Gathering detailed insights and metrics for koa-better-http-proxy
Gathering detailed insights and metrics for koa-better-http-proxy
Proxy middleware for Koa. Based on villadora/express-http-proxy
Installations
npm install koa-better-http-proxyDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=10.0.0
Node Version
17.4.0
NPM Version
8.3.1
Score
83.6
Supply Chain
98.7
Quality
74.9
Maintenance
100
Vulnerability
100
License
Releases
11
Contributors
37
Unable to fetch Contributors
Languages
1
JavaScript
JavaScript (100%)
Developer
nsimmons
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
119 Stars
237 Commits
42 Forks
4 Watching
8 Branches
37 Contributors
Bundle Size
276.38 kB
Minified
155.86 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
0.2.10
Package Id
koa-better-http-proxy@0.2.10
Unpacked Size
71.09 kB
Size
18.27 kB
File Count
44
NPM Version
8.3.1
Node Version
17.4.0
Total Downloads
Cumulative downloads
Total Downloads
0
Last day
0%
0
Compared to previous day
Last week
0%
0
Compared to previous week
Last month
0%
0
Compared to previous month
Last year
0%
0
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
9
Versions
koa-better-http-proxy 
Koa middleware to proxy request to another host and pass response back. Based on express-http-proxy.
Install
1$ npm install koa-better-http-proxy --save
Usage
1proxy(host, options);
To proxy URLS to the host 'www.google.com':
1var proxy = require('koa-better-http-proxy'); 2var Koa = require('koa'); 3 4var app = new Koa(); 5app.use(proxy('www.google.com'));
If you wish to proxy only specific paths, you can use a router middleware to accomplish this. See Koa routing middlewares.
Options
agent
Use a custom http.Agent for proxy requests.
1var agent = new http.Agent(options); 2app.use(proxy('www.google.com', { 3 agent: agent, 4}));
port
The port to use for the proxied host.
1app.use(proxy('www.google.com', { 2 port: 443 3}));
headers
Additional headers to send to the proxied host.
1app.use(proxy('www.google.com', { 2 headers: { 3 'X-Special-Header': 'true' 4 } 5}));
strippedHeaders
Headers to remove from proxy response.
1app.use(proxy('www.google.com', { 2 strippedHeaders: [ 3 'set-cookie' 4 ] 5}));
preserveReqSession
Pass the session along to the proxied request
1app.use(proxy('www.google.com', { 2 preserveReqSession: true 3}));
proxyReqPathResolver (supports Promises)
Provide a proxyReqPathResolver function if you'd like to operate on the path before issuing the proxy request. Use a Promise for async operations.
1app.use(proxy('localhost:12345', { 2 proxyReqPathResolver: function(ctx) { 3 return require('url').parse(ctx.url).path; 4 } 5}));
Promise form
1app.use(proxy('localhost:12345', { 2 proxyReqPathResolver: function(ctx) { 3 return new Promise(function (resolve, reject) { 4 setTimeout(function () { // do asyncness 5 resolve(fancyResults); 6 }, 200); 7 }); 8 } 9}));
filter
The filter option can be used to limit what requests are proxied. Return true to execute proxy.
For example, if you only want to proxy get request:
1app.use(proxy('www.google.com', { 2 filter: function(ctx) { 3 return ctx.method === 'GET'; 4 } 5}));
userResDecorator (supports Promise)
You can modify the proxy's response before sending it to the client.
exploiting references
The intent is that this be used to modify the proxy response data only.
Note: The other arguments (proxyRes, ctx) are passed by reference, so you can currently exploit this to modify either response's headers, for instance, but this is not a reliable interface. I expect to close this exploit in a future release, while providing an additional hook for mutating the userRes before sending.
userResHeadersDecorator (supports Promise)
You can modify the proxy's headers before sending it to the client.
gzip responses
If your proxy response is gzipped, this program will automatically unzip it before passing to your function, then zip it back up before piping it to the user response. There is currently no way to short-circuit this behavior.
1app.use(proxy('www.google.com', { 2 userResDecorator: function(proxyRes, proxyResData, ctx) { 3 data = JSON.parse(proxyResData.toString('utf8')); 4 data.newProperty = 'exciting data'; 5 return JSON.stringify(data); 6 } 7}));
1app.use(proxy('httpbin.org', { 2 userResDecorator: function(proxyRes, proxyResData) { 3 return new Promise(function(resolve) { 4 proxyResData.funkyMessage = 'oi io oo ii'; 5 setTimeout(function() { 6 resolve(proxyResData); 7 }, 200); 8 }); 9 } 10}));
limit
This sets the body size limit (default: 1mb). If the body size is larger than the specified (or default) limit,
a 413 Request Entity Too Large error will be returned. See bytes.js for
a list of supported formats.
1app.use(proxy('www.google.com', { 2 limit: '5mb' 3}));
proxyReqOptDecorator (supports Promise form)
You can mutate the request options before sending the proxyRequest. proxyReqOpt represents the options argument passed to the (http|https).request module.
NOTE: req.path cannot be changed via this method; use proxyReqPathResolver instead.
1app.use(proxy('www.google.com', { 2 proxyReqOptDecorator: function(proxyReqOpts, ctx) { 3 // you can update headers 4 proxyReqOpts.headers['content-type'] = 'text/html'; 5 // you can change the method 6 proxyReqOpts.method = 'GET'; 7 return proxyReqOpts; 8 } 9}));
You can use a Promise for async style.
1app.use(proxy('www.google.com', { 2 proxyReqOptDecorator: function(proxyReqOpts, ctx) { 3 return new Promise(function(resolve, reject) { 4 proxyReqOpts.headers['content-type'] = 'text/html'; 5 resolve(proxyReqOpts); 6 }) 7 } 8}));
proxyReqBodyDecorator (supports Promise form)
You can mutate the body content before sending the proxyRequest.
1app.use(proxy('www.google.com', { 2 proxyReqBodyDecorator: function(bodyContent, ctx) { 3 return bodyContent.split('').reverse().join(''); 4 } 5}));
You can use a Promise for async style.
1app.use(proxy('www.google.com', { 2 proxyReqBodyDecorator: function(proxyReq, ctx) { 3 return new Promise(function(resolve, reject) { 4 http.get('http://dev/null', function (err, res) { 5 if (err) { reject(err); } 6 resolve(res); 7 }); 8 }) 9 } 10}));
https
Normally, your proxy request will be made on the same protocol as the original request. If you'd like to force the proxy request to be https, use this option.
1app.use(proxy('www.google.com', { 2 https: true 3}));
preserveHostHdr
You can copy the host HTTP header to the proxied express server using the preserveHostHdr option.
1app.use(proxy('www.google.com', { 2 preserveHostHdr: true 3}));
parseReqBody
The parseReqBody option allows you to control parsing the request body.
For example, disabling body parsing is useful for large uploads where it would be inefficient
to hold the data in memory.
This defaults to true in order to preserve legacy behavior.
When false, no action will be taken on the body and accordingly req.body will no longer be set.
Note that setting this to false overrides reqAsBuffer and reqBodyEncoding below.
1app.use(proxy('www.google.com', { 2 parseReqBody: false 3}));
reqAsBuffer
Note: this is an experimental feature. ymmv
The reqAsBuffer option allows you to ensure the req body is encoded as a Node
Buffer when sending a proxied request. Any value for this is truthy.
This defaults to to false in order to preserve legacy behavior. Note that
the value of reqBodyEnconding is used as the encoding when coercing strings
(and stringified JSON) to Buffer.
Ignored if parseReqBody is set to false.
1app.use(proxy('www.google.com', { 2 reqAsBuffer: true 3}));
reqBodyEncoding
Encoding used to decode request body. Defaults to utf-8.
Use null to preserve as Buffer when proxied request body is a Buffer. (e.g image upload)
Accept any values supported by raw-body.
The same encoding is used in the userResDecorator method.
Ignored if parseReqBody is set to false.
1app.use(proxy('httpbin.org', { 2 reqBodyEncoding: null 3}));
connectTimeout
By default, node does not express a timeout on connections.
Use connectTimeout option to impose a specific timeout on the inital connection. (connect for http requests and secureConnect for https)
This is useful if there are dns, network issues, or if you are uncertain if the destination is reachable.
Timed-out requests will respond with 504 status code and a X-Timeout-Reason header.
1app.use(proxy('httpbin.org', { 2 connectTimeout: 2000 // in milliseconds, two seconds 3}));
timeout
By default, node does not express a timeout on connections.
Use timeout option to impose a specific timeout. This includes the time taken to make the connection and can be used with or without connectTimeout.
Timed-out requests will respond with 504 status code and a X-Timeout-Reason header.
1app.use(proxy('httpbin.org', { 2 timeout: 2000 // in milliseconds, two seconds 3}));
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE-MIT:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 7/18 approved changesets -- score normalized to 3
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Reason
36 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-h452-7996-h45h
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-qrmc-fj45-qfc2
- Warn: Project is vulnerable to: GHSA-qh2h-chj9-jffq
- Warn: Project is vulnerable to: GHSA-2pr6-76vf-7546
- Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-g6ww-v8xp-vmwg
- Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-8225-6cvr-8pqp
- Warn: Project is vulnerable to: GHSA-cf4h-3jhx-xvhq
Score
2.1
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More