or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

index.md
tile.json

tessl/npm-serve-static

Express.js middleware for serving static files from a directory with configurable caching, security, and file handling options

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/serve-static@2.2.x

To install, run

npx @tessl/cli install tessl/npm-serve-static@2.2.0

index.mddocs/

serve-static

serve-static provides Express.js middleware for serving static files from a directory. It enables web servers to efficiently serve static assets like HTML, CSS, JavaScript, images, and other files with configurable options for caching, security, and file handling.

Package Information

  • Package Name: serve-static
  • Package Type: npm
  • Language: JavaScript
  • Installation: npm install serve-static

Core Imports

const serveStatic = require('serve-static');

Basic Usage

const express = require('express');
const serveStatic = require('serve-static');

const app = express();

// Basic static file serving
app.use(serveStatic('public'));

// With options
app.use(serveStatic('public', {
  index: ['index.html', 'index.htm'],
  maxAge: '1d',
  dotfiles: 'ignore'
}));

app.listen(3000);

Capabilities

Middleware Factory Function

Creates a new middleware function to serve files from within a given root directory.

/**
 * Create a new middleware function to serve files from within a given root directory
 * @param {string} root - Root directory path for serving files (required)
 * @param {ServeStaticOptions} options - Configuration options (optional)
 * @returns {Function} Express/Connect middleware function
 * @throws {TypeError} When root path is missing or not a string
 * @throws {TypeError} When setHeaders option is not a function
 */
function serveStatic(root, options);

Usage Examples:

// Basic usage
const serve = serveStatic('public/assets');

// With comprehensive options
const serve = serveStatic('public', {
  index: ['index.html', 'default.html'],
  maxAge: '1 day',
  etag: true,
  lastModified: true,
  dotfiles: 'ignore',
  fallthrough: true,
  redirect: true,
  setHeaders: function(res, path, stat) {
    res.setHeader('X-Timestamp', Date.now());
  }
});

// Express integration
const express = require('express');
const app = express();
app.use('/static', serve);

// Vanilla Node.js integration
const http = require('http');
const finalhandler = require('finalhandler');
const server = http.createServer(function(req, res) {
  serve(req, res, finalhandler(req, res));
});

Returned Middleware Function

The middleware function returned by serveStatic() handles HTTP requests for static files.

/**
 * Express/Connect middleware function for serving static files
 * @param {Object} req - HTTP request object
 * @param {Object} res - HTTP response object  
 * @param {Function} next - Next middleware function
 */
function middleware(req, res, next);

Configuration Options

All options are passed as properties of an options object to the serveStatic() function:

acceptRanges

/**
 * Enable or disable accepting ranged requests
 * @type {boolean}
 * @default true
 */
acceptRanges: boolean;

cacheControl

/**
 * Enable or disable setting Cache-Control response header
 * @type {boolean}
 * @default true
 */
cacheControl: boolean;

dotfiles

/**
 * Set how "dotfiles" are treated when encountered
 * @type {string}
 * @default 'ignore'
 * @values 'allow' | 'deny' | 'ignore'
 */
dotfiles: 'allow' | 'deny' | 'ignore';
  • 'allow' - No special treatment for dotfiles
  • 'deny' - Deny a request for a dotfile and 403/next()
  • 'ignore' - Pretend like the dotfile does not exist and 404/next()

etag

/**
 * Enable or disable etag generation
 * @type {boolean}
 * @default true
 */
etag: boolean;

extensions

/**
 * Set file extension fallbacks for when files are not found
 * @type {string[] | false}
 * @default false
 * @example ['html', 'htm']
 */
extensions: string[] | false;

fallthrough

/**
 * Set the middleware to have client errors fall-through as just unhandled requests
 * @type {boolean}
 * @default true
 */
fallthrough: boolean;

immutable

/**
 * Enable or disable the immutable directive in the Cache-Control response header
 * @type {boolean}
 * @default false
 */
immutable: boolean;

index

/**
 * Directory index file configuration
 * @type {string | string[] | false}
 * @default 'index.html'
 */
index: string | string[] | false;

lastModified

/**
 * Enable or disable Last-Modified header
 * @type {boolean}
 * @default true
 */
lastModified: boolean;

maxAge

/**
 * Provide a max-age in milliseconds for http caching
 * @type {number | string}
 * @default 0
 */
maxAge: number | string;

Also accepts string format compatible with the ms module (e.g., '1d', '2h', '30m').

maxage

/**
 * Alias for maxAge option
 * @type {number | string}
 * @default 0
 */
maxage: number | string;

redirect

/**
 * Redirect to trailing "/" when the pathname is a dir
 * @type {boolean}
 * @default true
 */
redirect: boolean;

setHeaders

/**
 * Function to set custom headers on response
 * @type {Function}
 * @param {Object} res - The response object
 * @param {string} path - The file path that is being sent
 * @param {Object} stat - The stat object of the file that is being sent
 */
setHeaders: (res, path, stat) => void;

Usage Example:

const serve = serveStatic('public', {
  setHeaders: function(res, path, stat) {
    // Set cache headers based on file type
    if (path.endsWith('.html')) {
      res.setHeader('Cache-Control', 'public, max-age=0');
    }
    // Add security headers
    res.setHeader('X-Content-Type-Options', 'nosniff');
  }
});

Types

/**
 * Configuration options for serve-static middleware
 */
interface ServeStaticOptions {
  acceptRanges?: boolean;
  cacheControl?: boolean;
  dotfiles?: 'allow' | 'deny' | 'ignore';
  etag?: boolean;
  extensions?: string[] | false;
  fallthrough?: boolean;
  immutable?: boolean;
  index?: string | string[] | false;
  lastModified?: boolean;
  maxAge?: number | string;
  maxage?: number | string;
  redirect?: boolean;
  setHeaders?: (res: Object, path: string, stat: Object) => void;
}

Error Handling

The middleware handles various error conditions based on configuration:

  • 405 Method Not Allowed: For non-GET/HEAD requests when fallthrough is false
  • 404 Not Found: For missing files/directories
  • Server Errors (≥500): Always forwarded to next(err)
  • Client Errors (<500): Handled based on fallthrough setting
    • When fallthrough is true: calls next() to continue to next middleware
    • When fallthrough is false: calls next(err) to forward the error

Integration Patterns

Express.js Application

const express = require('express');
const serveStatic = require('serve-static');

const app = express();

// Single directory
app.use(serveStatic('public'));

// Multiple directories with fallback
app.use(serveStatic('public-optimized'));
app.use(serveStatic('public'));

// Mount at specific path
app.use('/assets', serveStatic('public/assets'));

app.listen(3000);

Vanilla Node.js HTTP Server

const http = require('http');
const finalhandler = require('finalhandler');
const serveStatic = require('serve-static');

const serve = serveStatic('public', {
  index: ['index.html', 'index.htm']
});

const server = http.createServer(function(req, res) {
  serve(req, res, finalhandler(req, res));
});

server.listen(3000);

Force Download Headers

const contentDisposition = require('content-disposition');
const serveStatic = require('serve-static');

const serve = serveStatic('public/downloads', {
  index: false,
  setHeaders: function(res, path) {
    res.setHeader('Content-Disposition', contentDisposition(path));
  }
});