Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
tunnelmole
Advanced tools
Tunnelmole, an open source ngrok alternative. Instant public URLs for any http/https based application. Available as a command line application or as an NPM dependency for your code. Stable and maintained. Good test coverage. Works behind firewalls
Tunnelmole is a simple tool to give your locally running HTTP(s) servers a public URL. For example, you could get a public URL for
So, you could have your application running locally on port 8080
, then by running tmole 8080
you could have a URL such as https://df34.tunnelmole.com
routing to your locally running application.
Tunnelmole has been compared to a similar tool known as ngrok
, but is open source.
If you are using the default configuration you will get a HTTPs URL for free.
Heres what you could do with your new public URL
There are a couple of ways to install Tunnelmole.
If you have NodeJS 16.10 or later, you can install Tunnelmole by running
sudo npm install -g tunnelmole
Alternatively you can install the latest precompiled binary for your platform. This has the right version of Node built in. You don't need any specific version of Node installed for this approach.
Copy and paste the following into a terminal
curl -s https://tunnelmole.com/sh/install-linux.sh | sudo bash
Copy and paste the following into a terminal
curl -s https://tunnelmole.com/sh/install-mac.sh --output install-mac.sh && sudo bash install-mac.sh
Download the exe
file for Windows here and put it somewhere in your PATH.
tmole <port number>
, replacing <port number>
with your applications port number. For example, if your application listens on port 8080
, run tmole 8080
.Here's what it should look like
$ tmole 8080
http://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
https://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
Now, just go to either one of the URLs shown with your web browser. The URLs are public - this means you can also share them with collaborators and others over the internet.
Sometimes, it can be useful to have a domain that does not change frequently. To use a custom subdoman run
tmole 8080 as <yourdomain>.tunnelmole.com
.
If you are using the hosted service (which is the default) and you want to use a custom subdomain you'll need to purchase a subscription Learn More.
Otherwise, you can self host. To learn more go to the Tunnelmole Service GitHub repo.
To use Tunnelmole as a dependency for your project you need Node 16.10 or later.
Add Tunnelmole as a dependency with
npm install --save tunnelmole
First import tunnelmole
. Both ES and CommonJS modules are supported.
Importing tunnelmole
as an ES module
import { tunnelmole } from 'tunnelmole';
Importing tunnelmole
as a CommonJS module
const tunnelmole = require('tunnelmole/cjs');
Once the module is imported you can start tunnelmole with the code below, changing port 3000 to the port your application listens on if it is different.
const url = await tunnelmole({
port: 3000
});
// url = https://idsq6j-ip-157-211-195-169.tunnelmole.com
Tunnelmole will start in the background and you'll see output in the console log similar to the Tunnelmole command line application which will include the public URLs that now point to your application. The function is async
and won't block execution of the rest of your code.
If you want to use a custom subdomain, you could also pass the domain as an option.
const url = await tunnelmole({
port: 3000,
domain: '<your tunnelmole domain e.g. mysite.tunnelmole.com>'
});
// url = mydomain.tunnelmole.com
Again if you are using the hosted service (which is the default) and you want to use a custom subdomain you'll need to purchase a subscription Learn More.
Otherwise, you can self host. To learn more about this option go to the Tunnelmole Service GitHub repo.
Installing Tunnelmole as an NPM dependency will make the following executables available in your project:
node_modules/.bin/tmole
node_modules/.bin/tunnelmole
They both work identically to the Tunnelmole command line application.
You can run them manually in the same way as the command line application (for example node node_modules/.bin/tmole 3000
), but its far more convenient to integrate them with NPM scripts in package.json
. This way, you can automate starting your application and generating a public URL with a single command. For example:
{
"name": "myapp",
"version": "0.0.1",
"scripts": {
"start": "dist/index.js",
"start-public": "npm run start && tmole 3000"
}
}
In this example, npm run start-public
will simultaneously start your application and get tunnelmole to generate public URLs tunneling to port 3000. Replace port 3000 with the port your application listens on if it is different. You will see the public URLs in the command line output.
This allows you to start your application and get a public URL with a single command, instead of needing to run two commands in separate terminals.
To get more info on hacking Tunnelmole as well as debugging, contributing and more view the full README on GitHub.
This package is for the Tunnelmole client. The service is also open source and its possible to self host. Get the code at (https://github.com/robbie-cahill/tunnelmole-service/).
FAQs
Tunnelmole, an open source ngrok alternative. Instant public URLs for any http/https based application. Available as a command line application or as an NPM dependency for your code. Stable and maintained. Good test coverage. Works behind firewalls
The npm package tunnelmole receives a total of 0 weekly downloads. As such, tunnelmole popularity was classified as not popular.
We found that tunnelmole demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.