{"id":13403967,"url":"https://github.com/http-party/http-server","last_synced_at":"2026-04-02T01:25:50.771Z","repository":{"id":39121488,"uuid":"1908577","full_name":"http-party/http-server","owner":"http-party","description":"A simple, zero-configuration, command-line http server","archived":false,"fork":false,"pushed_at":"2026-03-14T01:06:45.000Z","size":2133,"stargazers_count":14172,"open_issues_count":98,"forks_count":1555,"subscribers_count":186,"default_branch":"master","last_synced_at":"2026-03-25T13:28:39.251Z","etag":null,"topics":["command-line","hacktoberfest","hosting","http","http-server","server","static","static-server"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/http-party.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"thornjad"}},"created_at":"2011-06-16T23:54:57.000Z","updated_at":"2026-03-25T06:11:43.000Z","dependencies_parsed_at":"2026-03-01T09:17:33.152Z","dependency_job_id":null,"html_url":"https://github.com/http-party/http-server","commit_stats":{"total_commits":472,"total_committers":102,"mean_commits":4.627450980392157,"dds":0.8220338983050848,"last_synced_commit":"8f7fcb08003952ec300874559690d0d75d241ffa"},"previous_names":["indexzero/http-server","nodeapps/http-server"],"tags_count":46,"template":false,"template_full_name":null,"purl":"pkg:github/http-party/http-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/http-party%2Fhttp-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/http-party%2Fhttp-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/http-party%2Fhttp-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/http-party%2Fhttp-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/http-party","download_url":"https://codeload.github.com/http-party/http-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/http-party%2Fhttp-server/sbom","scorecard":{"id":471226,"data":{"date":"2025-08-11","repo":{"name":"github.com/http-party/http-server","commit":"9d7dd6bca5fd8a8beafe276cdb29870bddd33783"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Maintained","score":1,"reason":"1 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 1","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":5,"reason":"Found 11/19 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:12","Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/release-drafter.yml:13","Warn: no topLevel permission defined: .github/workflows/node.js.yml:1","Warn: no topLevel permission defined: .github/workflows/release-drafter.yml:1","Warn: no topLevel permission defined: .github/workflows/stale.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/http-party/http-server/node.js.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/http-party/http-server/node.js.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/http-party/http-server/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stale.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/http-party/http-server/stale.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating node:16-alpine to node:16-alpine@sha256:a1f9d027912b58a7c75be7716c97cfbc6d3099f3a97ed84aa490be9dee20e787","Warn: npmCommand not pinned by hash: Dockerfile:5","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch 'v13'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 24 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"12 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3","Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T13:56:16.485Z","repository_id":39121488,"created_at":"2025-08-19T13:56:16.486Z","updated_at":"2025-08-19T13:56:16.486Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30937421,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-25T20:13:00.360Z","status":"ssl_error","status_checked_at":"2026-03-25T20:04:11.365Z","response_time":80,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["command-line","hacktoberfest","hosting","http","http-server","server","static","static-server"],"created_at":"2024-07-30T19:01:36.996Z","updated_at":"2026-04-02T01:25:50.752Z","avatar_url":"https://github.com/http-party.png","language":"JavaScript","readme":"[![GitHub Workflow Status (master)](https://img.shields.io/github/actions/workflow/status/http-party/http-server/node.js.yml?style=flat-square\u0026branch=master)](https://github.com/http-party/http-server/actions)\n[![npm](https://img.shields.io/npm/v/http-server.svg?style=flat-square)](https://www.npmjs.com/package/http-server) [![homebrew](https://img.shields.io/homebrew/v/http-server?style=flat-square)](https://formulae.brew.sh/formula/http-server) [![npm downloads](https://img.shields.io/npm/dm/http-server?color=blue\u0026label=npm%20downloads\u0026style=flat-square)](https://www.npmjs.com/package/http-server)\n[![license](https://img.shields.io/github/license/http-party/http-server.svg?style=flat-square)](https://github.com/http-party/http-server/blob/master/LICENSE)\n\n# http-server: a simple static HTTP server\n\n`http-server` is a simple, zero-configuration command-line static HTTP server.  It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development and learning.\n\n![Example of running http-server](https://github.com/http-party/http-server/raw/master/screenshots/public.png)\n\n## Installation:\n\n#### Running on-demand:\n\nUsing `npx` you can run the script without installing it first:\n\n    npx http-server [path] [options]\n\n#### Globally via `npm`\n\n    npm install --global http-server\n\nThis will install `http-server` globally so that it may be run from the command line anywhere.\n\n#### Globally via Homebrew\n\n    brew install http-server\n     \n#### As a dependency in your `npm` package:\n\n    npm install http-server\n\n#### Using Docker\n\nNote: a public image is not provided currently, but you can build one yourself\nwith the provided Dockerfile.\n\n1. Create an image\n   ```\n   docker build -t my-image .\n   ```\n2. Run a container\n   ```\n   docker run -p 8080:8080 -v \"${pwd}:/public\" my-image\n   ```\n   In the example above we're serving the directory `./` (working directory).\n   If you wanted to serve `./test` you'd replace `${pwd}` with `${pwd}/test`.\n\n## Usage:\n\n     http-server [path] [options]\n\n`[path]` defaults to `./public` if the folder exists, and `./` otherwise.\n\n*Now you can visit http://localhost:8080 to view your server*\n\n**Note:** Caching is on by default. Add `-c-1` as an option to disable caching.\n\n## Available Options:\n\n| Command         | \tDescription         | Defaults  |\n| -------------  |-------------|-------------|\n|`-p` or `--port` |Port to use. Use `-p 0` to look for an open port, starting at 8080. It will also read from `process.env.PORT`. |8080 |\n|`-a`   |Address to use |0.0.0.0|\n|`--base-dir` | Base path to serve files from | `/` |\n|`-d`     |Show directory listings |`true` |\n|`-dir-overrides-404` | Whether `-d` should override magic `404.html` | `false`\n|`-i`   | Display autoIndex | `true` |\n|`-g` or `--gzip` |When enabled it will serve `./public/some-file.js.gz` in place of `./public/some-file.js` when a gzipped version of the file exists and the request accepts gzip encoding. If brotli is also enabled, it will try to serve brotli first.|`false`|\n|`-b` or `--brotli`|When enabled it will serve `./public/some-file.js.br` in place of `./public/some-file.js` when a brotli compressed version of the file exists and the request accepts `br` encoding. If gzip is also enabled, it will try to serve brotli first. |`false`|\n|`-e` or `--ext`  |Default file extension if none supplied |`html` | \n|`-s` or `--silent` |Suppress log messages from output  | |\n|`--coop` |Enable COOP via the `Cross-Origin-Opener-Policy` header  | |\n|`--cors` |Enable CORS via the `Access-Control-Allow-Origin` header  | |\n|`--private-network-access` |Enable Private Network Access via the `Access-Control-Allow-Private-Network` header  | |\n|`--cors` | Enable CORS via the `Access-Control-Allow-Origin: *` header. Optionally provide comma-separated values to add to `Access-Control-Allow-Headers`  | |\n|`-H` or `--header` |Add an extra response header (can be used several times)  | |\n|`-o [path]` |Open browser window after starting the server. Optionally provide a URL path to open. e.g.: -o /other/dir/ | |\n|`-c` |Set cache time (in seconds) for cache-control max-age header, e.g. `-c10` for 10 seconds. To disable caching, use `-c-1`.|`3600` |\n|`-t` |Connection timeout in seconds, e.g. `-t60` for 1 minute. To disable timeout, use `-t0`.|`120` |\n|`-T` or `--title` |Custom title suffix for the terminal window. The title will be \"http-server PORT [TITLE]\".| |\n|`-U` or `--utc` |Use UTC time format in log messages.| |\n|`--log-ip` |Enable logging of the client's IP address |`false` |\n|`-P` or `--proxy` |Proxies all requests which can't be resolved locally to the given url. e.g.: -P http://someurl.com | |\n|`--proxy-options` |Pass proxy [options](https://github.com/http-party/node-http-proxy#options) using nested dotted objects. e.g.: --proxy-options.secure false | |\n|`--proxy-config` |Pass in `.json` configuration file or stringified JSON. e.g.: `./path/to/config.json` | |\n|`--proxy-all` |Forward every request to the proxy target instead of serving local files|`false`|\n|`--proxy-options` |Pass proxy [options](https://github.com/http-party/node-http-proxy#options) using nested dotted objects. e.g.: --proxy-options.secure false |\n|`--user` or `--username` |Username for basic authentication | |\n|`--password` |Password for basic authentication | |\n|`-S`, `--tls` or `--ssl` |Enable secure request serving with TLS/SSL (HTTPS)|`false`|\n|`-C` or `--cert` |Path to ssl cert file |`cert.pem` |\n|`-K` or `--key` |Path to ssl key file |`key.pem` |\n|`-r` or `--robots` | Automatically provide a /robots.txt (The content of which defaults to `User-agent: *\\nDisallow: /`)  | `false` |\n|`--no-dotfiles` |Do not show dotfiles| |\n|`--mimetypes` |Path to a .types file for custom mimetype definition| |\n|`--hide-permissions` |Do not show file permissions| |\n|`--allowed-hosts` |Comma-separated list of hosts allowed to access the server. e.g.: `--allowed-hosts localhost,example.com`| |\n|`-h` or `--help` |Print this list and exit. |   |\n|`-v` or `--version`|Print the version and exit. | |\n| `--no-panic` | Don't print error stack in the console, put it in a log file | `false`|\n\n## Magic Files\n\n- `index.html` will be served as the default file to any directory requests.\n- `404.html` will be served if a file is not found. This can be used for Single-Page App (SPA) hosting to serve the entry page.\n\n## Catch-all redirect\n\nTo implement a catch-all redirect, use the index page itself as the proxy with:\n\n```\nhttp-server --proxy http://localhost:8080?\n```\n\nNote the `?` at the end of the proxy URL. Thanks to [@houston3](https://github.com/houston3) for this clever hack!\n\n## TLS/SSL\n\nFirst, you need to make sure that [openssl](https://github.com/openssl/openssl) is installed correctly, and you have `key.pem` and `cert.pem` files. You can generate them using this command:\n\n``` sh\nopenssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem\n```\n\nYou will be prompted with a few questions after entering the command. Use `127.0.0.1` as value for `Common name` if you want to be able to install the certificate in your OS's root certificate store or browser so that it is trusted.\n\nThis generates a cert-key pair and it will be valid for 3650 days (about 10 years).\n\nThen you need to run the server with `-S` for enabling SSL and `-C` for your certificate file.\n\n``` sh\nhttp-server -S -C cert.pem\n```\n\nIf you wish to use a passphrase with your private key you can include one in the openssl command via the -passout parameter (using password of foobar)\n\n\ne.g.\n`openssl req -newkey rsa:2048 -passout pass:foobar -keyout key.pem -x509 -days 365 -out cert.pem`\n\nFor security reasons, the passphrase will only be read from the `NODE_HTTP_SERVER_SSL_PASSPHRASE` environment variable.\n\n\nThis is what should be output if successful:\n\n``` sh\nStarting up http-server, serving ./ through https\n\nhttp-server settings:\nCOOP: disabled\nCORS: disabled\nCache: 3600 seconds\nConnection Timeout: 120 seconds\nDirectory Listings: visible\nAutoIndex: visible\nServe GZIP Files: false\nServe Brotli Files: false\nDefault File Extension: none\n\nAvailable on:\n  https://127.0.0.1:8080\n  https://192.168.1.101:8080\n  https://192.168.1.104:8080\nHit CTRL-C to stop the server\n```\n\n# Development\n\nCheckout this repository locally, then:\n\n```sh\n$ npm i\n$ npm start\n```\n\n*Now you can visit http://localhost:8080 to view your server*\n\nYou should see the turtle image in the screenshot above hosted at that URL. See\nthe `./public` folder for demo content.\n","funding_links":["https://github.com/sponsors/thornjad"],"categories":["JavaScript","Packages","HarmonyOS","Repository","目录","Uncategorized","开发辅助","网络服务","command-line","命令行工具","server","包","[Node.js](http://nodejs.org/) feature module and bundler"],"sub_categories":["Command-line apps","Windows Manager","HTTP","Node.js相关","Uncategorized","网络服务_其他","命令行程序"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhttp-party%2Fhttp-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhttp-party%2Fhttp-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhttp-party%2Fhttp-server/lists"}