Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
serve-static
Advanced tools
The serve-static npm package is used to serve static files such as images, CSS files, and JavaScript files. It is built on top of the core 'http' module in Node.js and provides a middleware that can be used with frameworks like Express to serve files from a directory in the file system.
Basic static file serving
This code sample demonstrates how to serve static files from a directory named 'public'. When a request is made to the server, it will look for files in this directory to serve.
const express = require('express');
const serveStatic = require('serve-static');
const app = express();
app.use(serveStatic('public'));
app.listen(3000);
Customizing cache control
This code sample shows how to customize cache control headers for the files served. The 'maxAge' option sets the cache control max-age directive in seconds, and the 'setHeaders' function allows for further customization of the headers.
const express = require('express');
const serveStatic = require('serve-static');
const app = express();
app.use(serveStatic('public', {
maxAge: '1d',
setHeaders: function (res, path) {
res.setHeader('Cache-Control', 'public, max-age=86400')
}
}));
app.listen(3000);
Serving files from multiple directories
This code sample demonstrates how to serve static files from multiple directories. The first 'serveStatic' serves files from the 'public' directory, while the second one serves files from the 'media' directory under the '/media' path.
const express = require('express');
const serveStatic = require('serve-static');
const app = express();
app.use(serveStatic('public'));
app.use('/media', serveStatic('media'));
app.listen(3000);
express-static is similar to serve-static but is specifically tailored for use with the Express framework. It provides a simpler API for serving static files in an Express application.
koa-static is designed for the Koa framework, which is a different Node.js web framework. It provides similar functionality to serve-static but is built to work within Koa's middleware system.
connect-static is a middleware for the Connect framework, which is a middleware layer for Node.js that can be used independently or with Express. It offers similar static file serving capabilities as serve-static.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install
command:
$ npm install serve-static
var serveStatic = require('serve-static')
Create a new middleware function to serve files from within a given root
directory. The file to serve will be determined by combining req.url
with the provided root directory. When a file is not found, instead of
sending a 404 response, this module will instead call next()
to move on
to the next middleware, allowing for stacking and fall-backs.
Enable or disable accepting ranged requests, defaults to true.
Disabling this will not send Accept-Ranges
and ignore the contents
of the Range
request header.
Enable or disable setting Cache-Control
response header, defaults to
true. Disabling this will ignore the immutable
and maxAge
options.
Set how "dotfiles" are treated when encountered. A dotfile is a file
or directory that begins with a dot ("."). Note this check is done on
the path itself without checking if the path actually exists on the
disk. If root
is specified, only the dotfiles above the root are
checked (i.e. the root itself can be within a dotfile when set
to "deny").
'allow'
No special treatment for dotfiles.'deny'
Deny a request for a dotfile and 403/next()
.'ignore'
Pretend like the dotfile does not exist and 404/next()
.The default value is similar to 'ignore'
, with the exception that this
default will not ignore the files within a directory that begins with a dot.
Enable or disable etag generation, defaults to true.
Set file extension fallbacks. When set, if a file is not found, the given
extensions will be added to the file name and search for. The first that
exists will be served. Example: ['html', 'htm']
.
The default value is false
.
Set the middleware to have client errors fall-through as just unhandled
requests, otherwise forward a client error. The difference is that client
errors like a bad request or a request to a non-existent file will cause
this middleware to simply next()
to your next middleware when this value
is true
. When this value is false
, these errors (even 404s), will invoke
next(err)
.
Typically true
is desired such that multiple physical directories can be
mapped to the same web address or for routes to fill in non-existent files.
The value false
can be used if this middleware is mounted at a path that
is designed to be strictly a single file system directory, which allows for
short-circuiting 404s for less overhead. This middleware will also reply to
all methods.
The default value is true
.
Enable or disable the immutable
directive in the Cache-Control
response
header, defaults to false
. If set to true
, the maxAge
option should
also be specified to enable caching. The immutable
directive will prevent
supported clients from making conditional requests during the life of the
maxAge
option to check if the file has changed.
By default this module will send "index.html" files in response to a request
on a directory. To disable this set false
or to supply a new index pass a
string or an array in preferred order.
Enable or disable Last-Modified
header, defaults to true. Uses the file
system's last modified value.
Provide a max-age in milliseconds for http caching, defaults to 0. This can also be a string accepted by the ms module.
Redirect to trailing "/" when the pathname is a dir. Defaults to true
.
Function to set custom headers on response. Alterations to the headers need to
occur synchronously. The function is called as fn(res, path, stat)
, where
the arguments are:
res
the response objectpath
the file path that is being sentstat
the stat object of the file that is being sentvar finalhandler = require('finalhandler')
var http = require('http')
var serveStatic = require('serve-static')
// Serve up public/ftp folder
var serve = serveStatic('public/ftp', { index: ['index.html', 'index.htm'] })
// Create server
var server = http.createServer(function onRequest (req, res) {
serve(req, res, finalhandler(req, res))
})
// Listen
server.listen(3000)
var contentDisposition = require('content-disposition')
var finalhandler = require('finalhandler')
var http = require('http')
var serveStatic = require('serve-static')
// Serve up public/ftp folder
var serve = serveStatic('public/ftp', {
index: false,
setHeaders: setHeaders
})
// Set header to force download
function setHeaders (res, path) {
res.setHeader('Content-Disposition', contentDisposition(path))
}
// Create server
var server = http.createServer(function onRequest (req, res) {
serve(req, res, finalhandler(req, res))
})
// Listen
server.listen(3000)
This is a simple example of using Express.
var express = require('express')
var serveStatic = require('serve-static')
var app = express()
app.use(serveStatic('public/ftp', { index: ['default.html', 'default.htm'] }))
app.listen(3000)
This example shows a simple way to search through multiple directories.
Files are searched for in public-optimized/
first, then public/
second
as a fallback.
var express = require('express')
var path = require('path')
var serveStatic = require('serve-static')
var app = express()
app.use(serveStatic(path.join(__dirname, 'public-optimized')))
app.use(serveStatic(path.join(__dirname, 'public')))
app.listen(3000)
This example shows how to set a different max age depending on the served file type. In this example, HTML files are not cached, while everything else is for 1 day.
var express = require('express')
var path = require('path')
var serveStatic = require('serve-static')
var app = express()
app.use(serveStatic(path.join(__dirname, 'public'), {
maxAge: '1d',
setHeaders: setCustomCacheControl
}))
app.listen(3000)
function setCustomCacheControl (res, path) {
if (serveStatic.mime.lookup(path) === 'text/html') {
// Custom Cache-Control for HTML files
res.setHeader('Cache-Control', 'public, max-age=0')
}
}
FAQs
Serve static files
The npm package serve-static receives a total of 31,736,420 weekly downloads. As such, serve-static popularity was classified as popular.
We found that serve-static demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.