Merge branch 'master' into no_server_headers

http-party · Aug 5, 2021 · 9c51cb2 · 9c51cb2
2 parents cd84a85 + fab3248
commit 9c51cb2
Show file tree

Hide file tree

Showing 97 changed files with 16,379 additions and 1,389 deletions.
diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE
@@ -1,20 +1,16 @@
-**Do you want to request a *feature* or report a *bug*?**
-
-**If the issue is a bug report, please provide the steps to reproduce it. Please include the actual command causing the issue if applicable.**
+**Steps to reproduce the issue, if applicable. Include the actual command and output and/or stack trace.**
 
 <!-- Paste the command here: -->
 
 **What did you expect to happen?**
 
-**What actually happened? Please include the actual error trace and / or stack trace if applicable.**
-
 <!-- Paste the error and / or stack trace here: -->
 
 **If the issue is a feature request, what is the motivation / use case for it?**
 
 **Tell us about your environment**
-- **http-server version:**
+- **exact http-server version:**
+- **Node version:**
 - **Platform:**
 
 **Other information (related issues, suggestions for a fix, etc):**
-
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '23 14 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
@@ -0,0 +1,31 @@
+# This workflow will do a clean install of node dependencies, cache/restore them, build the source code and run tests across different versions of node
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-nodejs-with-github-actions
+
+name: Node.js CI
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+    name: Test
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        node-version: [10.x, 12.x, 14.x, 16.x]
+        os: [ubuntu-latest, macOS-latest, windows-latest]
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Use Node.js ${{ matrix.node-version }} on ${{ matrix.os }}
+      uses: actions/setup-node@v2
+      with:
+        node-version: ${{ matrix.node-version }}
+        cache: 'npm'
+    - run: npx npm@7 ci
+    - run: npm test
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
-node_modules/*
-npm-debug.log
+node_modules/
+npm-debug.log*
+.nyc_*/
 .dir-locals.el
+.DS_Store
diff --git a/.travis.yml b/.travis.yml
diff --git a/LICENSE b/LICENSE
@@ -1,4 +1,5 @@
-Copyright (c) 2011-2019 Charlie Robbins, Marak Squires, and the Contributors.
+Copyright (c) 2011-2021 Charlie Robbins, Marak Squires, Jade Michael Thornton
+and the Contributors.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

diff --git a/README.md b/README.md
@@ -1,27 +1,34 @@
-[![build status](https://img.shields.io/travis/http-party/http-server.svg?style=flat-square)](https://travis-ci.org/http-party/http-server)
-[![dependencies status](https://img.shields.io/david/http-party/http-server.svg?style=flat-square)](https://david-dm.org/http-party/http-server)
-[![npm](https://img.shields.io/npm/v/http-server.svg?style=flat-square)](https://www.npmjs.com/package/http-server)
+![GitHub Workflow Status (master)](https://img.shields.io/github/workflow/status/http-party/http-server/Node.js%20CI/master?style=flat-square)
+[![npm](https://img.shields.io/npm/v/http-server.svg?style=flat-square)](https://www.npmjs.com/package/http-server) [![homebrew](https://img.shields.io/homebrew/v/http-server?style=flat-square)](https://formulae.brew.sh/formula/http-server) ![GitHub milestone](https://img.shields.io/github/milestones/progress-percent/http-party/http-server/4?label=next%20release%20progress&style=flat-square) [![npm downloads](https://img.shields.io/npm/dm/http-server?color=blue&label=npm%20downloads&style=flat-square)](https://www.npmjs.com/package/http-server)
 [![license](https://img.shields.io/github/license/http-party/http-server.svg?style=flat-square)](https://github.com/http-party/http-server)
 
 # http-server: a command-line http server
 
 `http-server` is a simple, zero-configuration command-line http server.  It is powerful enough for production usage, but it's simple and hackable enough to be used for testing, local development, and learning.
 
-![](https://github.com/nodeapps/http-server/raw/master/screenshots/public.png)
+![Example of running http-server](https://github.com/http-party/http-server/raw/master/screenshots/public.png)
 
-# Installing globally:
+## Installation:
 
-Installation via `npm`:
+#### Globally via `npm`
 
-     npm install http-server -g
+    npm install --global http-server
 
-This will install `http-server` globally so that it may be run from the command line.
+This will install `http-server` globally so that it may be run from the command line anywhere.
 
-## Running on-demand:
+#### Globally via Homebrew
+
+    brew install http-server
+
+#### Running on-demand:
 
 Using `npx` you can run the script without installing it first:
 
-     npx http-server [path] [options]
+    npx http-server [path] [options]
+     
+#### As a dependency in your `npm` package:
+
+    npm install http-server
 
 ## Usage:
 
@@ -35,7 +42,7 @@ Using `npx` you can run the script without installing it first:
 
 ## Available Options:
 
-`-p` or `--port` Port to use (defaults to 8080)
+`-p` or `--port` Port to use (defaults to 8080). Use `-p 0` to look for an open port, starting at 8080. It will also read from `process.env.PORT`.
 
 `-a` Address to use (defaults to 0.0.0.0)
 
@@ -77,7 +84,7 @@ Using `npx` you can run the script without installing it first:
 
 `--no-dotfiles` Do not show dotfiles
 
-`--no-server-header` Hide the `server` header which identifies ecstatic
+`--mimetypes` Path to a .types file for custom mimetype definition
 
 `-h` or `--help` Print this list and exit.
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.12.x   | :white_check_mark: |
+| < 0.12   | :x:                |
+
+## Reporting a Vulnerability
+
+In general, vulnerabilities can be reported as an issue, pull requests are very welcome. If you'd like to report privately, please email jademichael+http-server@jmthornton.net.
diff --git a/bin/http-server b/bin/http-server
@@ -8,12 +8,7 @@ var colors     = require('colors/safe'),
     portfinder = require('portfinder'),
     opener     = require('opener'),
     fs         = require('fs'),
-    argv       = require('optimist')
-      .boolean('cors')
-      .boolean('log-ip')
-      .argv,
-    pjson      = require('../package.json');
-
+    argv       = require('minimist')(process.argv.slice(2));
 var ifaces = os.networkInterfaces();
 
 process.title = 'http-server';
@@ -23,7 +18,7 @@ if (argv.h || argv.help) {
     'usage: http-server [path] [options]',
     '',
     'options:',
-    '  -p --port    Port to use [8080]',
+    '  -p --port    Port to use. If 0, look for open port. [8080]',
     '  -a           Address to use [0.0.0.0]',
     '  -d           Show directory listings [true]',
     '  -i           Display autoIndex [true]',
@@ -56,6 +51,7 @@ if (argv.h || argv.help) {
     '',
     '  -r --robots        Respond to /robots.txt [User-agent: *\\nDisallow: /]',
     '  --no-dotfiles      Do not show dotfiles',
+    '  --mimetypes        Path to a .types file for custom mimetype definition',
     '  -h --help          Print this list and exit.',
     '  -v --version       Print the version and exit.'
   ].join('\n'));
@@ -67,8 +63,8 @@ var port = argv.p || argv.port || parseInt(process.env.PORT, 10),
     ssl = argv.S || argv.ssl,
     proxy = argv.P || argv.proxy,
     utc = argv.U || argv.utc,
-    logger,
-    version = pjson.version;
+    version = argv.v || argv.version,
+    logger;
 
 if (!argv.s && !argv.silent) {
   logger = {
@@ -102,6 +98,11 @@ else if (colors) {
   };
 }
 
+if (version) {
+  logger.info('v' + require('../package.json').version);
+  process.exit();
+}
+
 if (!port) {
   portfinder.basePort = 8080;
   portfinder.getPort(function (err, port) {
@@ -113,11 +114,6 @@ else {
   listen(port);
 }
 
-if (argv.v || argv.version) {
-  console.log(version);
-  process.exit();
-}
-
 function listen(port) {
   var options = {
     root: argv._[0],
@@ -132,6 +128,7 @@ function listen(port) {
     logFn: logger.request,
     proxy: proxy,
     showDotfiles: argv.dotfiles,
+    mimetypes: argv.mimetypes,
     username: argv.username || process.env.NODE_HTTP_SERVER_USERNAME,
     password: argv.password || process.env.NODE_HTTP_SERVER_PASSWORD
   };
@@ -166,7 +163,7 @@ function listen(port) {
 
   var server = httpServer.createServer(options);
   server.listen(port, host, function () {
-    var canonicalHost = host === '0.0.0.0' ? '127.0.0.1' : host,
+    var canonicalHost = host,
         protocol      = ssl ? 'https://' : 'http://';
 
     logger.info([colors.yellow('Starting up http-server, serving '),