npmpackage.info

https-localhost

HTTPS server running on localhost

4.7.1

287

AGPL-3.0

JavaScript

80.93 kB

4,317,776 3.1

Installations

npm install https-localhost

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

17.2.0

NPM Version

8.1.4 Score

54.8

Supply Chain

95.7

Quality

72.3

Maintenance

100

Vulnerability

81.3

License

Pull Requests

Open

0

Total

51

Closed

24

Merged

27

Issues

Open

0

Total

44

Closed

44

Releases

Release v4.7.0

v4.7.0

Published on 08 Sept 2021

Release v4.6.5

v4.6.5

Published on 07 May 2021

Release v4.6.4

v4.6.4

Published on 04 Dec 2020

Release v4.6.3

v4.6.3

Published on 10 Oct 2020

Release v4.6.2

v4.6.2

Published on 01 Aug 2020

Fix, dependency update, and performance improvement

v4.4.2

Published on 20 Feb 2020

View all 9 releases

Contributors

Unable to fetch Contributors

View all 9 contributors

Languages

JavaScript

HTML

JavaScript (99.17%)

HTML (0.83%)

Developer

daquinoaldo

Download Statistics

Total Downloads

4,317,776

Last Day

878

Last Week

14,171

Last Month

83,039

Last Year

1,506,987

GitHub Statistics

287 Stars

181 Commits

39 Forks

8 Watching

3 Branches

9 Contributors

Maintainers

Package Meta Information

Latest Version

4.7.1

Package Id

https-localhost@4.7.1

Unpacked Size

80.93 kB

Size

26.98 kB

File Count

NPM Version

8.1.4

Node Version

17.2.0

Total Downloads

Cumulative downloads

Total Downloads

4,317,776

Last day

-77%

878

Compared to previous day

Last week

-25%

14,171

Compared to previous week

Last month

-13.1%

83,039

Compared to previous month

Last year

10.8%

1,506,987

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

appdata-path compression cors express uglify-js spdy

Dev Dependencies

eslint eslint-config-standard eslint-plugin-import eslint-plugin-node eslint-plugin-promise eslint-plugin-standard mocha nyc sinon

Versions

HTTPS server running on localhost

I'm looking for maintainers and contributors! Learn more.

Run an express server on localhost with HTTP2 and SSL. Serve static files or import as module in your project.

https-localhost is a lightweight tool for serving static content on SSL thanks to locally-trusted development certificates.
It works with MacOS, Linux and Windows, on Chrome and Firefox, and requires you no configuration.

Dependencies

nss/certutils are needed for Firefox and Chrome.

MacOS

1brew install nss

Linux

1sudo apt install libnss3-tools
2    -or-
3sudo yum install nss-tools
4    -or-
5sudo pacman -S nss

Install and use standalone

1npm i -g --only=prod https-localhost

1serve ~/myproj

sudo may be necessary.
If a static path is not provided the current directory content will be served.
You can change the port setting the PORT environmental variable: PORT=4433 serve ~/myproj. Specifying port number will also prevent http to https redirect.
You can change the host setting the HOST environmental variable: HOST=example.com serve ~/myproj.

Binaries

If you don't have Node.js installed just use a packaged version! Download it from the release page.

1# Linux
2./https-localhost-linux ~/myproj
3
4# MacOS
5./https-localhost-macos ~/myproj
6
7# Windows
8./https-localhost-win.exe C:\User\me\myproj

Tip 1: on Windows just drag the folder on the executable to serve it.
Tip 2: on all platform put the executable on the folder you want to serve and double-click it.

Use as module

Install as a dependency:

1npm i -s https-localhost

Then put in your index.js file:

1const app = require("https-localhost")()
2// app is an express app, do what you usually do with express
3app.listen(port)

If the port number is not provided, it will listen on 443.
To redirect the http traffic to https use app.redirect().
You can serve static files with app.serve(path).
You can create a certificate for additional domains with require("https-localhost")("mydomain.com")

Tip: consider installing it as a dev dependency: this is not a production tool!
npm i --save-dev https-localhost

Use with a web framework different from Express.js

1const httpsLocalhost = require("https-localhost")()
2// const app = ...
3// const port = 443
4const certs = await httpsLocalhost.getCerts()
5const server = https.createServer(certs, app).listen(port)

Production

This tool has a production version that activates HTTP/2, compression and minify.

1NODE_ENV=production serve ~/myproj

I decide to not activate it by default since it is usually an unwanted behaviour for localhost testing, but sometimes it could be userful, e.g. to test Progressive Web Application or more ingeneral the website performances.

IMPORTANT: the fact that there is a production enviornment doesn't mean that this tool is suitable for production. It's intended to be used only for local testing.

Why and how it works

Serving static content on localhost in a trusted SSL connection is not so simple.
It requires to manually generate and trust certificates, with complicate commands and many manual steps.

sserve, serves static content using a locally-trusted certificate, generated with the well-knowed mkcert tool.

When you install sserve it automatically creates and installs a local CA in the system (and browsers) root store, and generates the certificate for you.
No configuration is required, just lunch the tool and we take care of everything you need.

Supported root stores

The supported root stores are the one supported by mkcert.
Checkout the updated list here.

Here there is a handy copy:

macOS system store
Windows system store
Linux variants that provide either
- update-ca-trust (Fedora, RHEL, CentOS) or
- update-ca-certificates (Ubuntu, Debian) or
- trust (Arch)
Firefox (macOS and Linux only)
Chrome and Chromium
Java (when JAVA_HOME is set)

Troubleshooting

Node.js version

https-localhost is compatible with the LTS and latest version of Node.js.
_{If you need compatibility with other Node.js versions let me know, we'll try to rearrange the code.}

root required

At first run this tool generate a trusted certificate. The sudo password may be required. If you cannot provide the sudo password generate a localhost.key and localhost.crt and specify its path with CERT_PATH=/diractory/containing/certificates/ serve ~/myproj.
At each run the password may be required to run the server on port 443 and 80. To avoid the script ask for password specify a different port number: PORT=4433 serve ~/myproj.

EACCES

Run with sudo to use the default ports 443 and 80. You can also change port with: PORT=4433 serve ~/myproj.

EADDRINUSE

Another service on your machine is using port 443 or port 80. Stop it or change port with PORT=4433 serve ~/myproj.

Unable to run on Windows

Windows users with spaces or quotes in the name (like Aldo D'Aquino) may experience some problems in running the script. You can try to escape this chars or put the entire path between double quotes, but I suggest you to switch to a better user name (like aldodaquino).

RangeError

RangeError: Invalid typed array length: -4095

It is a known bug of spdy that is present sometimes with some old Node.js versions.

It should be present only with NODE_ENV=production, hence the easiest fix is to avoid using the production env. Anyway, if you need the production env, you can try to update Node.js to the latest release, or to the most stable LTS version.

I've tried to reproduce this error without any success (checkout the Travis build logs). If you can help please open an issue and describe as better as you can how to reproduce it, I'll be happy to help you.

ERR_SSL_PROTOCOL_ERROR

And in general all the cases when the script runs but the connection is marked as untrusted.

Force a reinstall of the certificate with REINSTALL=true serve. sudo may be required on linux and MacOS.

If the problem is solved you should be able to use https-localhost also as module.

Contributing

Each contribute is welcome!
Please, checkout the contributing guidelines.

License

Is released under AGPL-3.0 - GNU Affero General Public License v3.0.

Briefly:

modification and redistribution allowed for both private and commercial use
you must grant patent right to the owner and to all the contributors
you must keep it open source and distribute under the same license
changes must be documented
include a limitation of liability and it does not provide any warranty

Warranty

THIS TOOL IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. For the full warranty check the LICENSE.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

7

SAST

Determines if the project uses static code analysis.

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/codeql-analysis.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:83: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/release.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/stale.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/test.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/test.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/daquinoaldo/https-localhost/test.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/release.yml:37
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:23
Warn: npmCommand not pinned by hash: .github/workflows/test.yml:38
Info: 0 out of 15 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 1 third-party GitHubAction dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.1

/10

Last Scanned on 2024-12-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More