Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
tunnelmole
Advanced tools
Tunnelmole is a simple tool to give your locally running HTTP(s) servers a public URL. For example, you could get a public URL for
So, you could have your application running locally on port 8080
, then by running tmole 8080
you could have a URL such as https://df34.tunnelmole.com
routing to your locally running application.
Tunnelmole has been compared to a similar tool known as ngrok
, but is open source.
If you are using the default configuration you will get a HTTPs URL for free.
Heres what you could do with your new public URL
Install Tunnelmole by running
npm install -g tunnelmole
tmole <port number>
, replacing <port number>
with your applications port number. For example, if your application listens on port 8080
, run tmole 8080
.Here's what it should look like
$ tmole 8080
http://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
https://evgtkh-ip-49-145-166-122.tunnelmole.com is forwarding to localhost:8080
Now, just go to either one of the URLs shown with your web browser. The URLs are public - this means you can also share them with collaborators and others over the internet.
Add Tunnelmole as a dependency with
npm install --save tunnelmole
First import tunnelmole
. Both ES and CommonJS modules are supported.
Importing tunnelmole
as an ES module
import { tunnelmole } from 'tunnelmole';
Importing tunnelmole
as a CommonJS module
const tunnelmole = require('tunnelmole/cjs');
Once the module is imported you can start tunnelmole with the code below, changing port 3000 to the port your application listens on if it is different.
tunnelmole({
port: 3000
});
Tunnelmole will start in the background and you'll see output in the console log similar to the Tunnelmole command line application which will include the public URLs that now point to your application. The function is async
and won't block execution of the rest of your code.
If you want to use a custom subdomain, you could also pass the domain as an option.
tunnelmole({
port: 3000,
domain: '<your tunnelmole domain e.g. mysite.tunnelmole.com>'
});
Installing Tunnelmole as an NPM dependency will make the following executables available in your project:
node_modules/.bin/tmole
node_modules/.bin/tunnelmole
They both work identically to the Tunnelmole command line application.
You can run them manually in the same way as the command line application (for example node node_modules/.bin/tmole 3000
), but its far more convenient to integrate them with NPM scripts in package.json
. This way, you can automate starting your application and generating a public URL with a single command. For example:
{
"name": "myapp",
"version": 0.0.1
"scripts": {
"start": "dist/index.js",
"start-public": "npm run start && tmole 3000"
}
}
In this example, npm run start-public
will simultaneously start your application and get tunnelmole to generate public URLs tunneling to port 3000. Replace port 3000 with the port your application listens on if it is different. You will see the public URLs in the command line output.
This allows you to start your application and get a public URL with a single command, instead of needing to run two commands in separate terminals.
To get more info on hacking Tunnelmole as well as debugging, contributing and more view the full README on GitHub.
This package is for the Tunnelmole client. The service is also open source and its possible to self host. Get the code at (https://github.com/robbie-cahill/tunnelmole-service/).
FAQs
Tunnelmole, an open source ngrok alternative. Instant public URLs for any http/https based application. Available as a command line application or as an NPM dependency for your code. Stable and maintained. Good test coverage. Works behind firewalls
The npm package tunnelmole receives a total of 675 weekly downloads. As such, tunnelmole popularity was classified as not popular.
We found that tunnelmole demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.