{"id":16656,"library":"node-static-auth","title":"Node.js Static Server with Basic Auth","description":"node-static-auth provides a static file server for Node.js, integrating features like Basic authentication, access file logging with rotation, and custom error pages (401, 404, 500). It supports both HTTP and HTTPS, including an HTTP listener for automatic redirects to HTTPS, and historically offered experimental HTTP/2 support for Node.js versions 9.x and above. The package bundles popular modules like `node-static`, `basic-auth`, `morgan`, and `rotating-file-stream` to deliver its functionality. As of its last known stable release (1.0.6), it caters to older Node.js environments (engines >= 0.10.0) and has not seen active development in many years, making it unsuitable for modern applications requiring current security standards or active maintenance.","status":"abandoned","version":"1.0.6","language":"javascript","source_language":"en","source_url":"https://github.com/traynor/node-static-auth","tags":["javascript","http","https","static","file","logger","basic","auth","middleware"],"install":[{"cmd":"npm install node-static-auth","lang":"bash","label":"npm"},{"cmd":"yarn add node-static-auth","lang":"bash","label":"yarn"},{"cmd":"pnpm add node-static-auth","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core dependency for serving static files.","package":"node-static","optional":false},{"reason":"Provides Basic authentication parsing and handling.","package":"basic-auth","optional":false},{"reason":"Used for HTTP request logging capabilities.","package":"morgan","optional":false},{"reason":"Enables log file rotation for the access logger.","package":"rotating-file-stream","optional":false}],"imports":[{"note":"This package is CommonJS-only, reflecting its age. Direct ESM `import` statements will fail.","wrong":"import NodeStaticAuth from 'node-static-auth';","symbol":"NodeStaticAuth","correct":"const NodeStaticAuth = require('node-static-auth');"}],"quickstart":{"code":"const NodeStaticAuth = require('node-static-auth');\n\n// IMPORTANT: Replace 'path-to-public-directory' with the actual path to your static files.\n// For example, if your static files are in a 'public' folder in the project root:\n// const PUBLIC_DIR = path.join(process.cwd(), 'public');\n// Ensure 'public' directory exists and contains 'index.html', 'your-forbidden.html', etc.\n\nconst config = {\n    nodeStatic: {\n        root: 'path-to-public-directory', // e.g., 'public'\n        options: {\n            indexFile: 'your-index.html' // e.g., 'index.html'\n        },\n        customPages: {\n            forbidden: 'your-forbidden.html', // e.g., '401.html'\n            notFound: 'your-not-found.html',   // e.g., '404.html'\n            error: 'your-error.html'         // e.g., '500.html'\n        }\n    },\n    server: {\n        port: 3001,\n        http2: false, // Set to true if running Node >= 9.x, but note limitations\n        ssl: {\n            enabled: true,\n            httpListener: 3000,\n            // Example: Replace with actual paths to your SSL certificate and key\n            // key: path.join(process.cwd(), 'ssl', 'server.key'),\n            // cert: path.join(process.cwd(), 'ssl', 'server.crt'),\n            key: process.env.SSL_KEY_PATH ?? 'path/to/server.key', // Placeholder\n            cert: process.env.SSL_CERT_PATH ?? 'path/to/server.crt' // Placeholder\n        }\n    },\n    auth: {\n        enabled: true,\n        users: {\n            admin: 'password123'\n        }\n    },\n    logger: {\n        enabled: true,\n        path: 'access.log',\n        type: 'combined', // Standard Apache combined log format\n        rotation: {\n            interval: '1d', // Rotate daily\n            maxFiles: 10    // Keep a maximum of 10 rotated log files\n        }\n    }\n};\n\nconst server = new NodeStaticAuth(config);\nconsole.log(`Server running on HTTPS at https://localhost:${config.server.port} and HTTP listener on http://localhost:${config.server.ssl.httpListener}`);\n","lang":"javascript","description":"This quickstart initializes and starts an HTTPS static server with Basic authentication and access logging, demonstrating common configuration options."},"warnings":[{"fix":"Migrate to a actively maintained static file server solution like `serve-static`, `express.static`, or `sirv` combined with modern authentication and logging middleware.","message":"The package is abandoned and has not been updated in over 8 years. It is built on outdated Node.js versions (engines >= 0.10.0) and dependencies, making it insecure and incompatible with modern Node.js environments (>=16).","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"If custom error pages are critical, ensure `server.http2` is set to `false` in the configuration.","message":"Using custom error pages (401, 404, 500) is not supported when HTTP/2 is enabled. The server will fall back to less aesthetically pleasing default pages.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Avoid using the HTTP/2 feature. If HTTP/2 is required, use a modern, actively maintained server framework that provides robust HTTP/2 support.","message":"The HTTP/2 support in this package is noted as 'experimental' and might contain bugs or compatibility issues, particularly with other bundled modules.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Always enforce HTTPS (`ssl.enabled: true`) when using Basic Auth. For new projects, consider modern authentication mechanisms like OAuth2 or token-based authentication with updated libraries.","message":"Basic Authentication, while provided, is generally insecure when used without HTTPS due to credentials being transmitted in plain text. Relying on this older, abandoned package for security-sensitive applications is extremely risky.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Ensure your project uses CommonJS (`require()`) or use a build tool like Webpack/Rollup to transpile CommonJS modules into ESM if absolutely necessary, though this is not recommended for an abandoned package.","message":"The package is CommonJS-only. Attempting to use `import` syntax will result in errors in an ESM context.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure your Node.js file is treated as CommonJS (e.g., `.js` file without `\"type\": \"module\"` in `package.json`, or explicitly `.cjs` extension). This package does not support ESM imports.","cause":"Attempting to use `require()` in an ECMAScript Module (ESM) context.","error":"TypeError: require is not a function"},{"fix":"Run `npm install node-static-auth` in your project directory.","cause":"The package has not been installed or the path is incorrect.","error":"Error: Cannot find module 'node-static-auth'"},{"fix":"This issue is indicative of the package's age. It's strongly recommended to migrate to an actively maintained solution. As a temporary workaround for development, you might try `NODE_OPTIONS='--openssl-legacy-provider' node your-app.js`, but this is not suitable for production.","cause":"Modern Node.js versions (e.g., Node.js 17+) have stricter OpenSSL policies that may reject older or insecure cryptographic algorithms used by outdated dependencies (like those potentially bundled here for SSL).","error":"ERR_OSSL_EVP_UNSUPPORTED"}],"ecosystem":"npm"}