Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
tunnelmole
Advanced tools
Tunnelmole is a simple tool to give your locally running HTTP(s) servers a public URL. For example, you could get a public URL for
So, you could have your application running locally on port 8080
, then by running tmole 8080
you could have a URL such as https://df34.tunnelmole.com
routing to your locally running application.
Tunnelmole has been compared to a similar tool known as ngrok
, but is open source.
If you are using the default configuration you will get a HTTPs URL for free.
Heres what you could do with your new public URL
If you want to start using Tunnelmole right away without building it from source or installing anything else, the easiest method is to install the pre-built binary for your platform as these have no external dependencies.
If you have NodeJS installed, you can install Tunnelmole with NPM (npm install -g tunnelmole
).
Copy and paste the following into a terminal
curl -s https://tunnelmole.com/sh/install-linux.sh | sudo bash
Copy and paste the following into a terminal
curl -s https://tunnelmole.com/sh/install-mac.sh --output install-mac.sh && sudo bash install-mac.sh
We recommend installing with NPM on Windows as it sets up .cmd
files that will allow you to run tmole
from any folder on the command line or Powershell.
Alternatively, download the exe
file for Windows here and put it somewhere in your PATH.
To install Tunnelmole with NPM you need to have NodeJS installed. If not, get it from (https://nodejs.org/).
npm install -g tunnelmole
tmole <port number>
, replacing <port number>
with your applications port number. For example, if your application listens on port 8080
, run tmole 8080
.Here's what it should look like
$ tmole 8080
http://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
https://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
Now, just go to either one of the URLs shown with your web browser.
You can also use another device, for example try hitting one of the URLs with your phones browser or a different computer.
The URLs are public - this means you can also share them with collaborators and others over the internet.
Tunnelmole is available as an NPM dependency for integration with NodeJS and TypeScript projects.
To integrate tunnelmole with your project you first need to install it as an NPM dependency.
npm install --save tunnelmole
First import tunnelmole
. Both ES and CommonJS modules are supported.
Importing tunnelmole
as an ES module
import { tunnelmole } from 'tunnelmole';
Importing tunnelmole
as a CommonJS module
const tunnelmole = require('tunnelmole/cjs');
Once the module is imported you can start tunnelmole with the code below, changing port 3000 to the port your application listens on if it is different.
tunnelmole({
port: 3000
});
Tunnelmole will start in the background and you'll see output in the console log similar to the Tunnelmole command line application which will include the public URLs that now point to your application. The function is async
and won't block execution of the rest of your code.
If you want to use a custom subdomain, you could also pass the domain as an option.
tunnelmole({
port: 3000,
domain: '<your tunnelmole domain e.g. mysite.tunnelmole.com>'
});
Installing Tunnelmole as an NPM dependency will make the following executables available in your project:
node_modules/.bin/tmole
node_modules/.bin/tunnelmole
They both work identically to the Tunnelmole command line application.
You can run them manually in the same way as the command line application (for example node node_modules/.bin/tmole 3000
), but its far more convenient to integrate them with NPM scripts in package.json
. This way, you can automate starting your application and generating a public URL with a single command. For example:
{
"name": "myapp",
"version": 0.0.1
"scripts": {
"start": "dist/index.js",
"start-public": "npm run start && tmole 3000"
}
}
In this example, npm run start-public
will simultaneously start your application and get tunnelmole to generate public URLs tunneling to port 3000. Replace port 3000 with the port your application listens on if it is different. You will see the public URLs in the command line output.
This allows you to start your application and get a public URL with a single command, instead of needing to run two commands in separate terminals.
npm
Run npm install
cp config-instance.example.ts config-instance.ts
The default settings are fine unless you want to self host your own tunnelmole service, in which case you'll need to modify the config to point to your server.
To start Tunnelmole, run npm start
.
This does a few things for you automatically:
Alternatively you can invoke Tunnelmole manually with
node dist/bin/tunnelmole.js <port number to forward to>
after compiling the code with npm run build
.
This project has sourcemaps enabled, so you can set breakpoints in the TypeScript .ts
files and they should behave normally.
If Tunnelmole crashes and you get a Stack Trace it will refer to the TypeScript files and line numbers which should make tracking down problematic code easier.
To set up debugging for Visual Studio Code, copy over the example config.
cp .vscode/launch.json.example .vscode/launch.json
Once this is done, run "Launch Tunnelmole" from the Run and Debug menu.
While debugging, hot reload is not supported as you'd loose your debug connection each time Tunnelmole restarts. So for every change, you will need to recompile the code (i.e. with npm run build
) and then restart the debugger.
You can optionally run npm run watch
to automatically recompile code as you make changes.
By default, Launch Tunnelmole invokes Tunnelmole to forward to port 8001 locally. You can change this by changing the port in the .vscode/launch.json
config under the "args" section.
Tunnelmole sets up a persistent Websocket connection between your device and a host machine running the tunnelmole service. By default, this is the hosted tunnlemole service at https://tunnelmole.com but you can self host.
As requests come in to the public URL, these requests are sent back through the Websocket connection to the client running on your machine.
The client then forwards on the request to your locally running web server.
Responses are handled in reverse. Your client forwards them to the Tunnelmole service, which then serves them up at the public URL.
There is no big company behind Tunnelmole and currently there is only one maintainer so any help is greatly appreciated!.
If you'd like a bug fixed or missing feature added, the fastest way to make that happen is to implement the changes yourself.
This repo has a few features to help with your developer experience including sample debugging configuration and hot reload.
Here are some different ways you can help
For any code changes, you will need to fork this repo and submit a PR. If you've never done this before, GitHub has a very good guide here.
Both the Tunnelmole client and server are fully open source.
You are free to self host or use our hosted service.
We welcome issue reports and PRs from the community.
Feel free to look over the code and see exactly what Tunnelmole is doing before running it.
The Tunnelmole client is licensed under the MIT license. The service is licensed under the Gnu Affero General Public License, version 3.
In the past the Tunnelmole service did hide IP addresses. Unfortunately this encouraged bad actors to use the service. They would tunnel phishing sites through the service, then the abuse reports would get sent to my hosting provider instead of theirs.
Because of this, Tunnelmole now adds an X-Forwarded-For
header with your IP in every response. So you can't use the Tunnelmole hosted service to hide your origin server. For the randomly generated URLs your IP is also added to the URL itself.
However, you can always self host Tunnelmole and remove the code that adds this header if you want. This would allow you to hide your origin server. You'll then be responsible for securing your service. The IP of the server you self host on will still be visible.
Read the above "Contributing" section to learn how to contribute.
FAQs
Tunnelmole, an open source ngrok alternative. Instant public URLs for any http/https based application. Available as a command line application or as an NPM dependency for your code. Stable and maintained. Good test coverage. Works behind firewalls
The npm package tunnelmole receives a total of 932 weekly downloads. As such, tunnelmole popularity was classified as not popular.
We found that tunnelmole demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.