Installations
npm install fstpDeveloper Guide
Typescript
No
Module System
CommonJS
Node Version
14.18.1
NPM Version
8.3.1
Score
69.1
Supply Chain
98.9
Quality
74.3
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
Unable to fetch Contributors
Languages
JavaScript (88.82%)
HTML (11.18%)
Developer
elisherer
Download Statistics
Total Downloads
2,529
Last Day
7
Last Week
14
Last Month
29
Last Year
164
GitHub Statistics
3 Stars
16 Commits
1 Forks
2 Watching
1 Branches
1 Contributors
Bundle Size
47.18 kB
Minified
15.04 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
0.9.3
Package Id
fstp@0.9.3
Unpacked Size
32.66 kB
Size
10.79 kB
File Count
29
NPM Version
8.3.1
Node Version
14.18.1
Total Downloads
Cumulative downloads
Total Downloads
2,529
Last day
0%
7
Compared to previous day
Last week
133.3%
14
Compared to previous week
Last month
625%
29
Compared to previous month
Last year
-18.4%
164
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
4
fstp · 
File System Transfer Protocol - File System CRUD server (over HTTP)
This "NPX ready" executable will serve any file system location as a web api supporting CRUD operations.
- GET - Get file or directory (directory can be retrieved in html as well as json form to be shown on the browser, based on Accept header)
- POST - Create a directory (recursive)
- PUT - Create a file or update
- PATCH - Rename (/ Move) a path (using a
"to"query string) - DELETE - Delete a file or directory (
"recursive"(rm -rf) is optional)
Usage
There are 2 options:
- Installing globally, using
npm i -g fstp. Then you can usefstpin any directory to start the server there. - Running using
npx fstp(This will run the application without actually installing it).
--help
fstp [path]
Run the server
Options:
--version Show version number [boolean]
-p, --port Port to listen on [number] [default: 8210]
-h, --host Host to listen on [string] [default: "127.0.0.1"]
-r, --readonly Read only file system (allow only GET operations)
[boolean] [default: false]
-v, --verbose Verbose logging [boolean] [default: false]
-f, --prefix Path prefix (e.g. /some-route) [string] [default: ""]
-c, --cors Whether to allow CORS [boolean] [default: true]
-a, --auth Authentication scheme. For basic, provide --user with
username:password string. For bearer, either provide --token
or one will be generated randomly on startup.
[choices: "none", "bearer", "basic"] [default: "bearer"]
-d, --hidden Allow hidden files [boolean] [default: false]
-t, --token Specify a token for bearer authentication (if not specified, a
random token will be generated) [string]
-u, --user Specify a username and password for basic authentication (i.e.
alice:Passw0rd) [string]
--help Show help [boolean]
Security
There are 3 types of authentication schemes: (set with -a/--auth)
none- No authentication neededbasic- Basic authentication (username and password). Specified with-u/--useras<username>:<password>string.Authorizationheader should have the format ofBasic <BASE64_ENCODED_USER_PASS>.bearer[default] - A token. Specified with-t/--tokenor generated randomly on startup.Authorizationheader should have the format ofBearer <TOKEN>.
Using none or basic also allows to use a browser.
Examples
Read file
1curl localhost:8210/some-dir/some-file.txt 2curl localhost:8210/some-dir/some-file.txt?tail 3curl localhost:8210/some-dir/some-file.txt?tail=20
Response is the file's content
Content-Typewill contain the MIME-Type as and if detected bymime.Last-Modifiedwill hold the date of last modification time on file system.
Query parameters
-tail - If specified, only the last N lines will be returned (default is 10) (Only 'text/' and 'application/' mime-types are supported).
Read directory
1curl localhost:8210/some-dir 2curl localhost:8210/some-dir -H "Accept: application/json"
- JSON response is an object containing a
resultwhich isFstpFileDescriptor[]:
1interface FstpFileDescriptor { 2 /** file / dir name */ 3 name: string; 4 /** Whether is a directory */ 5 dir: boolean, 6 /** Size of file in bytes */ 7 size: Number, 8 /** Date in ISO format */ 9 mtime: string; 10 /** Mime type */ 11 mime: string; 12}
Create a directory
1curl -X POST localhost:8210/some-dir/new-dir 2curl -X POST localhost:8210/some-dir/non-existing-dir/nested-dir
- In both cases the dir will be created (recursive by default)
Create or update a file
1# Specify content in data 2curl -X PUT localhost:8210/some-dir/new-file.txt -d "This is the content" 3# Get data from file 4curl -X PUT localhost:8210/some-dir/new-file.txt --data-binary @local-file.txt 5# Get data from stdin 6cat local-file.txt | curl -X PUT localhost:8210/some-dir/new-file.txt --data-binary @-
- If file exists it will be overwritten
- Directories will not be created in the process, if not exists it will fail.
Rename (/ Move) a path
1curl -X PATCH "localhost:8210/some-dir/some-file.txt?to=/some-dir/new-name.txt"
Delete a file or directory
1curl -X DELETE localhost:8210/some-dir/some-file.txt 2curl -X DELETE localhost:8210/some-dir/some-nested-dir 3curl -X DELETE "localhost:8210/some-dir?recursive"
License
fstp is MIT Licensed
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/elisherer/fstp/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/elisherer/fstp/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/elisherer/fstp/test.yml/main?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/16 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
16 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.6
/10
Last Scanned on 2025-01-27
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More