{"id":14510,"library":"create-server","title":"Common HTTP/HTTPS/SPDY Server API","description":"The `create-server` package provides a unified API for establishing HTTP, HTTPS, and SPDY servers in Node.js, aiming to simplify common server setup patterns. It handles the boilerplate for configuring server instances, including providing a callback-based interface for various server events (close, request, upgrade, listening, error, etc.). The library, last updated in April 2019 at version 1.0.2, notably features built-in 'sane defaults' for security against older threats like POODLE and Heartbleed, and allows custom overrides for ciphers and protocols. However, its primary differentiator, SPDY support, is now largely obsolete in favor of HTTP/2 and HTTP/3. Given its age, the package is likely to lack support for modern JavaScript features like native ESM and may contain security defaults that are no longer considered best practice against contemporary threats.","status":"abandoned","version":"1.0.2","language":"javascript","source_language":"en","source_url":"https://github.com/primus/create-server","tags":["javascript","create","server","servers","http","https","spdy","create-server","create-servers"],"install":[{"cmd":"npm install create-server","lang":"bash","label":"npm"},{"cmd":"yarn add create-server","lang":"bash","label":"yarn"},{"cmd":"pnpm add create-server","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required if the 'spdy' option is set to true for creating an SPDY server.","package":"spdy","optional":true}],"imports":[{"note":"This package primarily uses CommonJS `require()`. While Node.js might attempt to load it with `import`, it is not designed for native ESM use.","wrong":"import create from 'create-server';","symbol":"create","correct":"const create = require('create-server');"},{"note":"The module exports a single function as its default, not named exports. The variable name `create` is a convention used in the documentation.","wrong":"import { createServer } from 'create-server';","symbol":"createServer","correct":"const create = require('create-server');\n// Then use `create` function"}],"quickstart":{"code":"const create = require('create-server');\nconst http = require('http'); // Node.js built-in HTTP module\n\nconst server = create({\n    port: process.env.PORT || 3000,\n    hostname: '127.0.0.1',\n    // Optional: redirect HTTP to HTTPS\n    // redirect: 80,\n    // For HTTPS/SPDY, you'd add 'key', 'cert', 'ca', 'spdy: true' options\n}, {\n    request: function (req, res) {\n        console.log(`Received request for: ${req.url}`);\n        res.writeHead(200, { 'Content-Type': 'text/plain' });\n        res.end('Hello from create-server!\\n');\n    },\n    listening: function (err) {\n        if (err) {\n            console.error('Server failed to start:', err);\n            return;\n        }\n        console.log(`Server listening on http://${server.hostname}:${server.port}`);\n    },\n    error: function (err) {\n        console.error('Server error:', err);\n    }\n});\n\n// To stop the server gracefully\nprocess.on('SIGINT', () => {\n    console.log('Stopping server...');\n    server.close(() => {\n        console.log('Server stopped.');\n        process.exit(0);\n    });\n});","lang":"javascript","description":"Demonstrates creating a basic HTTP server using `create-server` on port 3000, handling incoming requests, and logging server events. Includes graceful shutdown."},"warnings":[{"fix":"Migrate to servers supporting HTTP/2 or HTTP/3, such as Node.js's built-in `http2` module or newer web frameworks, rather than relying on SPDY.","message":"The SPDY protocol, a key feature of this library, has been largely deprecated in favor of HTTP/2 and HTTP/3. Relying on SPDY functionality will result in compatibility issues with modern clients and proxies.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Manually audit and update TLS cipher suites, protocols, and options to align with current best practices for server security (e.g., using TLS 1.3, strong ciphers).","message":"The 'sane defaults' for secure server configuration mentioned in the README address older vulnerabilities like POODLE and Heartbleed. These defaults may be outdated and insufficient to protect against modern security threats. Custom cipher lists (`cypher`), `secureProtocol`, and `secureOptions` should be thoroughly reviewed.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure your project is configured for CommonJS, or use dynamic `import()` if absolutely necessary within an ESM context, understanding the interoperability limitations.","message":"The package uses CommonJS `require()` syntax exclusively in its documentation and examples. It is unlikely to have native ES module (ESM) support, which can cause issues in modern Node.js projects configured for ESM.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always provide absolute paths for certificate files or carefully verify the `root` directory and relative paths. Ensure files are readable by the Node.js process.","message":"When configuring HTTPS or SPDY servers, certificate paths (`key`, `cert`, `ca`, `pfx`, `crl`) are specified relative to the `root` option. Incorrect `root` paths or malformed relative paths can lead to server startup failures.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Change the `port` configuration to an available port number, or terminate the process currently using that port.","cause":"The specified port (e.g., 3000) is already being used by another process on the system.","error":"Error: listen EADDRINUSE: address already in use :::3000"},{"fix":"Install the `spdy` package: `npm install spdy` or remove the `spdy: true` option if SPDY is not intended.","cause":"The `spdy` option was set to `true` to create an SPDY server, but the `spdy` package itself was not installed as a dependency.","error":"Error: Cannot find module 'spdy'"},{"fix":"Verify that the `root` option points to the correct base directory and that all certificate/key file paths (relative or absolute) are accurate. Ensure the Node.js process has read permissions for these files.","cause":"The server failed to locate or read one of the specified certificate or key files (e.g., `key`, `cert`, `ca`, `pfx`, `crl`). This often happens with incorrect `root` paths or file permissions.","error":"Error: ENOENT: no such file or directory, open '/path/to/server.key'"}],"ecosystem":"npm"}