Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
serve-favicon
Advanced tools
The serve-favicon npm package is a middleware for serving a favicon, a small icon associated with a particular website or web page. It is commonly used in Node.js applications to define and serve the favicon efficiently, handling caching and other concerns.
Serving a favicon
This code sample demonstrates how to use serve-favicon to serve a favicon from a specified path in an Express.js application. The favicon.ico file is located in the 'public' directory, and the middleware is set up to serve it.
const express = require('express');
const favicon = require('serve-favicon');
const path = require('path');
const app = express();
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')));
app.listen(3000);
Caching
This code sample shows how to set a cache-control max-age directive for the favicon, which tells browsers to cache the favicon for a specified amount of time (in this case, 30 days).
const express = require('express');
const favicon = require('serve-favicon');
const path = require('path');
const app = express();
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico'), { maxAge: 2592000000 }));
app.listen(3000);
Similar to serve-favicon, static-favicon was used to serve favicon files. However, it is now deprecated in favor of serve-favicon, which is more up-to-date and maintained.
This is another package that can be used to serve favicons in Express applications. It is less popular and not as actively maintained as serve-favicon, which is the more commonly recommended package for this purpose.
Connect-favicons is a middleware for Connect and Express that serves favicons. It is an alternative to serve-favicon but has fewer downloads and less frequent updates, suggesting that serve-favicon is the preferred choice for most developers.
Node.js middleware for serving a favicon.
A favicon is a visual cue that client software, like browsers, use to identify a site. For an example and more information, please visit the Wikipedia article on favicons.
Why use this module?
favicon.ico
frequently and indiscriminately, so you
may wish to exclude these requests from your logs by using this middleware
before your logger middleware.ETag
based on the contents of the icon, rather
than file system properties.Content-Type
.Note This module is exclusively for serving the "default, implicit favicon",
which is GET /favicon.ico
. For additional vendor-specific icons that require
HTML markup, additional middleware is required to serve the relevant files, for
example serve-static.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install serve-favicon
Create new middleware to serve a favicon from the given path
to a favicon file.
path
may also be a Buffer
of the icon to serve.
Serve favicon accepts these properties in the options object.
The cache-control
max-age
directive in ms
, defaulting to 1 year. This can
also be a string accepted by the ms
module.
Typically this middleware will come very early in your stack (maybe even first)
to avoid processing any other middleware if we already know the request is for
/favicon.ico
.
var express = require('express')
var favicon = require('serve-favicon')
var path = require('path')
var app = express()
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')))
// Add your routes here, etc.
app.listen(3000)
var connect = require('connect')
var favicon = require('serve-favicon')
var path = require('path')
var app = connect()
app.use(favicon(path.join(__dirname, 'public', 'favicon.ico')))
// Add your middleware here, etc.
app.listen(3000)
This middleware can be used anywhere, even outside express/connect. It takes
req
, res
, and callback
.
var http = require('http')
var favicon = require('serve-favicon')
var finalhandler = require('finalhandler')
var path = require('path')
var _favicon = favicon(path.join(__dirname, 'public', 'favicon.ico'))
var server = http.createServer(function onRequest (req, res) {
var done = finalhandler(req, res)
_favicon(req, res, function onNext (err) {
if (err) return done(err)
// continue to process the request here, etc.
res.statusCode = 404
res.end('oops')
})
})
server.listen(3000)
FAQs
favicon serving middleware with caching
The npm package serve-favicon receives a total of 1,525,622 weekly downloads. As such, serve-favicon popularity was classified as popular.
We found that serve-favicon demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.