Gathering detailed insights and metrics for express-ipfilter
Gathering detailed insights and metrics for express-ipfilter
A light-weight IP address based connection filtering system
Installations
npm install express-ipfilterDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=8.9.0
Node Version
16.20.2
NPM Version
8.19.4
Releases
8
Languages
4
JavaScript
Pug
CSS
Shell
JavaScript (98.73%)
Pug (0.79%)
CSS (0.29%)
Shell (0.18%)
Developer
jetersen
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
66 Stars
266 Commits
21 Forks
2 Watchers
23 Branches
20 Contributors
Updated on Apr 04, 2025
Maintainers
1
Package Meta Information
Latest Version
1.3.2
Package Id
express-ipfilter@1.3.2
Unpacked Size
14.44 kB
Size
5.17 kB
File Count
7
NPM Version
8.19.4
Node Version
16.20.2
Published on
Feb 20, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
express-ipfilter: A light-weight IP address based filtering system
This package provides easy IP based access control. This can be achieved either by denying certain IPs and allowing all others, or allowing certain IPs and denying all others.
Installation
Recommended installation is with npm. To add express-ipfilter to your project, do:
npm install express-ipfilter
Usage with Express
Denying certain IP addresses, while allowing all other IPs:
1// Init dependencies 2const express = require('express') 3const ipfilter = require('express-ipfilter').IpFilter 4 5// Deny the following IPs 6const ips = ['127.0.0.1'] 7 8// Create the server 9app.use(ipfilter(ips)) 10app.listen(3000)
Allowing certain IP addresses, while denying all other IPs:
1// Init dependencies 2// Init dependencies 3const express = require('express') 4const ipfilter = require('express-ipfilter').IpFilter 5 6// Allow the following IPs 7const ips = ['127.0.0.1'] 8 9// Create the server 10app.use(ipfilter(ips, { mode: 'allow' })) 11 12module.exports = app
Using CIDR subnet masks for ranges:
1const ips = ['127.0.0.1/24'] 2 3// Create the server 4app.use(ipfilter(ips, { mode: 'allow' })) 5 6module.exports = app
Using IP ranges:
1const ips = [['127.0.0.1', '127.0.0.10']] 2 3// Create the server 4app.use(ipfilter(ips, { mode: 'allow' })) 5 6module.exports = app
Using a function to get Ips:
1const ips = function() { 2 return ['127.0.0.1'] 3} 4 5// Create the server 6app.use(ipfilter(ips, { mode: 'allow' })) 7 8module.exports = app
Using wildcard ip ranges and nginx forwarding:
1 let allowlist_ips = ['10.1.*.*', '123.??.34.8*'] // matches '10.1.76.32' and '123.77.34.89' 2 3 let clientIp = function(req, res) { 4 return req.headers['x-forwarded-for'] ? (req.headers['x-forwarded-for']).split(',')[0] : "" 5 } 6 7 app.use( 8 ipFilter({ 9 detectIp: clientIp, 10 forbidden: 'You are not authorized to access this page.', 11 filter: allowlist_ips, 12 }) 13 )
Error Handling
When an IP is denied, an IpDeniedError will be thrown by the middleware. If you do not handle the error, it will cause your app to crash due to an unhandled exception. Here is an example of how to handle the error, which can also be found in the example app:
1if (app.get('env') === 'development') { 2 app.use((err, req, res, _next) => { 3 console.log('Error handler', err) 4 if (err instanceof IpDeniedError) { 5 res.status(401) 6 } else { 7 res.status(err.status || 500) 8 } 9 10 res.render('error', { 11 message: 'You shall not pass', 12 error: err 13 }) 14 }) 15}
You will need to require the IpDeniedError type in order to handle it.
Options
| Property | Description | Type | Default |
|---|---|---|---|
| mode | whether to deny or allow to the IPs provided | string | deny |
| log | console log actions | boolean | true |
| logLevel | level of logging (all,deny,allow) | string | all |
| excluding | routes that should be excluded from ip filtering | array | [] |
| detectIp | define a custom function that takes an Express request object and returns an IP address to test against | function | built-in detection |
| trustProxy | This setting is implemented using the proxy-addr package. Check the documentation for the trust parameter. | boolean, array, string, number, function | false |
A note on detectIp
If you need to parse an IP address in a way that is not supported by default, you can write your own parser and pass that to ipfilter.
1const customDetection = req => { 2 var ipAddress 3 4 ipAddress = req.connection.remoteAddress.replace(/\//g, '.') 5 6 return ipAddress 7} 8 9ipfilter(ips, { detectIp: customDetection })
Contributing
See the CONTRIBUTING.MD document for more information on contributing.
Running Tests
Run tests by using npm test
Changelog
Moved to GitHub Releases
Credits
BaM Interactive - code.bamideas.com
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
Reason
Found 3/16 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/labels.yml:1
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Warn: no topLevel permission defined: .github/workflows/npmpublish.yml:1
- Warn: no topLevel permission defined: .github/workflows/releaseDrafter.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/labels.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/labels.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/npmpublish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/npmpublish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/npmpublish.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/npmpublish.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/releaseDrafter.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/jetersen/express-ipfilter/releaseDrafter.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/nodejs.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/npmpublish.yml:19
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 17 are checked with a SAST tool
Score
3.3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More