.github/workflows/ci.yml

@@ -1,149 +1,47 @@
 name: ci
 
 on:
-- pull_request
-- push
+  push:
+    branches:
+      - master
+      - '2.0'
+    paths-ignore:
+      - '*.md'
+  pull_request:
+    paths-ignore:
+      - '*.md'
 
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         name:
-        - Node.js 0.8
-        - Node.js 0.10
-        - Node.js 0.12
-        - io.js 1.x
-        - io.js 2.x
-        - io.js 3.x
-        - Node.js 4.x
-        - Node.js 5.x
-        - Node.js 6.x
-        - Node.js 7.x
-        - Node.js 8.x
-        - Node.js 9.x
-        - Node.js 10.x
-        - Node.js 11.x
-        - Node.js 12.x
-        - Node.js 13.x
-        - Node.js 14.x
-        - Node.js 15.x
-        - Node.js 16.x
-        - Node.js 17.x
+        - Node.js 18.x
+        - Node.js 20.x
+        - Node.js 22.x
 
         include:
-        - name: Node.js 0.8
-          node-version: "0.8"
-          npm-i: mocha@2.5.3 supertest@1.1.0
-          npm-rm: nyc
+        - name: Node.js 18.x
+          node-version: "18"
 
-        - name: Node.js 0.10
-          node-version: "0.10"
-          npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
+        - name: Node.js 20.x
+          node-version: "20"
 
-        - name: Node.js 0.12
-          node-version: "0.12"
-          npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
-
-        - name: io.js 1.x
-          node-version: "1.8"
-          npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
-
-        - name: io.js 2.x
-          node-version: "2.5"
-          npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
-
-        - name: io.js 3.x
-          node-version: "3.3"
-          npm-i: mocha@3.5.3 nyc@10.3.2 supertest@2.0.0
-
-        - name: Node.js 4.x
-          node-version: "4.9"
-          npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2
-
-        - name: Node.js 5.x
-          node-version: "5.12"
-          npm-i: mocha@5.2.0 nyc@11.9.0 supertest@3.4.2
-
-        - name: Node.js 6.x
-          node-version: "6.17"
-          npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6
-
-        - name: Node.js 7.x
-          node-version: "7.10"
-          npm-i: mocha@6.2.3 nyc@14.1.1 supertest@6.1.6
-
-        - name: Node.js 8.x
-          node-version: "8.16"
-          npm-i: mocha@7.2.0
-
-        - name: Node.js 9.x
-          node-version: "9.11"
-          npm-i: mocha@7.2.0
-
-        - name: Node.js 10.x
-          node-version: "10.24"
-          npm-i: mocha@8.4.0
-
-        - name: Node.js 11.x
-          node-version: "11.15"
-          npm-i: mocha@8.4.0
-
-        - name: Node.js 12.x
-          node-version: "12.22"
-
-        - name: Node.js 13.x
-          node-version: "13.14"
-
-        - name: Node.js 14.x
-          node-version: "14.19"
-
-        - name: Node.js 15.x
-          node-version: "15.14"
-
-        - name: Node.js 16.x
-          node-version: "16.14"
-
-        - name: Node.js 17.x
-          node-version: "17.8"
+        - name: Node.js 22.x
+          node-version: "22"
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
 
     - name: Install Node.js ${{ matrix.node-version }}
       shell: bash -eo pipefail -l {0}
       run: |
         nvm install --default ${{ matrix.node-version }}
-        if [[ "${{ matrix.node-version }}" == 0.* && "$(cut -d. -f2 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then
-          nvm install --alias=npm 0.10
-          nvm use ${{ matrix.node-version }}
-          sed -i '1s;^.*$;'"$(printf '#!%q' "$(nvm which npm)")"';' "$(readlink -f "$(which npm)")"
-          npm config set strict-ssl false
-        fi
         dirname "$(nvm which ${{ matrix.node-version }})" >> "$GITHUB_PATH"
 
     - name: Configure npm
-      run: npm config set shrinkwrap false
-
-    - name: Remove npm module(s) ${{ matrix.npm-rm }}
-      run: npm rm --silent --save-dev ${{ matrix.npm-rm }}
-      if: matrix.npm-rm != ''
-
-    - name: Install npm module(s) ${{ matrix.npm-i }}
-      run: npm install --save-dev ${{ matrix.npm-i }}
-      if: matrix.npm-i != ''
-
-    - name: Setup Node.js version-specific dependencies
-      shell: bash
-      run: |
-        # eslint for linting
-        # - remove on Node.js < 10
-        if [[ "$(cut -d. -f1 <<< "${{ matrix.node-version }}")" -lt 10 ]]; then
-          node -pe 'Object.keys(require("./package").devDependencies).join("\n")' | \
-            grep -E '^eslint(-|$)' | \
-            sort -r | \
-            xargs -n1 npm rm --silent --save-dev
-        fi
+      run: npm config set package-lock false
 
     - name: Install Node.js dependencies
       run: npm install
@@ -159,20 +57,14 @@ jobs:
 
     - name: Run tests
       shell: bash
-      run: |
-        if npm -ps ls nyc | grep -q nyc; then
-          npm run test-ci
-        else
-          npm test
-        fi
+      run: npm run test-ci
 
     - name: Lint code
       if: steps.list_env.outputs.eslint != ''
       run: npm run lint
 
     - name: Collect code coverage
       uses: coverallsapp/github-action@master
-      if: steps.list_env.outputs.nyc != ''
       with:
         github-token: ${{ secrets.GITHUB_TOKEN }}
         flag-name: run-${{ matrix.test_number }}
@@ -182,7 +74,7 @@ jobs:
     needs: test
     runs-on: ubuntu-latest
     steps:
-    - name: Uploade code coverage
+    - name: Upload code coverage
       uses: coverallsapp/github-action@master
       with:
         github-token: ${{ secrets.github_token }}

.github/workflows/scorecard.yml

@@ -0,0 +1,70 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '16 21 * * 1'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f # v2.23.2
+        with:
+          sarif_file: results.sarif

HISTORY.md

@@ -1,3 +1,31 @@
+2.0.0 / 2024-08-23
+==================
+
+* deps: 
+  * parseurl@^1.3.3
+  * excape-html@^1.0.3
+  * encodeurl@^2.0.0
+  * supertest@^6.3.4
+  * safe-buffer@^5.2.1
+  * nyc@^17.0.0
+  * mocha@^10.7.0
+* Changes from 1.x
+
+2.0.0-beta.2 / 2024-03-20
+=========================
+
+  * deps: send@1.0.0-beta.2
+
+2.0.0-beta.1 / 2022-02-05
+=========================
+
+  * Change `dotfiles` option default to `'ignore'`
+  * Drop support for Node.js 0.8
+  * Remove `hidden` option; use `dotfiles` option instead
+  * deps: send@1.0.0-beta.1
+    - Use `mime-types` for file to content type mapping
+    - deps: debug@3.1.0
+
 1.15.0 / 2022-03-24
 ===================
 

README.md

@@ -45,7 +45,7 @@ true. Disabling this will ignore the `immutable` and `maxAge` options.
 
 ##### dotfiles
 
- Set how "dotfiles" are treated when encountered. A dotfile is a file
+Set how "dotfiles" are treated when encountered. A dotfile is a file
 or directory that begins with a dot ("."). Note this check is done on
 the path itself without checking if the path actually exists on the
 disk. If `root` is specified, only the dotfiles above the root are
@@ -56,8 +56,7 @@ to "deny").
   - `'deny'` Deny a request for a dotfile and 403/`next()`.
   - `'ignore'` Pretend like the dotfile does not exist and 404/`next()`.
 
-The default value is similar to `'ignore'`, with the exception that this
-default will not ignore the files within a directory that begins with a dot.
+The default value is `'ignore'`.
 
 ##### etag
 
@@ -215,7 +214,7 @@ app.listen(3000)
 #### Different settings for paths
 
 This example shows how to set a different max age depending on the served
-file type. In this example, HTML files are not cached, while everything else
+file. In this example, HTML files are not cached, while everything else
 is for 1 day.
 
 ```js
@@ -232,8 +231,8 @@ app.use(serveStatic(path.join(__dirname, 'public'), {
 
 app.listen(3000)
 
-function setCustomCacheControl (res, path) {
-  if (serveStatic.mime.lookup(path) === 'text/html') {
+function setCustomCacheControl (res, file) {
+  if (path.extname(file) === '.html') {
     // Custom Cache-Control for HTML files
     res.setHeader('Cache-Control', 'public, max-age=0')
   }

appveyor.yml

@@ -41,15 +41,12 @@ install:
   # Setup Node.js version-specific dependencies
   - ps: |
       # mocha for testing
-      # - use 2.x for Node.js < 0.10
       # - use 3.x for Node.js < 4
       # - use 5.x for Node.js < 6
       # - use 6.x for Node.js < 8
       # - use 7.x for Node.js < 10
       # - use 8.x for Node.js < 12
-      if ([int]$env:nodejs_version.split(".")[0] -eq 0 -and [int]$env:nodejs_version.split(".")[1] -lt 10) {
-        npm install --silent --save-dev mocha@2.5.3
-      } elseif ([int]$env:nodejs_version.split(".")[0] -lt 4) {
+      if ([int]$env:nodejs_version.split(".")[0] -lt 4) {
         npm install --silent --save-dev mocha@3.5.3
       } elseif ([int]$env:nodejs_version.split(".")[0] -lt 6) {
         npm install --silent --save-dev mocha@5.2.0
@@ -62,13 +59,9 @@ install:
       }
   - ps: |
       # supertest for http calls
-      # - use 1.1.0 for Node.js < 0.10
       # - use 2.0.0 for Node.js < 4
       # - use 3.4.2 for Node.js < 6
-      # - use 6.1.6 for Node.js < 8
-      if ([int]$env:nodejs_version.split(".")[0] -eq 0 -and [int]$env:nodejs_version.split(".")[1] -lt 10) {
-        npm install --silent --save-dev supertest@1.1.0
-      } elseif ([int]$env:nodejs_version.split(".")[0] -lt 4) {
+      if ([int]$env:nodejs_version.split(".")[0] -lt 4) {
         npm install --silent --save-dev supertest@2.0.0
       } elseif ([int]$env:nodejs_version.split(".")[0] -lt 6) {
         npm install --silent --save-dev supertest@3.4.2

index.js

@@ -26,7 +26,6 @@ var url = require('url')
  */
 
 module.exports = serveStatic
-module.exports.mime = send.mime
 
 /**
  * @param {string} root