Security News
New Proposed CISA Mandate Would Require Critical Infrastructure to Report Ransom Payments Within 24 Hours
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Better streaming static file server with Range and conditional-GET support
Weekly downloads
Package description
The 'send' npm package is a library for streaming files from the file system as an HTTP response. It handles range requests, redirects, and errors, and is built with security in mind. It is often used to serve static files in web applications.
Serving static files
This code creates an HTTP server that serves a static file using the send package. When a request is made to the server, it streams the specified file as the response.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/index.html').pipe(res);
}).listen(3000);
Handling range requests
This code demonstrates how to handle HTTP range requests for partial content delivery, such as serving video files that can be streamed.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/video.mp4')
.on('headers', function (res, path, stat) {
res.setHeader('Accept-Ranges', 'bytes');
})
.pipe(res);
}).listen(3000);
Custom error handling
This code shows how to handle errors when a file is not found or another error occurs while trying to stream a file.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/non-existent-file.html')
.on('error', function(err) {
res.statusCode = err.status || 500;
res.end(err.message);
})
.pipe(res);
}).listen(3000);
Express is a web application framework for Node.js that includes functionality for serving static files. It is more feature-rich than 'send' and is designed for building web applications and APIs.
koa-send is similar to 'send' but is tailored for Koa, a web framework for Node.js created by the same team that built Express. It is used to serve static files in Koa applications.
serve-static is a middleware for serving static files for Express and Connect. It is built on top of 'send' and provides a higher-level API for integrating with these frameworks.
Readme
Send is Connect's static()
extracted for generalized use, a streaming static file
server supporting partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.
$ npm install send
Small:
var http = require('http');
var send = require('send');
var app = http.createServer(function(req, res){
send(req, req.url).pipe(res);
});
Serving from a root directory with custom error-handling:
var http = require('http');
var send = require('send');
var app = http.createServer(function(req, res){
// your custom error-handling logic:
function error(err) {
res.statusCode = err.status || 500;
res.end(err.message);
}
// your custom directory handling logic:
function redirect() {
res.statusCode = 301;
res.setHeader('Location', req.url + '/');
res.end('Redirecting to ' + req.url + '/');
}
// transfer arbitrary files from within
// /www/example.com/public/*
send(req, url.parse(req.url).pathname)
.root('/www/example.com/public')
.on('error', error)
.on('directory', redirect)
.pipe(res);
});
error
an error occurred (err)
directory
a directory was requestedstream
file streaming has started (stream)
end
streaming has completedServe files relative to path
. Aliased as .from(dir)
.
By default send supports "index.html" files, to disable this
invoke .index(false)
or to supply a new index pass a string.
Provide a max-age in milliseconds for http caching, defaults to 0.
By default when no error
listeners are present an automatic response will be made, otherwise you have full control over the response, aka you may show a 5xx page etc.
It does not perform internal caching, you should use a reverse proxy cache such as Varnish for this, or those fancy things called CDNs. If your application is small enough that it would benefit from single-node memory caching, it's small enough that it does not need caching at all ;).
To enable debug()
instrumentation output export DEBUG:
$ DEBUG=send node app
$ npm install
$ make test
(The MIT License)
Copyright (c) 2012 TJ Holowaychuk <tj@vision-media.ca>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Better streaming static file server with Range and conditional-GET support
The npm package send receives a total of 23,973,543 weekly downloads. As such, send popularity was classified as popular.
We found that send demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA has proposed a set of new rules that would require critical infrastructure to report cyber incidents and ransom payments.
Security News
Redis is no longer OSS, breaking its explicit commitment to remain under the BSD 3-Clause License forever. This has angered contributors who are now working to fork the software.
Product
Socket AI now enables 'AI detected potential malware' alerts by default, ensuring users benefit from AI-powered state-of-the-art malware detection without needing to opt-in.