npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ep_disable_import_export_buttons

v0.0.33

Published

A plugin to disable and hide the Import/Export buttons from Etherpad UI toolbar.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dcastelonedcastelone

Keywords

Readme

ep_disable_import_export_buttons

Disable and hide the Import/Export buttons from the Etherpad toolbar and block import/export requests at the server level.

Features

  • Client-side UI hiding with static CSS (no flash on page load)
  • Server-side request blocking via preAuthorize hook
  • Logs blocked attempts with IP addresses for security monitoring
  • HTTP API access remains available for server-to-server operations

Installation

From the Etherpad root directory run:

cd etherpad-lite
pnpm run plugins i ep_disable_import_export_buttons

Or install via the /admin/plugins page.

After installing, restart Etherpad.

How It Works

This plugin provides three layers of protection:

  1. Static CSS - Hides the UI button immediately on page load (no flash)
  2. Client-side JavaScript - Disables button interactions
  3. Server-side preAuthorize hook - Blocks HTTP requests to import/export endpoints

All import/export operations are blocked for regular users. The HTTP API remains functional if accessed with valid API credentials.

Comparison with native Settings-Based Approaches

Toolbar Configuration (e.g., settings.json toolbar customization):

  • May only hide the UI button and does not seem to work with my etherpad version (2.3.2)

Rate Limiting (importExportRateLimiting in settings.json):

  • Throttles the number of requests per IP address
  • Does not disable the functionality, only limits frequency
  • Suitable for preventing abuse while keeping the feature available

This Plugin:

  • Completely blocks import/export for browser users
  • Appropriate when you need to enforce the restriction regardless of client behavior
  • HTTP API access with credentials is unaffected

Configuration

No configuration is necessary – once installed, import/export is disabled for all pads accessed via the web UI.

Development

  • Static CSS in static/css/disable.css is registered by the server hook to hide the button immediately on page load.
  • Client-side JavaScript in static/js/disable.js hides the button and disables interactions as a safeguard.
  • Server-side preAuthorize hook in server/hooks.js blocks all import/export HTTP requests.
    • Blocks POST /p/:pad/import
    • Blocks GET /p/:pad/export/:type and GET /p/:pad/:rev/export/:type
    • Logs blocked attempts with IP address for security monitoring.

License

Apache 2.0 – see LICENSE.md.