Gathering detailed insights and metrics for connect
Gathering detailed insights and metrics for connect
Gathering detailed insights and metrics for connect
Gathering detailed insights and metrics for connect
@types/connect
TypeScript definitions for connect
defer-to-connect
The safe way to handle the `connect` socket event
connect-history-api-fallback
Provides a fallback for non-existing directories so that the HTML 5 history API can be used.
@types/connect-history-api-fallback
TypeScript definitions for connect-history-api-fallback
Connect is a middleware layer for Node.js
npm install connect
Typescript
Module System
Min. Node Version
Node Version
NPM Version
96.3
Supply Chain
99.5
Quality
75.1
Maintenance
100
Vulnerability
100
License
Updated on 03 Dec 2024
JavaScript (100%)
Cumulative downloads
Total Downloads
Last day
12.9%
Compared to previous day
Last week
-4.2%
Compared to previous week
Last month
8.2%
Compared to previous month
Last year
11%
Compared to previous year
4
Connect is an extensible HTTP server framework for node using "plugins" known as middleware.
1var connect = require('connect'); 2var http = require('http'); 3 4var app = connect(); 5 6// gzip/deflate outgoing responses 7var compression = require('compression'); 8app.use(compression()); 9 10// store session state in browser cookie 11var cookieSession = require('cookie-session'); 12app.use(cookieSession({ 13 keys: ['secret1', 'secret2'] 14})); 15 16// parse urlencoded request bodies into req.body 17var bodyParser = require('body-parser'); 18app.use(bodyParser.urlencoded({extended: false})); 19 20// respond to all requests 21app.use(function(req, res){ 22 res.end('Hello from Connect!\n'); 23}); 24 25//create node.js http server and listen on port 26http.createServer(app).listen(3000);
Connect is a simple framework to glue together various "middleware" to handle requests.
1$ npm install connect
The main component is a Connect "app". This will store all the middleware added and is, itself, a function.
1var app = connect();
The core of Connect is "using" middleware. Middleware are added as a "stack"
where incoming requests will execute each middleware one-by-one until a middleware
does not call next()
within it.
1app.use(function middleware1(req, res, next) { 2 // middleware 1 3 next(); 4}); 5app.use(function middleware2(req, res, next) { 6 // middleware 2 7 next(); 8});
The .use()
method also takes an optional path string that is matched against
the beginning of the incoming request URL. This allows for basic routing.
1app.use('/foo', function fooMiddleware(req, res, next) { 2 // req.url starts with "/foo" 3 next(); 4}); 5app.use('/bar', function barMiddleware(req, res, next) { 6 // req.url starts with "/bar" 7 next(); 8});
There are special cases of "error-handling" middleware. There are middleware
where the function takes exactly 4 arguments. When a middleware passes an error
to next
, the app will proceed to look for the error middleware that was declared
after that middleware and invoke it, skipping any error middleware above that
middleware and any non-error middleware below.
1// regular middleware 2app.use(function (req, res, next) { 3 // i had an error 4 next(new Error('boom!')); 5}); 6 7// error middleware for errors that occurred in middleware 8// declared before this 9app.use(function onerror(err, req, res, next) { 10 // an error occurred! 11});
The last step is to actually use the Connect app in a server. The .listen()
method
is a convenience to start a HTTP server (and is identical to the http.Server
's listen
method in the version of Node.js you are running).
1var server = app.listen(port);
The app itself is really just a function with three arguments, so it can also be handed
to .createServer()
in Node.js.
1var server = http.createServer(app);
These middleware and libraries are officially supported by the Connect/Express team:
bodyParser
, json
, and urlencoded
. You may also be interested in:
compress
timeout
cookieParser
cookieSession
csrf
error-handler
session
method-override
logger
response-time
favicon
directory
static
vhost
Most of these are exact ports of their Connect 2.x equivalents. The primary exception is cookie-session
.
Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead:
cookieParser
limit
multipart
query
staticCache
Checkout http-framework for many other compatible middleware!
The Connect API is very minimalist, enough to create an app and add a chain of middleware.
When the connect
module is required, a function is returned that will construct
a new app when called.
1// require module 2var connect = require('connect') 3 4// create app 5var app = connect()
The app
itself is a function. This is just an alias to app.handle
.
Calling the function will run the middleware stack against the given Node.js
http request (req
) and response (res
) objects. An optional function out
can be provided that will be called if the request (or error) was not handled
by the middleware stack.
Start the app listening for requests. This method will internally create a Node.js
HTTP server and call .listen()
on it.
This is an alias to the server.listen()
method in the version of Node.js running,
so consult the Node.js documentation for all the different variations. The most
common signature is app.listen(port)
.
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in the order that app.use
is called. The function
is called with three arguments:
1app.use(function (req, res, next) { 2 // req is the Node.js http request object 3 // res is the Node.js http response object 4 // next is a function to call to invoke the next middleware 5})
In addition to a plan function, the fn
argument can also be a Node.js HTTP server
instance or another Connect app instance.
Use a function on the app, where the function represents a middleware. The function
will be invoked for every request in which the URL (req.url
property) starts with
the given route
string in the order that app.use
is called. The function is
called with three arguments:
1app.use('/foo', function (req, res, next) { 2 // req is the Node.js http request object 3 // res is the Node.js http response object 4 // next is a function to call to invoke the next middleware 5})
In addition to a plan function, the fn
argument can also be a Node.js HTTP server
instance or another Connect app instance.
The route
is always terminated at a path separator (/
) or a dot (.
) character.
This means the given routes /foo/
and /foo
are the same and both will match requests
with the URLs /foo
, /foo/
, /foo/bar
, and /foo.bar
, but not match a request with
the URL /foobar
.
The route
is matched in a case-insensitive manor.
In order to make middleware easier to write to be agnostic of the route
, when the
fn
is invoked, the req.url
will be altered to remove the route
part (and the
original will be available as req.originalUrl
). For example, if fn
is used at the
route /foo
, the request for /foo/bar
will invoke fn
with req.url === '/bar'
and req.originalUrl === '/foo/bar'
.
1npm install 2npm test
The Connect project would not be the same without all the people involved.
The original author of Connect is TJ Holowaychuk
The current lead maintainer is Douglas Christopher Wilson
< 1.x
- node 0.2
1.x
- node 0.4
< 2.8
- node 0.6
>= 2.8 < 3
- node 0.8
>= 3
- node 0.10
, 0.12
, 4.x
, 5.x
, 6.x
, 7.x
, 8.x
, 9.x
, 10.x
, 11.x
, 12.x
; io.js 1.x
, 2.x
, 3.x
Stable Version
2
6.1/10
Summary
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware
Affected Versions
< 2.8.2
Patched Versions
2.8.2
5.4/10
Summary
Cross-Site Scripting in connect
Affected Versions
< 2.14.0
Patched Versions
2.14.0
1
0/10
Summary
methodOverride Middleware Reflected Cross-Site Scripting in connect
Affected Versions
<= 2.8.0
Patched Versions
2.8.1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
17 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More