- Breaking change (npm): Set
engines
to 12.0.0+ - Breaking change: Add
type: 'module'
andexports
topackage.json
; change internal CJS path - Security: Fix dependency vulnerabilities by switching from
optimist
toneodoc
(@fidian) - Security: Update
mime
andcolors
(@fidian) - Security Update/fix: Use
URL
constructor over deprecatedurl.parse
; should fix Open Redirect issue https://www.npmjs.com/advisories/1207 - Security Update/fix: Protect
fs.stat
calls from bad path arguments; fixes Denial of Service issue https://www.npmjs.com/advisories/1208 (@brpvieira) - Security fix?: The Unauthorized File Access issue https://www.npmjs.com/advisories/1206 does not appear to be an issue per testing (if it ever was); if you can provide a test case where it fails, please report
- Fix: Support
bytes=0-0
Range header (@prajwalkman) - Fix: Avoid octal (@bgao / @Ilrilan)
- Fix: For
spa
, allow dots after path (@gjuchault) - Fix: Ensure package
version
stays up to date - Fix: path should be more generous in unescaping anything valid in a path (such as a hash)
- Enhancement: Allow access with local ip (@flyingsky)
- Enhancement: Allow
serverInfo
to benull
(@martindale) - Enhancement: Time display logging with leading 0 (@mauris)
- Enhancement: Respect static
--cache 0
(@matthew-andrews) - Enhancement: New option:
defaultExtension
(@fmalk) - Enhancement: Added glob matching for setting cache headers (@lightswitch05)
- Update: Switch from deprecated
request
tonode-fetch
- Optimization: 'use strict' directive
- Refactoring: Switch to ESM
- Docs: For examples (and internally) avoid
static
reserved word - Docs: Fix header example (@emmanouil)
- Docs: Sp. (@EdwardBetts)
- Docs: Make install section more visible, make defaults visible in semantically marked-up headings and add CLI options
- Docs: Add
CHANGES.md
- Docs: Add ESM file-server example
- Linting: Prefer const, no-var, fix indent, comment-out unused,
prefer
startsWith
andincludes
- Refactoring: Use safer non-prototype version of
colors
- Maintenance: Add
.editorconfig
- Testing: Add checks for supposed direct
node-static
vulnerabilities - Testing: Add test for
null
and non-null
serverInfo - Testing: Allow tests to end (@fmalk)
- Testing: Switch to
mocha
/chai
/c8
- Testing: Begin binary file coverage
- npm: Add eslint devDep. and script
- npm: Add lock file