v5.4.0

There were no breaking changes to the API, the minimum version of Node is still v12.20.

Bug fixes

• If your local ws connection is insecure (HTTP) and you're rewriting one or more routes to a secure (HTTPS/HTTP2) remote server, if the remote response sets a cookie with the attribute secure then that attribute is removed (which is necessary else the browser will refuse to store it via an insecure connection). With this new release, lws-rewrite also removes SameSite=none if it is set alongside secure. See lwsjs/rewrite#14.
• Max body-parser file size is now 500MB by default (previously, lws would throw an error if attempting to parse a file greater than 1MB). #130
• Prevent stored config being parsed twice. Fixes #176
• Dependencies upgraded to address security warnings within the dep tree.

v5.3.0

New features since v5.2.1

• Added support for Private Network Access. To enable, set the --cors.private-network-access flag.

v5.1.0

New features since v5.0.0

• Support extended back to Node.js v12.20
  • This is because support for exports, conditional exports and exports patterns have been retro-fitted back to v12 (see the Package module history)

Upgrade notes

Users of Node.js v12.20 and above may now use local-web-server (previously, you needed a minimum of node v14). There are no further changes.

v5.0.0

This is a refresher release - there are no functional or behavioural changes to the web server itself.

Breaking changes since v4.2.1

• Dropped support for Node.js < v14
• Dropped support for CommonJS in general
• Dropped support for plugin prefixes
  • Previously, you could omit the lws- in plugin names, (i.e. you could use --stack static instead of --stack lws-static). This was ambigious and introduced the risk of incorrectly loading a module named static, if it existed.
• Several of the API methods have changed from sync to async, most importantly the Lws.create method. You now need to await the result.

  const lws = await Lws.create()
  

New feature

• The default config file lws.config.js may now also be named lws.config.mjs or lws.config.cjs if preferred.

Other improvements

• All source code converted from CommonJS to ECMAScript modules.
• All dependencies upgraded.

Upgrade notes

• If you previously used shortened plugin names (e.g. --stack static) please use the full name (e.g. --stack lws-static)
• If you launch a server using Lws.create you must now await the result.
• Lws can now only be used programmatically from ECMAScript modules - you must use import to load the library.

v4.2.0

New features since v4.1.0

• Added a command-line tool to help develop and debug --rewrite rules. This greatly speeds up the development of custom rewrites. Full documentation here.

  • An example, testing a rewrite to a remote server:

    $ npx lws-rewrite '/npm/:pkg' 'https://npmjs.org/package/:pkg' '/npm/renamer'
    https://npmjs.org/package/renamer
    

  • The same feature has also been added to lws-redirect.

v4.1.0

New features since v4.0.0

• Added --qr option to display a QR Code for the chosen URL.
  • Feature request: #148, PR: lwsjs/lws#16.
  • Usage instructions: Open a web app in your mobile browser by scanning a QR code
• Added --list-network-interfaces to display the available network interface names. Used in conjunction with the --qr option.

Other

• Added contribution guidelines.

v4.0.0

Breaking changes since v3.0.7

• Dropped support for Node versions < 10.

New features

• When local-web-server is running in plain HTTP mode (not HTTPS or HTTP2), stripping the secure attribute from remote, rewrite-target cookies is now the default behaviour. Set the --rewrite.keep-secure-attr flag to disable this. #141

Other improvements

• All dependencies updated to latest versions.

v3.0.0

Breaking changes since v2.6.1

• Removed support for Node versions less than v8.
• Removed --websocket option.
  • You can implement websocket support using a middleware plugin, see here for an example.
• Removed --server option.
  • Its primary use case was to supply a third-party HTTP2 server. This is no longer required since HTTP2 is now included with node.
• Removed mock-responses from the default stack, however you can still use the plugin in a custom stack.
  • Since it's easy enough to create mock responses using vanilla middleware functions, the plugin didn't get much use.
• New programmatic API.
• New Middleware plugin API.
• New View plugin API.
• ws middleware-list command is now ws --default-stack.
• --rewrite has been upgraded to use the latest version of path-to-regexp, which has changed the syntax for the wildcard asterix.

New features

• --static.extensions. #120, docs
• --spa.asset-test-fs lwsjs/spa#1, docs
• --rewrite now works behind an HTTP proxy. #114
• configFile is now honoured when using programmatic API. #115
• Lots of new API and wiki documentation written with more to come.

Other fixes

• Middleware stack plugin loading now works correctly with Node v12.
• Upgraded and optimised dependency tree.

Upgrade notes

Some tips on upgrading from v2 to v3.

• If you use --rewrite and have an asterix wildcard in your from expression (e.g. /api/*) you'll need to change the asterix to (.*), e.g. /api/(.*).
• To upgrade your middleware plugin, check the new API docs. The only difference is that the exported plugin is now a plain class, not a decorator function as before.
• The main difference with the new programmatic API is that you now launch a server with LocalWebServer.create rather than localWebServer.listen as before.
• If you use lws-mock-responses, you'll need to install the plugin into your project then include it in a custom stack - example below.

  npm i --save-dev lws-mock-responses
  ws --stack mock-responses static index
  

If you have any questions, post an issue - thanks.

v2.5.0

New features since v2.4.0

Added --http2 option, which uses node's built-in HTTP2 support. See this wiki page for usage examples.

v2.2.3

Bug fix

The built-in --https certificate had expired. This release contains a new certificate valid for ten years. You may need to mark the new certificate as trusted.