{"id":14979122,"url":"https://github.com/hormesiel/static-auth","last_synced_at":"2025-10-28T14:30:48.402Z","repository":{"id":34616814,"uuid":"180380635","full_name":"hormesiel/static-auth","owner":"hormesiel","description":"The most simple way to add Basic Authentication to a static website hosted on Vercel.","archived":false,"fork":false,"pushed_at":"2024-12-16T16:05:20.000Z","size":557,"stargazers_count":30,"open_issues_count":0,"forks_count":3,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-04T20:37:18.862Z","etag":null,"topics":["authentication","basic-auth","basic-authentication","nodejs","now","serverless","static-site","vercel","vercel-now"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hormesiel.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"hormesiel"}},"created_at":"2019-04-09T14:06:11.000Z","updated_at":"2025-02-04T16:25:18.000Z","dependencies_parsed_at":"2023-01-15T08:06:18.823Z","dependency_job_id":"49284955-f699-49bd-a171-e4de83c3ffe3","html_url":"https://github.com/hormesiel/static-auth","commit_stats":{"total_commits":61,"total_committers":4,"mean_commits":15.25,"dds":0.3770491803278688,"last_synced_commit":"5fa7b37f1a4270f07ef76f0ef39a66df025d0697"},"previous_names":["flawyte/static-auth"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hormesiel%2Fstatic-auth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hormesiel%2Fstatic-auth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hormesiel%2Fstatic-auth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hormesiel%2Fstatic-auth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hormesiel","download_url":"https://codeload.github.com/hormesiel/static-auth/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":238662709,"owners_count":19509653,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","basic-auth","basic-authentication","nodejs","now","serverless","static-site","vercel","vercel-now"],"created_at":"2024-09-24T13:59:18.514Z","updated_at":"2025-10-28T14:30:48.062Z","avatar_url":"https://github.com/hormesiel.png","language":"TypeScript","readme":"[![version](https://img.shields.io/badge/version-2.1.2-lightseagreen.svg?style=for-the-badge)](https://github.com/flawyte/static-auth/releases/tag/2.1.2)\n[![downloads](https://img.shields.io/npm/dm/static-auth.svg?color=salmon\u0026style=for-the-badge)](https://www.npmjs.com/package/static-auth)\n\n# static-auth\n\nThe most simple way to add Basic Authentication to a static website hosted on Vercel.\n\nI originally created this to add an authentication layer to my projects hosted on [Vercel](https://vercel.com), but it can be used with Node's built-in [`http`](https://nodejs.org/api/http.html) module too and should work with Express.\n\n## Getting started\n\n1. Install the package :\n\n```bash\n$ npm i static-auth -s\n\n# or\n$ yarn add static-auth\n```\n\n2. Use it :\n\n```js\nconst auth = require('static-auth');\n\n// Example with Vercel\nmodule.exports = auth(\n  '/admin',\n  (user, pass) =\u003e (user === 'admin' \u0026\u0026 pass === 'admin') // (1)\n);\n```\n\n3. There's no step 3 − it's that easy!\n\n\u003e (1) Checking credentials via the `==` or `===` operators makes your code vulnerable to [Timing attacks](https://snyk.io/blog/node-js-timing-attack-ccc-ctf/). This can be solved by using the [safe-compare](https://www.npmjs.com/package/safe-compare) package instead.\n\n## Examples\n\n### with Vercel\n\n* [demo](https://vercel-basic-auth-node-static-auth.flawyte.vercel.app/)\n* [source](https://github.com/flawyte/vercel-basic-auth/tree/master/node-static-auth)\n\n### with [Node's HTTP module](https://nodejs.org/api/http.html)\n\n`index.js`\n\n```js\nconst auth = require('static-auth');\n\n// create a handler that will check for basic authentication before serving the files\nconst serveHandler = auth( /* ... */ );\n\n// start the server\nconst http = require('http');\nconst server = http.createServer(serveHandler);\nserver.listen(4444, () =\u003e console.log('Listening on port 4444...'));\n```\n\n## API\n\n`auth(url, validator, [options])`\n\nRequired :\n\n  - **`url`** (*String*) : The base url to protect with Basic Authentication. Use `/` to restrict access to the whole website, or `/\u003cpath\u003e` (e.g. `/admin`) to restrict access only to a section of your site.\n  - **`validator`** (*Function*) : A function that accepts two parameters (`user` and `pass`) and returns `true` if the provided login credentials grant access to the restricted area.\n\nOptional :\n\n  - **`[options]`** (*Object*) :\n    - **`[directory]`** (*String*, defaults to `process.cwd()`) : The base path to serve the static assets from. For example, if a request to `my-website.com/app.css` should return the content of the file located at `./www/app.css` (relative to the Node script), then you should set this to `__dirname + '/www'`, otherwise the script will look for `./app.css` − which doesn't exist − and return a 404.\n    - **`[onAuthFailed]`** (*Function*) : A callback that accepts one parameter (`res`, an [`http.ServerResponse`](https://nodejs.org/api/http.html#http_class_http_serverresponse) object), useful if you want to return a custom error message or HTML page when the provided credentials are invalid.\n    - **`[realm]`** (*String*, defaults to `'default-realm'`) : See [What is the \"realm\" in basic authentication](https://stackoverflow.com/questions/12701085/what-is-the-realm-in-basic-authentication) (StackOverflow).\n    - **`[serveStaticOptions]`** (*Object*, defaults to `{}`) : [Options](https://github.com/expressjs/serve-static#options) to pass to the underlying *serve-static* module that's used to serve the files (see a usage example [here](https://github.com/flawyte/static-auth/pull/4#issue-573776989)).\n","funding_links":["https://github.com/sponsors/hormesiel"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhormesiel%2Fstatic-auth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhormesiel%2Fstatic-auth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhormesiel%2Fstatic-auth/lists"}