npmpackage.info

Gathering detailed insights and metrics for on-headers

Other packages similar to on-headers

@types/on-headers

1.0.4

TypeScript definitions for on-headers

expo-structured-headers

4.1.0

Expo module implementation of a parser based on https://httpwg.org/specs/rfc8941.html

haraka-plugin-headers

1.0.6

Haraka plugin that performs tests on email headers

@api-components/api-headers-document

4.2.6

Documentation component for API headers based on AMF data model

Gathering detailed insights and metrics for on-headers

on-headers - 1.0.2 | npmpackage.info

on-headers

Execute a listener when a response is about to write headers.

1.0.2

157

MIT

JavaScript

5.9

Installations

npm install on-headers

Developer Guide

BETA

Typescript

No

Module System

N/A

Min. Node Version

>= 0.8

Node Version

8.15.0

NPM Version

6.4.1 Pull Requests

Open

9

Total

26

Closed

9

Merged

8

Issues

Open

2

Total

7

Closed

5

Releases

1.0.2

v1.0.2

Updated on Feb 22, 2019

1.0.1

v1.0.1

Updated on Sep 30, 2015

1.0.0

v1.0.0

Updated on Aug 10, 2014

0.0.0

v0.0.0

Updated on Aug 10, 2014

View All 4 releases

Languages

JavaScript

JavaScript (100%)

Developer

jshttp

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

157 Stars

190 Commits

26 Forks

14 Watchers

10 Branches

24 Contributors

Updated on Jul 11, 2025

Maintainers

View All 24 Contributors

Package Meta Information

Latest Version

1.0.2

Package Id

on-headers@1.0.2

Size

3.15 kB

NPM Version

6.4.1

Node Version

8.15.0

Published on

Feb 22, 2019

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

eslint eslint-config-standard eslint-plugin-import eslint-plugin-markdown eslint-plugin-node eslint-plugin-promise eslint-plugin-standard istanbul mocha supertest

on-headers

Execute a listener when a response is about to write headers.

Installation

This is a Node.js module available through the npm registry. Installation is done using the npm install command:

1$ npm install on-headers

API

1var onHeaders = require('on-headers')

onHeaders(res, listener)

This will add the listener listener to fire when headers are emitted for res. The listener is passed the response object as it's context (this). Headers are considered to be emitted only once, right before they are sent to the client.

When this is called multiple times on the same res, the listeners are fired in the reverse order they were added.

Examples

1var http = require('http')
2var onHeaders = require('on-headers')
3
4http
5  .createServer(onRequest)
6  .listen(3000)
7
8function addPoweredBy () {
9  // set if not set by end of request
10  if (!this.getHeader('X-Powered-By')) {
11    this.setHeader('X-Powered-By', 'Node.js')
12  }
13}
14
15function onRequest (req, res) {
16  onHeaders(res, addPoweredBy)
17
18  res.setHeader('Content-Type', 'text/plain')
19  res.end('hello!')
20}

Testing

1$ npm test

License

MIT

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

Security-Policy

Determines if the project has published a security policy.

7

SAST

Determines if the project uses static code analysis.

3

Maintained

Determines if the project is "actively maintained".

2

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

1

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 1

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:139: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:212: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/ci.yml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:226: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/ci.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/codeql.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upstream.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/upstream.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/upstream.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/jshttp/on-headers/upstream.yml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:172
Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:188
Warn: npmCommand not pinned by hash: .github/workflows/upstream.yml:25
Info: 3 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 1 out of 3 third-party GitHubAction dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

5.9

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More