Gathering detailed insights and metrics for proxy-addr
Gathering detailed insights and metrics for proxy-addr
Installations
npm install proxy-addrDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>= 0.10
Node Version
14.15.4
NPM Version
6.14.10
Score
99.2
Supply Chain
99
Quality
78.3
Maintenance
100
Vulnerability
100
License
Releases
27
Languages
1
JavaScript
JavaScript (100%)
Developer
jshttp
Download Statistics
Total Downloads
7,048,095,332
Last Day
2,064,415
Last Week
33,409,849
Last Month
147,185,338
Last Year
1,513,478,101
GitHub Statistics
MIT License
136 Stars
314 Commits
27 Forks
12 Watchers
4 Branches
25 Contributors
Updated on Jun 15, 2025
Bundle Size
12.40 kB
Minified
4.17 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.0.7
Package Id
proxy-addr@2.0.7
Size
5.37 kB
NPM Version
6.14.10
Node Version
14.15.4
Published on
Jun 01, 2021
Total Downloads
Cumulative downloads
Total Downloads
7,048,095,332
Last Day
-4.2%
2,064,415
Compared to previous day
Last Week
-7.6%
33,409,849
Compared to previous week
Last Month
8.8%
147,185,338
Compared to previous month
Last Year
11.6%
1,513,478,101
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
proxy-addr
Determine address of proxied request
Install
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
1$ npm install proxy-addr
API
1var proxyaddr = require('proxy-addr')
proxyaddr(req, trust)
Return the address of the request, using the given trust parameter.
The trust argument is a function that returns true if you trust
the address, false if you don't. The closest untrusted address is
returned.
1proxyaddr(req, function (addr) { return addr === '127.0.0.1' }) 2proxyaddr(req, function (addr, i) { return i < 1 })
The trust arugment may also be a single IP address string or an
array of trusted addresses, as plain IP addresses, CIDR-formatted
strings, or IP/netmask strings.
1proxyaddr(req, '127.0.0.1') 2proxyaddr(req, ['127.0.0.0/8', '10.0.0.0/8']) 3proxyaddr(req, ['127.0.0.0/255.0.0.0', '192.168.0.0/255.255.0.0'])
This module also supports IPv6. Your IPv6 addresses will be normalized
automatically (i.e. fe80::00ed:1 equals fe80:0:0:0:0:0:ed:1).
1proxyaddr(req, '::1') 2proxyaddr(req, ['::1/128', 'fe80::/10'])
This module will automatically work with IPv4-mapped IPv6 addresses
as well to support node.js in IPv6-only mode. This means that you do
not have to specify both ::ffff:a00:1 and 10.0.0.1.
As a convenience, this module also takes certain pre-defined names in addition to IP addresses, which expand into IP addresses:
1proxyaddr(req, 'loopback') 2proxyaddr(req, ['loopback', 'fc00:ac:1ab5:fff::1/64'])
loopback: IPv4 and IPv6 loopback addresses (like::1and127.0.0.1).linklocal: IPv4 and IPv6 link-local addresses (likefe80::1:1:1:1and169.254.0.1).uniquelocal: IPv4 private addresses and IPv6 unique-local addresses (likefc00:ac:1ab5:fff::1and192.168.0.1).
When trust is specified as a function, it will be called for each
address to determine if it is a trusted address. The function is
given two arguments: addr and i, where addr is a string of
the address to check and i is a number that represents the distance
from the socket address.
proxyaddr.all(req, [trust])
Return all the addresses of the request, optionally stopping at the
first untrusted. This array is ordered from closest to furthest
(i.e. arr[0] === req.connection.remoteAddress).
1proxyaddr.all(req)
The optional trust argument takes the same arguments as trust
does in proxyaddr(req, trust).
1proxyaddr.all(req, 'loopback')
proxyaddr.compile(val)
Compiles argument val into a trust function. This function takes
the same arguments as trust does in proxyaddr(req, trust) and
returns a function suitable for proxyaddr(req, trust).
1var trust = proxyaddr.compile('loopback') 2var addr = proxyaddr(req, trust)
This function is meant to be optimized for use against every request.
It is recommend to compile a trust function up-front for the trusted
configuration and pass that to proxyaddr(req, trust) for each request.
Testing
1$ npm test
Benchmarks
1$ npm run-script bench
License
No vulnerabilities found.
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
no binaries found in the repo
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:227
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
project has 6 contributing companies or organizations
Details
- Info: found contributions from: ExpressGateway, crypto-utils, mysqljs, nodejs, repo-utils, stream-utils
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 8 commits out of 10 are checked with a SAST tool
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Info: Found linked content: github.com/jshttp/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
8 out of 10 merged PRs checked by a CI test -- score normalized to 8
Reason
8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:178
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:194
- Info: 8 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
Found 3/23 approved changesets -- score normalized to 1
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
6.9
/10
Last Scanned on 2025-06-30T21:31:57Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More