send
Advanced tools
Package description
The 'send' npm package is a library for streaming files from the file system as an HTTP response. It handles range requests, redirects, and errors, and is built with security in mind. It is often used to serve static files in web applications.
Serving static files
This code creates an HTTP server that serves a static file using the send package. When a request is made to the server, it streams the specified file as the response.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/index.html').pipe(res);
}).listen(3000);Handling range requests
This code demonstrates how to handle HTTP range requests for partial content delivery, such as serving video files that can be streamed.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/video.mp4')
.on('headers', function (res, path, stat) {
res.setHeader('Accept-Ranges', 'bytes');
})
.pipe(res);
}).listen(3000);Custom error handling
This code shows how to handle errors when a file is not found or another error occurs while trying to stream a file.
const send = require('send');
const http = require('http');
http.createServer(function(req, res){
send(req, '/path/to/public/non-existent-file.html')
.on('error', function(err) {
res.statusCode = err.status || 500;
res.end(err.message);
})
.pipe(res);
}).listen(3000);Express is a web application framework for Node.js that includes functionality for serving static files. It is more feature-rich than 'send' and is designed for building web applications and APIs.
koa-send is similar to 'send' but is tailored for Koa, a web framework for Node.js created by the same team that built Express. It is used to serve static files in Koa applications.
serve-static is a middleware for serving static files for Express and Connect. It is built on top of 'send' and provides a higher-level API for integrating with these frameworks.
Readme
Send is Connect's static() extracted for generalized use, a streaming static file
server supporting partial responses (Ranges), conditional-GET negotiation, high test coverage, and granular events which may be leveraged to take appropriate actions in your application or framework.
$ npm install send
var send = require('send')
Create a new SendStream for the given path to send to a res. The req is
the Node.js HTTP request and the path is a urlencoded path to send (urlencoded,
not the actual file-system path).
Set how "dotfiles" are treated when encountered. A dotfile is a file
or directory that begins with a dot ("."). Note this check is done on
the path itself without checking if the path actually exists on the
disk. If root is specified, only the dotfiles above the root are
checked (i.e. the root itself can be within a dotfile when when set
to "deny").
The default value is 'ignore'.
'allow' No special treatment for dotfiles.'deny' Send a 403 for any request for a dotfile.'ignore' Pretend like the dotfile does not exist and 404.Enable or disable etag generation, defaults to true.
If a given file doesn't exist, try appending one of the given extensions,
in the given order. By default, this is disabled (set to false). An
example value that will serve extension-less HTML files: ['html', 'htm'].
This is skipped if the requested file already has an extension.
By default send supports "index.html" files, to disable this
set false or to supply a new index pass a string or an array
in preferred order.
Enable or disable Last-Modified header, defaults to true. Uses the file
system's last modified value.
Provide a max-age in milliseconds for http caching, defaults to 0. This can also be a string accepted by the ms module.
Serve files relative to path.
The SendStream is an event emitter and will emeit the following events:
error an error occurred (err)directory a directory was requestedfile a file was requested (path, stat)headers the headers are about to be set on a file (res, path, stat)stream file streaming has started (stream)end streaming has completedThe pipe method is used to pipe the response into the Node.js HTTP response
object, typically send(req, path, options).pipe(res).
By default when no error listeners are present an automatic response will be made, otherwise you have full control over the response, aka you may show a 5xx page etc.
It does not perform internal caching, you should use a reverse proxy cache such as Varnish for this, or those fancy things called CDNs. If your application is small enough that it would benefit from single-node memory caching, it's small enough that it does not need caching at all ;).
To enable debug() instrumentation output export DEBUG:
$ DEBUG=send node app
$ npm install
$ npm test
Small:
var http = require('http');
var send = require('send');
var app = http.createServer(function(req, res){
send(req, req.url).pipe(res);
}).listen(3000);
Serving from a root directory with custom error-handling:
var http = require('http');
var send = require('send');
var url = require('url');
var app = http.createServer(function(req, res){
// your custom error-handling logic:
function error(err) {
res.statusCode = err.status || 500;
res.end(err.message);
}
// your custom headers
function headers(res, path, stat) {
// serve all files for download
res.setHeader('Content-Disposition', 'attachment');
}
// your custom directory handling logic:
function redirect() {
res.statusCode = 301;
res.setHeader('Location', req.url + '/');
res.end('Redirecting to ' + req.url + '/');
}
// transfer arbitrary files from within
// /www/example.com/public/*
send(req, url.parse(req.url).pathname, {root: '/www/example.com/public'})
.on('error', error)
.on('directory', redirect)
.on('headers', headers)
.pipe(res);
}).listen(3000);
FAQs
Better streaming static file server with Range and conditional-GET support
We found that send demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.