npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

cgi-core

v1.2.3

Published

Lightweight, zero-dependency middleware for hosting CGI scripts with HTTP/1.1 support

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lfortinlfortin

Keywords

cgicgi-bincgi-serverhttphttp-servermiddlewarerfc3875serverzero-dependency

Readme

Node.js (install and test)

Features

  • ⚡ Zero dependency — no external packages required
  • 🌐 Full HTTP/1.1 support
  • 🧩 Simple middleware for handling CGI routes
  • 🛠️ Run from the CLI or embed directly in Node.js apps
  • ⚙️ Supports CGI scripts in any language (Perl, Python, Bash, Node.js, etc.)
  • 🔧 Fully configurable: timeouts, chunk sizes, environment variables, and more
  • 📜 Custom error/status pages per HTTP status code
  • 🛡️ Built-in path sanitization and error handling for safer execution

Why cgi-core?

Use cgi-core when you need:

  • A quick, local solution for hosting CGI scripts — Ideal for development environments or testing legacy scripts without setting up a full web server.
  • 🚀 An alternative to Apache for CGI hosting — Lightweight and easier to configure, especially when you don’t need the full overhead of traditional web servers.
  • 🔗 Seamless integration of legacy CGI scripts in modern Node.js apps — Embed CGI support directly in a Node.js or Express HTTP server, without external dependencies.

Whether you're debugging old Perl or Python scripts, prototyping a local CGI tool, or maintaining legacy infrastructure, cgi-core gives you a simple, modern, and flexible way to run CGI — all in pure Node.js.

Getting Started

Install the latest stable version of cgi-core:

npm install cgi-core

Then, start a CGI server:

npx cgi-server --filePath ./cgi-bin

Basic Usage

Here’s an example of how to set up a CGI server with cgi-core:

import { createServer } from "node:http";
import { createHandler } from "cgi-core";

// create a http server that handles CGI requests under the url path /cgi-bin

const handler = createHandler({
  urlPath: "/cgi-bin",
  filePath: "./cgi-bin",
  extensions: {
    "/usr/bin/perl": ["pl", "cgi"],
    "/usr/bin/python": ["py"],
    "/usr/local/bin/node": ["js", "node"],
  },
  debugOutput: false,
});

const app = createServer(async (req, res) => {
  const requestHandled = await handler(req, res);

  if (!requestHandled) {
    // here, handle any routing outside of urlPath === '/cgi-bin'
    res.writeHead(200, { "Content-Type": "text/plain" });
    res.end("outside of urlPath");
  }
});
app.listen(3000);

Usage example using Express.

Configuration options

urlPath

Base url for routing. Default: '/cgi-bin'

filePath

File path where the CGI scripts are located. It is strongly advised to set a value for filePath (example: './cgi-bin'). Default: process.cwd()

extensions

Object containing file extension values for given interpreter paths. If no interpreter path is found for a file extension, the CGI script will be called as a standalone executable. Default:

// on POSIX systems
{
  "/usr/bin/perl": ["pl", "cgi"],
  "/usr/bin/python": ["py"],
  "/usr/local/bin/node": ["js", "node"]
}

// on Windows systems
{
  "perl": ["pl", "cgi"],
  "python": ["py"],
  "node": ["js", "node"]
}

Note: On Windows, using an absolute path for the interpreter (e.g., C:\Program Files\Perl\perl.exe) is recommended for better performance and reliability. Relative paths (like perl) require shell resolution, which adds overhead and may fail in certain environments.

indexExtension

File extension to lookup for an index CGI script in any given directory. Default: 'js'

debugOutput

Set true to enable debug output. Default: false

logRequests

Set true to print HTTP request logs to STDOUT. Default: false

maxBuffer

Size of the allowed HTTP request and response payloads in bytes. Default: 2 * 1024 * 1024 (2 MB)

requestChunkSize

Size of the HTTP request payload data chunks in bytes, used for internal buffering when reading request data. Default: 32 * 1024 (32 KB)

responseChunkSize

Size of the HTTP response payload data chunks in bytes, applicable when Transfer-Encoding: chunked is used. If Content-Length is set, chunking is disabled, and the response is sent as a single block. Default: 32 * 1024 (32 KB)

requestTimeout

Timeout delay for the HTTP request in milliseconds. If the request takes longer than the specified time, the server will respond with a 504 Gateway Timeout error. Default: 30000 (30 seconds)

statusPages

Object containing custom HTTP response payloads per status code. Default: {}

// Example:
{
  404: {
    content: `<html>
                <body>404: File not found</body>
              </html>`,
    contentType: "text/html"
  },
  500: {
    content: `<html>
                <body>500: Internal server error</body>
              </html>`,
    contentType: "text/html"
  }
}

env

Object containing custom environment variables to pass to the CGI scripts. Default: {}

// Example:
{
  SERVER_ADMIN: "[email protected]",
  ANOTHER_VAR: "another value"
}

An updater function can also be passed to the env option to update the environment variables on each request. It gets the environment variables object and the incoming HTTP request as arguments.

// Example:
(env, req) => {
  return {
    SERVER_ADMIN: "[email protected]",
    ANOTHER_VAR: "another value",
    VALUE_FROM_REQUEST: req.headers["x-custom-header"],
  };
}

trustProxy

Set to true to trust proxy-related HTTP headers (X-Forwarded-For, X-Forwarded-Proto, and Host). This affects CGI environment variables such as:

  • REMOTE_ADDR — will use the leftmost IP in X-Forwarded-For
  • HTTPS — will be "on" if X-Forwarded-Proto is "https"
  • SERVER_NAME and SERVER_PORT — will be parsed from the Host header

Default: false

⚠️ Important: Only enable this if you are running behind a trusted reverse proxy (like Nginx or a load balancer). Enabling trustProxy when exposed to the public internet can allow header spoofing by clients.

Start a CGI Server from the Command Line

The command cgi-server can be used to run an HTTP server to serve CGI scripts.

npx cgi-server --port 3001 --urlPath /cgi-bin --filePath ./cgi-bin

Available arguments

  -h, --help                    Display help
  -v, --version                 Display cgi-core version string

  --urlPath <urlPath>           Set base url path for routing
  --filePath <filePath>         Set file path where the CGI scripts are located
  -p, --port <port>             Set the port to listen on

  --indexExtension <extension>  Set file extension to lookup for index files
  --maxBuffer <bytes>           Set the allowed HTTP request and response payloads size in bytes
  --requestChunkSize <bytes>    Set the HTTP request payload data chunks size in bytes
  --responseChunkSize <bytes>   Set the HTTP response payload data chunks size in bytes
  --requestTimeout <ms>         Set the HTTP request timeout delay in milliseconds
  --trustProxy                  Trust proxy headers (X-Forwarded-For, etc.)

  -d, --debugOutput             Output errors for HTTP status 500
  -l, --logRequests             Log HTTP requests to STDOUT

Supported CGI environment variables

In addition to the standard HTTP-related variables, the following CGI environment variables are supported:

AUTH_TYPE
CONTENT_LENGTH
CONTENT_TYPE
GATEWAY_INTERFACE
HTTPS
PATH
PATH_INFO
QUERY_STRING
REMOTE_ADDR
REQUEST_METHOD
REQUEST_URI
SCRIPT_FILENAME
SCRIPT_NAME
SERVER_NAME
SERVER_PORT
SERVER_PROTOCOL
SERVER_SOFTWARE

🔁 Using a Reverse Proxy (e.g., Nginx)

While cgi-core is capable of serving CGI scripts directly over HTTP/1.1, it's often recommended to use a reverse proxy like Nginx in front of your Node.js server for:

  • Improved performance via caching
  • Better static asset delivery
  • TLS termination and header management
  • Simplified load balancing or security

Example: nginx.conf

Below is an example Nginx configuration that:

  • Proxies /cgi-bin requests to the Node.js/cgi-core server running on localhost:3001
  • Enables caching for GET responses
  • Serves static assets directly from the filesystem with browser caching

⚠️ Disclaimer: This nginx.conf is intended for local testing only, not production use. The $host variable reflects client input and may be untrusted. When proxying to a local backend, always use a static Host value to avoid security issues like header spoofing or cache poisoning.

worker_processes 1;

events {
  worker_connections 1024;
}

http {
  proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=STATIC:10m max_size=100m inactive=60m use_temp_path=off;

  server {
    listen      3002;
    server_name 127.0.0.1;

    # Proxy CGI requests and enable caching
    location /cgi-bin {
      proxy_pass http://127.0.0.1:3001;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;

      proxy_cache STATIC;
      proxy_cache_methods GET;
      proxy_cache_key "$scheme$request_method$host$request_uri";
      proxy_cache_valid 200 302 10m;
      proxy_cache_valid 404 1m;
      add_header X-Proxy-Cache $upstream_cache_status;
    }

    # Serve static files and enable browser caching
    location / {
      root /path/to/your/htdocs;
      index index.htm index.html;

      location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
        expires 30d;
        add_header Cache-Control "public";
        access_log off;
      }
    }
  }
}

License

cgi-core is released under the MIT License.

100% Free: cgi-core can be used freely in both proprietary and open-source projects.

Attribution is required: You must retain the author's name and the license information in any distributed code. These items do not need to be user-facing and can remain within the codebase.