Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
resolve-alpn
Advanced tools
Package description
The resolve-alpn npm package is designed to help Node.js applications determine the Application-Layer Protocol Negotiation (ALPN) protocol that a server supports. ALPN is a TLS extension used for negotiating which protocol should be performed over a secure connection. This is particularly useful for applications that need to decide between different protocols like HTTP/2 or HTTP/1.1 when connecting to a server.
Determining ALPN protocol
This feature allows developers to programmatically determine the ALPN protocol supported by a server. The code sample demonstrates how to use the resolve-alpn package to check which ALPN protocol ('http/1.1', 'h2', etc.) a server supports by specifying the host and port.
const resolveAlpn = require('resolve-alpn');
resolveAlpn({
host: 'example.com',
port: 443
}).then((negotiatedProtocol) => {
console.log(negotiatedProtocol);
}).catch((error) => {
console.error(error);
});
Similar to resolve-alpn, alpn-agent is designed to negotiate ALPN protocols in Node.js. However, alpn-agent is more focused on providing an HTTP Agent that automatically negotiates the ALPN protocol, making it slightly more specialized for HTTP requests.
While not exclusively focused on ALPN negotiation, http2-wrapper includes functionality for automatically negotiating HTTP/2 connections using ALPN. It provides a higher-level API for making HTTP requests over either HTTP/1.1 or HTTP/2, depending on server support. This makes it a more comprehensive solution for HTTP communication compared to resolve-alpn, which is more narrowly focused on the ALPN negotiation process.
Readme
resolve-alpn
Returns an object with an alpnProtocol
property. The socket
property may be also present.
const result = await resolveALPN({
host: 'nghttp2.org',
port: 443,
ALPNProtocols: ['h2', 'http/1.1'],
servername: 'nghttp2.org'
});
console.log(result); // {alpnProtocol: 'h2'}
Note: While the servername
option is not required in this case, many other servers do. It's best practice to set it anyway.
Note: If the socket times out, the promise will resolve and result.timeout
will be set to true
.
Same as TLS options.
By default, the socket gets destroyed and the promise resolves.
If you set this to true, it will return the socket in a socket
property.
const result = await resolveALPN({
host: 'nghttp2.org',
port: 443,
ALPNProtocols: ['h2', 'http/1.1'],
servername: 'nghttp2.org',
resolveSocket: true
});
console.log(result); // {alpnProtocol: 'h2', socket: tls.TLSSocket}
// Remember to destroy the socket if you don't use it!
result.socket.destroy();
Type: Function<TLSSocket> | AsyncFunction<TLSSocket>
Default: tls.connect
Note: No matter which function is used (synchronous or asynchronous), it must accept a callback
function as a second argument. The callback
function gets executed when the socket has successfully connected.
MIT
FAQs
Detects the ALPN protocol
The npm package resolve-alpn receives a total of 8,204,512 weekly downloads. As such, resolve-alpn popularity was classified as popular.
We found that resolve-alpn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.