Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
send-transform
Advanced tools
Better streaming static file server with transform, Range and conditional-GET support
Send-transform is a modified version of the send library for streaming files from the file system as a http response supporting partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.
This modified version of send supports specifying a transform function that takes the file stream as input, and produces a new (transformed) stream as ouput. See below for more information.
Looking to serve up entire folders mapped to URLs? Try serve-static.
$ npm install send-transform
var send = require('send-transform')
Create a new SendStream
for the given path to send to a res
. The req
is
the Node.js HTTP request and the path
is a urlencoded path to send (urlencoded,
not the actual file-system path).
Enable or disable accepting ranged requests, defaults to true.
Disabling this will not send Accept-Ranges
and ignore the contents
of the Range
request header.
Enable or disable setting Cache-Control
response header, defaults to
true. Disabling this will ignore the maxAge
option.
Set how "dotfiles" are treated when encountered. A dotfile is a file
or directory that begins with a dot ("."). Note this check is done on
the path itself without checking if the path actually exists on the
disk. If root
is specified, only the dotfiles above the root are
checked (i.e. the root itself can be within a dotfile when when set
to "deny").
'allow'
No special treatment for dotfiles.'deny'
Send a 403 for any request for a dotfile.'ignore'
Pretend like the dotfile does not exist and 404.The default value is similar to 'ignore'
, with the exception that
this default will not ignore the files within a directory that begins
with a dot, for backward-compatibility.
Byte offset at which the stream ends, defaults to the length of the file
minus 1. The end is inclusive in the stream, meaning end: 3
will include
the 4th byte in the stream.
Enable or disable etag generation.
Defaults to true
, unless the transform
option is set.
If a given file doesn't exist, try appending one of the given extensions,
in the given order. By default, this is disabled (set to false
). An
example value that will serve extension-less HTML files: ['html', 'htm']
.
This is skipped if the requested file already has an extension.
By default send supports "index.html" files, to disable this
set false
or to supply a new index pass a string or an array
in preferred order.
Enable or disable Last-Modified
header. Uses the file system's last modified
value.
Defaults to true
, unless the transform
option is set.
Provide a max-age in milliseconds for http caching, defaults to 0. This can also be a string accepted by the ms module.
Serve files relative to path
.
Byte offset at which the stream starts, defaults to 0. The start is inclusive,
meaning start: 2
will include the 3rd byte in the stream.
A function that consumes the file stream and produces a new (transformed) stream:
function(stream) {return stream.pipe(replaceStream('tobi', 'peter'))}
Multiple transformations are possible:
function(stream) {
return stream
.pipe(replaceStream('tobi', 'peter'))
.pipe(replaceStream('peter', 'hans'))
.pipe(...)
}
When a transform is specified, the lastModified
and etag
options default to
false
, but can be overridden when a transform on the file's stream is expected
to always generate the same result.
The SendStream
is an event emitter and will emit the following events:
error
an error occurred (err)
directory
a directory was requestedfile
a file was requested (path, stat)
headers
the headers are about to be set on a file (res, path, stat)
stream
file streaming has started (stream)
end
streaming has completedThe pipe
method is used to pipe the response into the Node.js HTTP response
object, typically send(req, path, options).pipe(res)
.
The mime
export is the global instance of of the
mime
npm module.
This is used to configure the MIME types that are associated with file extensions as well as other options for how to resolve the MIME type of a file (like the default type to use for an unknown file extension).
By default when no error
listeners are present an automatic response will be
made, otherwise you have full control over the response, aka you may show a 5xx
page etc.
It does not perform internal caching, you should use a reverse proxy cache such as Varnish for this, or those fancy things called CDNs. If your application is small enough that it would benefit from single-node memory caching, it's small enough that it does not need caching at all ;).
To enable debug()
instrumentation output export DEBUG:
$ DEBUG=send node app
$ npm install
$ npm test
var http = require('http')
var parseUrl = require('parseurl')
var send = require('send-transform')
var app = http.createServer(function onRequest (req, res) {
send(req, parseUrl(req).pathname).pipe(res)
}).listen(3000)
var http = require('http')
var parseUrl = require('parseurl')
var send = require('send-transform')
// Default unknown types to text/plain
send.mime.default_type = 'text/plain'
// Add a custom type
send.mime.define({
'application/x-my-type': ['x-mt', 'x-mtt']
})
var app = http.createServer(function onRequest (req, res) {
send(req, parseUrl(req).pathname).pipe(res)
}).listen(3000)
var http = require('http')
var parseUrl = require('parseurl')
var send = require('send')
var app = http.createServer(function onRequest (req, res) {
// your custom error-handling logic:
function error (err) {
res.statusCode = err.status || 500
res.end(err.message)
}
// your custom headers
function headers (res, path, stat) {
// serve all files for download
res.setHeader('Content-Disposition', 'attachment')
}
// your custom directory handling logic:
function redirect () {
res.statusCode = 301
res.setHeader('Location', req.url + '/')
res.end('Redirecting to ' + req.url + '/')
}
// transfer arbitrary files from within
// /www/example.com/public/*
send(req, parseUrl(req).pathname, {root: '/www/example.com/public'})
.on('error', error)
.on('directory', redirect)
.on('headers', headers)
.pipe(res);
}).listen(3000)
FAQs
Better streaming static file server with transform, Range and conditional-GET support
The npm package send-transform receives a total of 49 weekly downloads. As such, send-transform popularity was classified as not popular.
We found that send-transform demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.