ['h2', 'http/1.1'],
servername: 'nghttp2.org'
});
console.log(result); // {alpnProtocol: 'h2'}
Note: While the servername
option is not required in this case, many other servers do. It's best practice to set it anyway.
Note: If the socket times out, the promise will resolve and result.timeout
will be set to true
.
Same as TLS options.
By default, the socket gets destroyed and the promise resolves.
If you set this to true, it will return the socket in a socket
property.
const result = await resolveALPN({
host: 'nghttp2.org',
port: 443,
ALPNProtocols: ['h2', 'http/1.1'],
servername: 'nghttp2.org',
resolveSocket: true
});
console.log(result); // {alpnProtocol: 'h2', socket: tls.TLSSocket}
// Remember to destroy the socket if you don't use it!
result.socket.destroy();
Type: Function<TLSSocket> | AsyncFunction<TLSSocket>
Default: tls.connect
Note: No matter which function is used (synchronous or asynchronous), it must accept a callback
function as a second argument. The callback
function gets executed when the socket has successfully connected.
MIT
FAQs
Detects the ALPN protocol
The npm package resolve-alpn receives a total of 5,309,950 weekly downloads. As such, resolve-alpn popularity was classified as popular.
We found that resolve-alpn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.