A better static asset handler for Node.js / express.js.
Provides helpers to add a version identifier to your static asset's public URLs, and to remove the hash before serving the file from the file system.
How your URLs are transformed:
/home.css --> /home.<md5 hash of contents>.css
For example:
/home.css --> /home.ae2b1fca515949e5d54fb22b8ed95575.css
/js/script.js --> /js/script.3205c0ded576131ea255ad2bd38b0fb2.js
The version hashes are the md5 of the contents of the static asset. Thus, every file has it's own unique version identifier. When a file changes, only it's own hash changes. This lets you have a far-futures expires header for your static assets without worrying about cache-invalidation, while ensuring that the user only downloads the files that have changed since your last deployment.
var path = require('path');
var staticify = require('staticify')(path.join(__dirname, 'public'));
...
app.use(staticify.middleware);
app.helpers({getVersionedPath: staticify.getVersionedPath});
And in your template:
<link href="${getVersionedPath('/home.css')}" rel="stylesheet">
Include all files when scanning the public directory. By default, the directories from ignore-by-default are ignored.
falseGenerate a short (7-digit) md5 hash instead of the full (32-digit) one.
trueIf you are using the staticify convenience middleware through a specific route, it is necessary to indicate the route in this option.
var path = require('path');
var options = { pathPrefix: '/assets' };
var staticify = require('staticify')(path.join(__dirname, 'public'), options);
app.use('/assets', staticify.middleware); // `app` is your express instance
sendOptions: { maxAge: '1y' } for hashed assets or maxAge: 0 for non-hashed assets.You can pass any send options; used in middleware and serve functions.
Install from npm:
npm install staticify
Initialise the staticify helper with the path of your public directory:
var path = require('path');
var staticify = require('staticify')(path.join(__dirname, 'public'));
This returns an object with the following helpers:
Does the following transformation to the path, and returns immediately:
staticify.getVersionedPath('/path/to/file.ext'); // --> /path/to/file.<md5 of the contents of file.ext>.ext
This method is meant to be used inside your templates.
This method is really fast (simply an in-memory lookup) and returns immediately. When you initialize this module, it crawls your public folder synchronously at startup, and pre-determines all the md5 hashes for your static files. This slows down application startup slightly, but it keeps the runtime performance at its peak.
Convenience wrapper over .serve to handle static files in express.js.
app.use(staticify.middleware); // `app` is your express instance
Takes the input string, and replaces any paths it can understand. For example:
staticify.replacePaths('body { background: url("/index.js") }');
returns
"body { background: url('/index.d766c4a983224a3696bc4913b9e47305.js') }"
Perfect for use in your build script, to modify references to external paths within your CSS files.
Removes the md5 identifier in a path.
staticify.stripVersion('/path/to/file.ae2b1fca515949e5d54fb22b8ed95575.ext'); // --> /path/to/file.ext
Note, this function doesn't verify that the hash is valid. It simply finds what looks like a hash and strips it from the path.
Rebuilds the md5 version cache described above. Use this method sparingly. This crawls your public folder synchronously (in a blocking fashion) to rebuild the cache. This is typically only useful when you are doing some kind of live-reloading during development.
Handles an incoming request for the file. Internally calls .stripVersion to strip the version identifier, and serves the file with a maxAge of one year, using send. Returns a stream that can be .piped to a http response stream. See here for the options you can pass.
staticify.serve(req, {
sendOptions: {
maxAge: 3600 * 1000 // milliseconds
}
}).pipe(res);
MIT
FAQs
A better static asset handler for Node.js/Express.js
We found that staticify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.