@serve.zone/opencdn
🚀 A blazing-fast CDN that serves files directly from npm packages
@serve.zone/opencdn is a lightweight, TypeScript-powered CDN server that allows you to serve specific files from npm packages. Think of it as your own private unpkg/jsdelivr, but with fine-grained control over which packages are accessible.
Issue Reporting and Security
For reporting bugs, issues, or security vulnerabilities, please visit community.foss.global/. This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a code.foss.global/ account to submit Pull Requests directly.
✨ Features
- 📦 Package Allowlisting - Only serve files from packages you explicitly approve
- 🔢 Version Support - Request specific versions, version ranges, or dist-tags
- ⚡ Smart Caching - Built-in cache headers for optimal performance
- 🗜️ Compression - Automatic gzip compression for smaller payloads
- 🔍 Peek Mode - Dev mode includes a UI to browse available packages and files
- 📄 MIME Type Detection - Automatic content-type detection for served files
- 🌐 CORS Ready - Cross-origin requests supported out of the box
📦 Installation
pnpm add @serve.zone/opencdn
🚀 Quick Start
import { UiPublicServer } from '@serve.zone/opencdn';
const server = new UiPublicServer({
port: 3000,
npmRegistryUrl: 'https://registry.npmjs.org/',
allowedPackages: [
'@push.rocks/smartfile',
'@push.rocks/smartpromise',
// Add more packages as needed
],
packageBaseDirectory: './', // Path within packages to serve from
mode: 'dev', // 'dev' or 'prod'
});
await server.startServer();
📡 API Endpoints
Once running, access files using this URL pattern:
http://localhost:3000/@scope/package-name/path/to/file.js?version=1.2.3
Query Parameters
| Parameter | Description | Example |
|---|---|---|
version |
Semver version or range | 1.2.3, ^1.0.0, 2.x.x |
disttag |
Dist tag name | latest, beta, next |
Examples
# Get the readme from latest version
curl http://localhost:3000/@push.rocks/smartfile/readme.md
# Get package.json from specific version
curl http://localhost:3000/@push.rocks/smartfile/package.json?version=10.0.0
# Get a file using version range
curl http://localhost:3000/@push.rocks/smartfile/dist_ts/index.js?version=11.x.x
⚙️ Configuration Options
interface IPublicServerOptions {
port?: number; // Server port (default: 8080)
npmRegistryUrl?: string; // npm registry URL (default: https://registry.npmjs.org)
allowedPackages?: string[]; // Array of allowed package names
packageBaseDirectory?: string; // Base path within packages (default: './')
mode: 'dev' | 'prod'; // Server mode
log?: boolean; // Enable request logging (default: true)
}
🔧 Dev Mode Features
When running in dev mode, you get access to additional endpoints:
/peek/- Browse all allowlisted packages and their files/readme/- View the server's readme as HTML
These endpoints help you explore what's available without needing to know exact file paths.
🏗️ Architecture
┌─────────────────────────────────────────────────────────┐
│ Client Request │
│ GET /@scope/package/path/to/file.js?version=1.2.3 │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ UiPublicServer │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────────┐ │
│ │ Allowlist │ │ Cache │ │ GZIP │ │
│ │ Check │──│ Layer │──│ Compression │ │
│ └─────────────┘ └─────────────┘ └─────────────────┘ │
└─────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────┐
│ npm Registry │
│ (fetch package tarball) │
└─────────────────────────────────────────────────────────┘
🔒 Security
- Allowlisting - Only explicitly allowed packages can be served
- Path Validation - Requests are validated against the allowed package base directory
- No Arbitrary Execution - The server only serves static files, no code execution
🛠️ Use Cases
- Microservices - Serve shared frontend assets across multiple services
- Internal CDN - Host internal packages for your organization
- Development - Quick access to npm package files during development
- Documentation - Serve package documentation directly
📊 Response Headers
The server sets appropriate headers for caching and content delivery:
| Header | Value |
|---|---|
content-type |
Detected MIME type |
content-length |
File size in bytes |
cache-control |
max-age based on version specificity |
access-control-allow-origin |
* (configurable) |
License and Legal Information
This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the LICENSE file.
Please note: The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
Trademarks
This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
Company Information
Task Venture Capital GmbH Registered at District Court Bremen HRB 35230 HB, Germany
For any legal inquiries or further information, please contact us via email at hello@task.vc.
By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.