Security News
Astral Launches pyx: A Python-Native Package Registry
Astral unveils pyx, a Python-native package registry in beta, designed to speed installs, enhance security, and integrate deeply with uv.
By Sarah Gooding - Aug 13, 2025
localhost
Localhost
This gem provides a convenient API for generating per-user self-signed root certificates.
Motivation
HTTP/2 requires SSL in web browsers. If you want to use HTTP/2 for development (and you should), you need to start using URLs like https://localhost:8080. In most cases, this requires adding a self-signed certificate to your certificate store (e.g. Keychain on macOS), and storing the private key for the web-server to use.
I wanted to provide a server-agnostic way of doing this, primarily because I think it makes sense to minimise the amount of junky self-signed keys you add to your certificate store for localhost.
Usage
Please see the project documentation for more details.
-
Getting Started - This guide explains how to use
localhostfor provisioning local TLS certificates for development. -
Browser Configuration - This guide explains how to configure your local browser in order to avoid warnings about insecure self-signed certificates.
-
Example Server - This guide demonstrates how to use
Localhost::Authorityto implement a simple HTTPS client & server.
Releases
Please see the project releases for all releases.
v1.4.0
- Add
localhost:purgeto delete all certificates. - Add
localhost:installto install the issuer certificate in the local trust store.
See Also
- Falcon — Uses
Localhost::Authorityto provide HTTP/2 with minimal configuration. - Puma — Supports
Localhost::Authorityto provide self-signed HTTP for local development.
Contributing
We welcome contributions to this project.
- Fork it.
- Create your feature branch (
git checkout -b my-new-feature). - Commit your changes (
git commit -am 'Add some feature'). - Push to the branch (
git push origin my-new-feature). - Create new Pull Request.
Developer Certificate of Origin
In order to protect users of this project, we require all contributors to comply with the Developer Certificate of Origin. This ensures that all contributions are properly licensed and attributed.
Community Guidelines
This project is best served by a collaborative and respectful environment. Treat each other professionally, respect differing viewpoints, and engage constructively. Harassment, discrimination, or harmful behavior is not tolerated. Communicate clearly, listen actively, and support one another. If any issues arise, please inform the project maintainers.
FAQs
Unknown package
We found that localhost demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Package last updated on 25 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Static vs. Runtime Reachability: Insights from Latio’s On the Record Podcast
The Latio podcast explores how static and runtime reachability help teams prioritize exploitable vulnerabilities and streamline AppSec workflows.
By Sarah Gooding - Aug 13, 2025
Security News
Opengrep Adds Apex Support and New Rule Controls in Latest Updates
The latest Opengrep releases add Apex scanning, precision rule tuning, and performance gains for open source static code analysis.
By Sarah Gooding - Aug 12, 2025