Gathering detailed insights and metrics for local-web-server
Gathering detailed insights and metrics for local-web-server
A lean, modular web server for rapid full-stack development.
Installations
npm install local-web-serverDeveloper Guide
BETA
Typescript
No
Module System
ESM
Min. Node Version
>=12.20
Node Version
22.5.1
NPM Version
10.8.2
Score
87.1
Supply Chain
93.2
Quality
72.2
Maintenance
100
Vulnerability
98.2
License
Releases
14
Languages
1
JavaScript
JavaScript (100%)
Developer
lwsjs
Download Statistics
Total Downloads
16,452,680
Last Day
3,790
Last Week
65,065
Last Month
284,764
Last Year
3,499,897
GitHub Statistics
MIT License
1,249 Stars
592 Commits
89 Forks
28 Watchers
1 Branches
4 Contributors
Updated on Jul 04, 2025
Bundle Size
227.85 kB
Minified
48.12 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
5.4.0
Package Id
local-web-server@5.4.0
Unpacked Size
11.62 kB
Size
4.72 kB
File Count
7
NPM Version
10.8.2
Node Version
22.5.1
Published on
Aug 01, 2024
Total Downloads
Cumulative downloads
Total Downloads
16,452,680
Last Day
9.9%
3,790
Compared to previous day
Last Week
-6.4%
65,065
Compared to previous week
Last Month
3.9%
284,764
Compared to previous month
Last Year
21.4%
3,499,897
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Upgraders, please read the release notes. For feedback, discussion and support see here.
local-web-server
A lean, modular web server for rapid full-stack development.
- Supports HTTP, HTTPS and HTTP2.
- Small and 100% personalisable. Load and use only the behaviour required by your project.
- Attach a custom view to personalise how activity is visualised.
- Programmatic and command-line interfaces.
Use this tool to:
- Build any type of front-end web application (static, dynamic, Single Page App, Progessive Web App, React etc).
- Prototype a back-end service (REST API, microservice, websocket, Server Sent Events service etc).
- Monitor activity, analyse performance, experiment with caching strategy etc.
Local-web-server is a distribution of lws bundled with a "starter pack" of useful middleware.
Synopsis
This package installs the ws command-line tool (take a look at the usage guide).
Static web site
Running ws without any arguments will host the current directory as a static web site. Navigating to the server will render a directory listing or your index.html, if that file exists.
1$ ws 2Listening on http://mbp.local:8000, http://127.0.0.1:8000, http://192.168.0.100:8000
This clip demonstrates static hosting plus a couple of log output formats - dev and stats.
Single Page Application
Serving a Single Page Application (an app with client-side routing, e.g. a React or Angular app) is as trivial as specifying the name of your single page:
1$ ws --spa index.html
With a static site, requests for typical SPA paths (e.g. /user/1, /login) would return 404 Not Found as a file at that location does not exist. However, by marking index.html as the SPA you create this rule:
If a static file is requested (e.g. /css/style.css) then serve it, if not (e.g. /login) then serve the specified SPA and handle the route client-side.
URL rewriting and proxied requests
Another common use case is to forward certain requests to a remote server.
The following command proxies blog post requests from any path beginning with /posts/ to https://jsonplaceholder.typicode.com/posts/. For example, a request for /posts/1 would be proxied to https://jsonplaceholder.typicode.com/posts/1.
1$ ws --rewrite '/posts/(.*) -> https://jsonplaceholder.typicode.com/posts/$1'
This clip demonstrates the above plus use of --static.extensions to specify a default file extension and --verbose to monitor activity.
HTTPS and HTTP2
For HTTPS or HTTP2, pass the --https or --http2 flags respectively. See the wiki for further configuration options and a guide on how to get the "green padlock" in your browser.
$ ws --http2
Listening at https://mba4.local:8000, https://127.0.0.1:8000, https://192.168.0.200:8000
Built-in middleware stack
If you do not supply a custom middleware stack via the --stack option the following default stack will be used. It's designed to cover most typical web development scenarios.
| Name | Description |
|---|---|
| ↓ Basic Auth | Password-protect a server using Basic Authentication |
| ↓ Body Parser | Parses the request body, making ctx.request.body available to downstream middleware. |
| ↓ Request Monitor | Feeds traffic information to the --verbose output. |
| ↓ Log | Outputs an access log or stats view to the console. |
| ↓ Cors | Support for setting Cross-Origin Resource Sharing (CORS) headers |
| ↓ Json | Pretty-prints JSON responses. |
| ↓ Rewrite | URL Rewriting. Use to re-route requests to local or remote destinations. |
| ↓ Blacklist | Forbid access to sensitive or private resources |
| ↓ Conditional Get | Support for HTTP Conditional requests. |
| ↓ Mime | Customise the mime-type returned with any static resource. |
| ↓ Compress | Compress responses using gzip. |
| ↓ SPA | Support for Single Page Applications. |
| ↓ Static | Serves static files. |
| ↓ Index | Serves directory listings. |
Further Documentation
See the wiki for plenty more documentation and tutorials.
Install
1$ npm install -g local-web-server
© 2013-24 Lloyd Brookes <75pound@gmail.com>. Documented by jsdoc-to-markdown.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/lwsjs/local-web-server/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/lwsjs/local-web-server/node.js.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:28
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Score
3.1
/10
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More