Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
vite-plugin-mkcert
Advanced tools
vite-plugin-mkcert is a Vite plugin that allows you to easily create and use locally-trusted development certificates. This is particularly useful for developing applications that require HTTPS in a local environment.
Automatic Certificate Generation
This feature automatically generates and uses locally-trusted development certificates, making it easy to set up HTTPS for your local development environment.
import mkcert from 'vite-plugin-mkcert';
export default {
plugins: [mkcert()]
};
Custom Certificate Options
This feature allows you to specify custom certificate and key paths, giving you more control over the certificates used in your local development environment.
import mkcert from 'vite-plugin-mkcert';
export default {
plugins: [
mkcert({
source: 'path/to/custom/certificates',
key: 'path/to/custom/key.pem',
cert: 'path/to/custom/cert.pem'
})
]
};
webpack-dev-server is a development server that provides live reloading and HTTPS support. It can be configured to use self-signed certificates, but it does not automatically generate locally-trusted certificates like vite-plugin-mkcert.
create-ssl-certificate is a package that generates self-signed SSL certificates for local development. Unlike vite-plugin-mkcert, it does not integrate directly with Vite and requires manual setup.
devcert is a library for generating locally-trusted development certificates. It provides similar functionality to vite-plugin-mkcert but is not specifically designed for Vite and requires additional configuration.
Use mkcert to provide certificate support for vite https development services.
http/2
to solve the concurrency limit of vite http dev server requests, you find that the browser cache is invalid #2725.yarn add vite-plugin-mkcert -D
import {defineConfig} from'vite'
import mkcert from'vite-plugin-mkcert'
// https://vitejs.dev/config/
export default defineConfig({
server: {
https: true
},
plugins: [mkcert()]
})
Custom hosts, default value is localhost
+ local ip addrs
.
Whether to force generate.
Whether to automatically upgrade mkcert
.
Specify the download source of mkcert
, domestic users can set it to coding
to download from the coding.net mirror, or provide a custom BaseSource.
If the network is restricted, you can specify a local mkcert
file instead of downloading from the network.
The location to save the files, such as the downloaded mkcert program and the generated CA file, private key and certificate file, etc. Default value is PLUGIN_DATA_DIR
The name of private key file generated by mkcert
The name of cert file generated by mkcert
For the certificates to be trusted on mobile devices, you will have to install the root CA. It's the rootCA.pem
file in the folder printed by mkcert -CAROOT
.
On iOS, you can either use AirDrop, email the CA to yourself, or serve it from an HTTP server. After opening it, you need to install the profile in Settings > Profile Downloaded and then enable full trust in it.
For Android, you will have to install the CA and then enable user roots in the development build of your app. See this StackOverflow answer.
Set the environment variable DEBUG
=vite:plugin:mkcert
Use mkcert to install the local CA
certificate and generate it for server.https Server certificate.
CA
certificate: mkcert -uninstall
FAQs
Provide certificates for vite's https dev service
We found that vite-plugin-mkcert demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.