Package Health Score

82 / 100

security
No known security issues
popularity
Influential project
maintenance
Sustainable
community
Sustainable

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

Version				Vulnerabilities	License Risk
5.0.0-beta.2	\|	05/2023		0 C 0 H 0 M 0 L	0 H 0 M 0 L
4.3.3	\|	08/2022	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
3.4.1	\|	03/2021		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.3.0	\|	03/2018		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.2.26	\|	02/2018		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

BSD-2-Clause

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Influential project

Weekly Downloads (199,098)

GitHub Stars: 2.29K
Forks: 311
Contributors: 60

Direct Usage Popularity

The npm package ngrok receives a total of 199,098 downloads a week. As such, we scored ngrok popularity level to be Influential project.

Based on project statistics from the GitHub repository for the npm package ngrok, we found that it has been starred 2,292 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Sustainable

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 60
Funding: No

With more than 10 contributors for the ngrok repository, this is possibly a sign for a growing and inviting community.

We found a way for you to contribute to the project! Looks like ngrok is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Sustainable

Commit Frequency

Open Issues: 37
Open PR: 3
Last Release: 12 months ago
Last Commit: 20 days ago

Further analysis of the maintenance status of ngrok based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Sustainable.

We found that ngrok demonstrates a positive version release cadence with at least one new version released in the past 12 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=14.2

Age: 10 years
Dependencies: 6 Direct
Versions: 91
Install Size: 23.3 MB
Dist-tags: 2
# of Files: 15
Maintainers: 2
TS Typings: Yes

ngrok has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use ngrok?

To help you get started, we've collected the most common ways that ngrok is being used within popular public projects.

safaricom / mpesa-node-library / tests / helpers / ngrok.js View on Github

function ngrokify (server) {
  if (typeof server === 'function') server = http.createServer(server)

  // let ngroked = Object.create(server)
  let ngrokURL

  server.once('close', function () {
    console.log('Closing time :)')
    ngrokURL && ngrok.disconnect(ngrokURL)
  })

  let addr = server.address()
  if (!addr) server.listen(0)
  addr = server.address()
  console.log('Using Port ' + addr.port)
  return ngrok.connect(addr.port).then(function (url) {
    ngrokURL = url
    return url
  })
}
module.exports = ngrokify

View more ways to use ngrok

ngrok

This project is the Node.js wrapper for the ngrok client. Version 5 of this project uses ngrok client version 3. For ngrok client version 2, check out version 4.

alt ngrok.com

Usage

Local install

Install the package with npm:

npm install ngrok

Then use ngrok.connect() to start ngrok and open a tunnel.

const ngrok = require('ngrok');
(async function() {
  const url = await ngrok.connect();
})();

This module uses node>=10.19.0 with async/await. For a callback-based version use 2.3.0.

Global install

npm install ngrok -g
ngrok http 8080

For global install on Linux, you might need to run sudo npm install --unsafe-perm -g ngrok due to the nature of npm postinstall script.

Auth Token

You can create basic http-https-tcp tunnel without an authtoken. For custom subdomains and more you should obtain an authtoken by signing up at ngrok.com. Once you set the authtoken, it is stored in ngrok config and used for all tunnels. You can set the authtoken directly:

await ngrok.authtoken(token);

Or pass the authtoken to the connect method like so:

await ngrok.connect({authtoken: token, ...});

Connect

There are a number of ways to create a tunnel with ngrok using the connect method.

By default, connect will open an HTTP tunnel to port 80

const url = await ngrok.connect(); // https://757c1652.ngrok.io -> https://localhost:80

You can pass the port number to connect to specify that port:

const url = await ngrok.connect(9090); // https://757c1652.ngrok.io -> https://localhost:9090

Or you can pass an object of options, for example:

const url = await ngrok.connect({proto: 'tcp', addr: 22}); // tcp://0.tcp.ngrok.io:48590
const url = await ngrok.connect(opts);

Options

There are many options that you can pass to connect, here are some examples:

const url = await ngrok.connect({
  proto: 'http', // http|tcp|tls, defaults to http
  addr: 8080, // port or network address, defaults to 80
  basic_auth: 'user:pwd', // http basic authentication for tunnel
  subdomain: 'alex', // reserved tunnel name https://alex.ngrok.io
  authtoken: '12345', // your authtoken from ngrok.com
  region: 'us', // one of ngrok regions (us, eu, au, ap, sa, jp, in), defaults to us
  configPath: '~/git/project/ngrok.yml', // custom path for ngrok config file
  binPath: path => path.replace('app.asar', 'app.asar.unpacked'), // custom binary path, eg for prod in electron
  onStatusChange: status => {}, // 'closed' - connection is lost, 'connected' - reconnected
  onLogEvent: data => {}, // returns stdout messages from ngrok process
});

See the ngrok documentation for all of the tunnel definition options including: name, inspect, host_header, scheme, hostname, crt, key, remote_addr.

Note on regions:

The region used in the first tunnel will be used for all the following tunnels
If you do not provide a region, ngrok will try to pick the closest one to your location. This will include the region in the URL. To get a URL without a region, set the region to "us".

Disconnect

The ngrok process and all tunnels will be killed when node process is complete. To stop the tunnels manually use:

await ngrok.disconnect(url); // stops one
await ngrok.disconnect(); // stops all
await ngrok.kill(); // kills ngrok process

Config

You can use ngrok's configurations files, and pass name option when making a tunnel. Configuration files allow to store tunnel options. Ngrok looks for them here:

System	Path
MacOS (Darwin)	`"~/Library/Application Support/ngrok/ngrok.yml"`
Linux	`"~/.config/ngrok/ngrok.yml"`
Windows	`"%HOMEPATH%\AppData\Local\ngrok\ngrok.yml"`

You can specify a custom configPath when making a tunnel.

Updating config for ngrok version 3

With the upgrade to ngrok version 3, an older config file will no longer be compatible without a few changes. The ngrok agent provides a command to upgrade your config. On the command line you can run:

ngrok config upgrade

The default locations of the config file have changed too, you can upgrade and move your config file with the command:

ngrok config upgrade --relocate

The library makes this command available as well. To get the same effect you can run:

await ngrok.upgradeConfig();

// relocate the config file too:
await ngrok.upgradeConfig({ relocate: true });

Inspector

When a tunnel is established you can use the ngrok interface hosted at https://127.0.0.1:4040 to inspect the webhooks made via ngrok.

The same URL hosts the internal client api. This package exposes an API client that wraps the API which you can use to manage tunnels yourself.

const url = await ngrok.connect();
const api = ngrok.getApi();
const tunnels = await api.listTunnels();

You can also get the URL of the internal API:

const url = await ngrok.connect();
const apiUrl = ngrok.getUrl();

API

The API wrapper gives access to all the ngrok client API methods:

const url = await ngrok.connect();
const api = ngrok.getApi();

List tunnels

const tunnels = await api.listTunnels();

Start tunnel

const tunnel = await api.startTunnel(opts);

Get tunnel details

const tunnel = await api.tunnelDetail(tunnelName);

Stop tunnel

await api.stopTunnel(tunnelName);

List requests

await api.listRequests(options);

Replay request

await api.replayRequest(requestId, tunnelName);

Delete all requests

await api.deleteAllRequests();

Request detail

const request = await api.requestDetail(requestId);

Proxy

If you are behind a corporate proxy and have issues installing ngrok, you can set HTTPS_PROXY env var to fix it. ngrok's postinstall scripts uses the got module to fetch the binary and the hpagent module to support HTTPS proxies. You will need to install the hpagent module as a dependency
If you are using a CA file, set the path in the environment variable NGROK_ROOT_CA_PATH. The path is needed for downloading the ngrok binary in the postinstall script

How it works

npm install downloads the ngrok binary for your platform from the official ngrok hosting. To host binaries yourself set the NGROK_CDN_URL environment variable before installing ngrok. To force specific platform set NGROK_ARCH, eg NGROK_ARCH=freebsdia32.

The first time you create a tunnel the ngrok process is spawned and runs until you disconnect or when the parent process is killed. All further tunnels are connected or disconnected through the internal ngrok API which usually runs on https://127.0.0.1:4040.

ngrok binary update

If you would like to force an update of the ngrok binary directly from your software, you can require the ngrok/download module and call the downloadNgrok function directly:

const downloadNgrok = require('ngrok/download');
downloadNgrok(myCallbackFunc, { ignoreCache: true });

Using with nodemon

If you want your application to restart as you make changes to it, you may use nodemon. This blog post shows how to use nodemon and ngrok together so your server restarts but your tunnel doesn't.

Contributors

Please run git update-index --assume-unchanged bin/ngrok to not override ngrok stub in your PR. Unfortunately it can't be gitignored.

The test suite covers the basic usage without an authtoken, as well as features available for free and paid authtokens. You can supply your own tokens as environment variables, otherwise a warning is given and some specs are ignored (locally and in PR builds). GitHub Actions supplies real tokens to master branch and runs all specs always.

Upgrading to version 5

Please read the upgrade notes for the ngrok agent. Library specific changes are described below and there is more in the CHANGELOG:

Config

The format and default location of the config file has changed. Please see the section on upgrading your config file for more detail.

Connect options

The bind_tls option is now scheme. When bind_tls was true (the default), ngrok agent version 2 would start two tunnels, one on http and one on https. Now, when scheme is set to https (the default), only an https tunnel will be created. To create both tunnels, you will need to pass ["http", "https"] as the scheme option.

The auth option, also available as httpauth, is now just basic_auth. Note also that the password for basic_auth must be between 8 and 128 characters long.

Upgrading to version 4

The main impetus to update the package was to remove the dependency on the deprecated request module. request was replaced with got. Calls to the main ngrok functions, connect, authtoken, disconnect, kill, getVersion and getUrl respond the same as in version 3.

Updating the HTTP library, meant that the wrapped API would change, so a client class was created with methods for the available API calls. See the documentation above for how to use the API client.

The upside is that you no longer have to know the path to the API method you need. For example, to list the active tunnels in version 3 you would do:

const api = ngrok.getApi();
const tunnels = await api.get('api/tunnels');

Now you can call the listTunnels function:

const api = ngrok.getApi();
const tunnels = await api.listTunnels();

TypeScript

From version 3 to version 4 the bundled types were also overhauled. Most types live within the Ngrok namespace, particularly Ngrok.Options which replaces INgrokOptions.

ngrok dependencies

extract-zip got lodash.clonedeep uuid yaml hpagent

ngrok development dependencies

@types/node chai chalk mocha sinon

FAQs

What is ngrok?

node wrapper for ngrok. Visit Snyk Advisor to see a full health score report for ngrok, including popularity, security, maintenance & community analysis.

Is ngrok popular?

The npm package ngrok receives a total of 199,098 weekly downloads. As such, ngrok popularity was classified as an influential project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is ngrok well maintained?

We found indications that ngrok maintenance is sustainable demonstrating some project activity. We saw a total of 60 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is ngrok safe to use?

The npm package ngrok was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 25 April-2024, at 07:19 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (199,098)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Not sure how to use ngrok?

ngrok

Usage

Local install

Global install

Auth Token

Connect

Options

Disconnect

Config

Updating config for ngrok version 3

Inspector

API

Proxy

How it works

ngrok binary update

Using with nodemon

Contributors

Upgrading to version 5

Config

Connect options

Upgrading to version 4

TypeScript

ngrok dependencies

ngrok development dependencies

FAQs

What is ngrok?

Is ngrok popular?

Is ngrok well maintained?

Is ngrok safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues