{"id":17450,"library":"lws-blacklist","title":"lws-blacklist Middleware","description":"lws-blacklist is a middleware package for the `lws` (local-web-server) ecosystem, designed to forbid specific routes based on regular expressions. It integrates with `lws` to add a `--blacklist` CLI option or can be configured programmatically. The package is currently at version `3.0.0`, published approximately six years ago, and is part of the `lwsjs` suite of modular `lws` plugins. While `lws` itself uses Koa as its middleware engine, `lws-blacklist` provides a simplified interface for defining forbidden paths, making it a specialized solution for access control within an `lws` server setup. Its primary differentiator is its tight integration and configuration synergy with `lws`.","status":"maintenance","version":"3.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/lwsjs/blacklist","tags":["javascript","lws","lws-middleware"],"install":[{"cmd":"npm install lws-blacklist","lang":"bash","label":"npm"},{"cmd":"yarn add lws-blacklist","lang":"bash","label":"yarn"},{"cmd":"pnpm add lws-blacklist","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core dependency; lws-blacklist is an lws middleware.","package":"lws","optional":false},{"reason":"Transitive dependency with known audit warning, used for route matching.","package":"path-to-regexp","optional":false}],"imports":[{"note":"lws supports both ESM and CJS; programmatic use often starts with importing the Lws class.","wrong":"const Lws = require('lws')","symbol":"Lws","correct":"import Lws from 'lws';"},{"note":"Assuming lws-blacklist exports a default function that returns the middleware; direct symbol names might vary if it's a class or named export.","wrong":"import { blacklistMiddleware } from 'lws-blacklist';","symbol":"blacklistMiddleware","correct":"import blacklistMiddleware from 'lws-blacklist';"}],"quickstart":{"code":"import Lws from 'lws';\nimport blacklistMiddleware from 'lws-blacklist';\n\nconst server = new Lws();\n\nasync function startServer() {\n  try {\n    const options = {\n      port: 8000,\n      stack: ['lws-static'], // Ensure static serving is also enabled\n      directory: './public', // Serve files from a 'public' directory\n      blacklist: ['/admin/(.*)', '/secret-page.html'], // Routes to forbid\n      // For programmatic use, the middleware itself is added to the stack\n      // but the configuration comes via options that lws-blacklist processes.\n      // If lws-blacklist exported a direct Koa middleware, it would look like:\n      // middleware: [blacklistMiddleware({ blacklist: ['/admin/(.*)'] })]\n    };\n\n    await server.start(options);\n    console.log(`lws-blacklist example server running at http://localhost:${options.port}`);\n    console.log('Try accessing http://localhost:8000/secret-page.html or http://localhost:8000/admin/dashboard.html');\n    console.log('Serving static files from ./public');\n  } catch (error) {\n    console.error('Failed to start lws server:', error);\n  }\n}\n\n// Create a public directory and some test files\nimport fs from 'fs';\nif (!fs.existsSync('./public')) fs.mkdirSync('./public');\nfs.writeFileSync('./public/index.html', '<h1>Hello from lws!</h1><p>Public page.</p>');\nfs.writeFileSync('./public/secret-page.html', '<h1>ACCESS DENIED</h1><p>This page should be blocked.</p>');\nfs.writeFileSync('./public/admin/dashboard.html', '<h1>Admin Dashboard</h1><p>This page should be blocked.</p>');\n\nstartServer();","lang":"javascript","description":"Demonstrates programmatic setup of an lws server with lws-blacklist, blocking specific URL patterns like '/admin/(.*)' and '/secret-page.html' using the `--blacklist` option equivalent."},"warnings":[{"fix":"Consider documenting usage with 'denylist' or 'blocklist' in your own project's context, or explore alternative middleware if this terminology is a concern.","message":"The `lws-blacklist` package name and its core functionality utilize the term 'blacklist', which is increasingly being deprecated in favor of 'denylist' or 'blocklist' across the tech industry for reasons of inclusivity. While the functionality remains, newer projects might prefer alternative terminology.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always check the lws documentation and lws-blacklist release notes for compatibility when upgrading major versions of either package. Ensure your middleware functions conform to the Koa (ctx, next) => {} signature.","message":"The lws ecosystem uses Koa for its middleware. If there were changes in how lws expects middleware to be structured (e.g., from an Express-style to a Koa-style signature, or changes in context object properties), older versions of lws-blacklist might not be compatible with newer lws versions.","severity":"breaking","affected_versions":"<3.0.0 to >=3.0.0 (hypothetical, typical major version bump reason)"},{"fix":"Test your blacklist patterns thoroughly with expected valid and invalid URLs. Online regex testers can help in validating patterns. Remember that regex special characters (e.g., '.', '*', '?', '+') need to be escaped if you mean them literally.","message":"Regular expressions provided to `--blacklist` are matched against the request path. Misconfigured or overly broad regexes can block legitimate routes, while overly specific ones can fail to block intended targets. Ensure correct regex syntax and test thoroughly.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Regularly run `npm audit fix` and `npm update` to ensure all dependencies are at their latest, patched versions. If the vulnerability persists, consult the `lws-blacklist` GitHub issues for official patches or recommended workarounds.","message":"The `lws-blacklist` package has an `npm audit` warning due to its transitive dependency on `path-to-regexp` (GHSA-9wv6-86v2-598j). This indicates a potential security vulnerability in a sub-dependency, though its direct impact on lws-blacklist's specific use case might vary.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Evaluate the project's long-term maintenance status and community activity if active development or immediate patching of issues is critical for your application. Consider contributing to the project or forking it if specific needs arise.","message":"The package `lws-blacklist` version `3.0.0` was last published approximately six years ago, and its core dependency `lws` also has a noted 'not healthy version release cadence'. This implies a potentially slower maintenance cycle and a reduced likelihood of new feature development or rapid vulnerability patches.","severity":"gotcha","affected_versions":">=3.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure `lws-blacklist` is installed (`npm install lws-blacklist`). If using the CLI `--stack` option, ensure `lws-blacklist` is spelled correctly. For programmatic use, verify the import path and that the module exports a valid middleware factory function.","cause":"The lws server could not locate or correctly load the `lws-blacklist` module, either due to incorrect installation, a typo in the stack name, or an incompatible version.","error":"Error: Middleware 'lws-blacklist' not found or invalid."},{"fix":"Double-check your regex patterns for accuracy. Use a regex testing tool to confirm they match your target paths. In `lws`, middleware order matters; ensure `lws-blacklist` is positioned early enough in your middleware stack to intercept requests before other middleware might process or serve them.","cause":"The regular expression provided for blacklisting did not correctly match the intended route, or the blacklist middleware is not correctly ordered in the `lws` stack.","error":"Request to '/admin/dashboard' was not blocked as expected."},{"fix":"When using `lws-blacklist` programmatically, ensure you pass the `blacklist` array of patterns as expected by its API. For CLI usage, verify the `--blacklist` option is correctly formatted with valid path arguments.","cause":"This error typically occurs if `lws-blacklist` is being used programmatically but its configuration object is missing or malformed, or if the `lws` instance is not correctly passing options to the middleware.","error":"TypeError: Cannot read properties of undefined (reading 'blacklist')"}],"ecosystem":"npm","meta_description":null}