npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@croco/transports-http

v0.0.2

Published

Croco의 HTTP 실행 계층입니다. `@croco/protocols-rest`로 정의한 컨트롤러를 Hono 기반 앱, Node 서버, AWS Lambda 핸들러로 연결합니다.

Readme

@croco/transports-http

Croco의 HTTP 실행 계층입니다. @croco/protocols-rest로 정의한 컨트롤러를 Hono 기반 앱, Node 서버, AWS Lambda 핸들러로 연결합니다.

설치

pnpm add @croco/transports-http @croco/protocols-rest reflect-metadata

사용법

앱 생성과 Lambda 핸들러 노출

import "reflect-metadata";
import {
  createSlidingWindowPolicy,
  RateLimitKeyBuilder,
  RateLimiter,
  SlidingWindowInMemoryStore,
} from "@croco/ratelimit-core";
import { Controller, Get } from "@croco/protocols-rest";
import {
  bodyLimitMiddleware,
  corsMiddleware,
  createApp,
  mb,
  rateLimitHttpMiddleware,
  securityHeadersMiddleware,
} from "@croco/transports-http";

@Controller("/users")
class UserController {
  @Get("/")
  list() {
    return [{ id: "user-1" }];
  }
}

const rateLimiter = new RateLimiter(
  new SlidingWindowInMemoryStore(),
  new RateLimitKeyBuilder(["ip"]),
);

const app = createApp({
  controllers: [UserController],
  middlewares: [
    securityHeadersMiddleware(),
    corsMiddleware({ origins: ["https://example.com"] }),
    bodyLimitMiddleware({ limit: mb(1) }),
    rateLimitHttpMiddleware({
      rateLimiter,
      policy: createSlidingWindowPolicy("http", 100, 60_000),
    }),
  ],
});

export const handler = app.lambdaHandler();

Node 서버 실행

await app.listen(3000);

헬스체크 등록

import { Container } from "@croco/framework-context";
import { HealthCheckRegistry } from "@croco/transports-http";

Container.get(HealthCheckRegistry).register("database", async () => ({ status: "up" }));

Security Middleware Contract

createApp는 기본적으로 아래 4개 보안 미들웨어가 모두 등록되어 있는지 부트스트랩 시점에 검증합니다. 하나라도 누락되면 앱 생성은 fail-closed로 중단됩니다.

When calling createApp, include the following middleware in the middlewares array:

import {
  createSlidingWindowPolicy,
  RateLimitKeyBuilder,
  RateLimiter,
  SlidingWindowInMemoryStore,
} from "@croco/ratelimit-core";
import {
  bodyLimitMiddleware,
  corsMiddleware,
  createApp,
  mb,
  rateLimitHttpMiddleware,
  securityHeadersMiddleware,
} from "@croco/transports-http";

const rateLimiter = new RateLimiter(
  new SlidingWindowInMemoryStore(),
  new RateLimitKeyBuilder(["ip"]),
);

const app = createApp({
  controllers: [UserController],
  middlewares: [
    securityHeadersMiddleware(), // HSTS, X-Frame-Options, CSP, etc.
    corsMiddleware({ origins: ["https://example.com"] }), // Cross-Origin policy
    bodyLimitMiddleware({ limit: mb(1) }), // Request body size cap
    rateLimitHttpMiddleware({
      rateLimiter,
      policy: createSlidingWindowPolicy("http", 100, 60_000),
    }), // Rate limiting
  ],
});

기존 앱을 단계적으로 마이그레이션해야 한다면 명시적으로 opt-out 할 수 있습니다.

const app = createApp({
  controllers: [UserController],
  middlewares: [securityHeadersMiddleware()],
  securityValidation: "off",
});

기존 unsafeSkipSecurityValidation: true 플래그도 하위 호환용으로 지원되지만, 새 설정에는 securityValidation: 'off' 사용을 권장합니다.

Required middleware

| Middleware | Export | Purpose | | --------------------------- | ------------------------ | ------------------------------------------------------------------------------ | | securityHeadersMiddleware | @croco/transports-http | Sets HTTP security headers: HSTS, X-Frame-Options, X-Content-Type-Options, CSP | | corsMiddleware | @croco/transports-http | Configures Cross-Origin Resource Sharing policy | | bodyLimitMiddleware | @croco/transports-http | Caps request body size to prevent payload-based DoS | | rateLimitHttpMiddleware | @croco/transports-http | Applies rate limiting to HTTP requests |

All four are part of the public API and can be imported directly from @croco/transports-http. Unless securityValidation: 'off' is set, missing any of them will cause bootstrap validation to fail.

API 레퍼런스

  • 앱 런타임: createApp, CrocoApp, ErrorHandler, PipelineRunner, RouteCompiler
  • Lambda 연동: toLambdaHandler, getLambdaEvent, getLambdaContext, TypedLambdaHandler
  • 헬스체크: HealthCheckRegistry, HealthCheckFunction, HealthCheckResult
  • 본문 제한: bodyLimitMiddleware, kb, mb
  • 압축: compressionMiddleware
  • CORS: corsMiddleware
  • 종료 제어: gracefulShutdownMiddleware, setupGracefulShutdown, isShuttingDown, resetShutdownState
  • 레이트 리밋: rateLimitHttpMiddleware, createRateLimitMiddlewareFactory
  • 보안 헤더: securityHeadersMiddleware
  • 타입: AppConfig, CrocoHttpContext, CrocoRequest, CrocoResponse, LambdaEvent, LambdaResponse