Add code from express-unpkg repo

2017-05-25 11:25:42 -07:00
parent f7019626a2
commit f9a21522c2
15 changed files with 954 additions and 196 deletions
--- a/server/middleware/FileUtils.js
+++ b/server/middleware/FileUtils.js
@ -0,0 +1,35 @@
+const fs = require('fs')
+const mime = require('mime')
+
+const TextFiles = /\/?(LICENSE|README|CHANGES|AUTHORS|Makefile|\.[a-z]*rc|\.git[a-z]*|\.[a-z]*ignore)$/i
+
+const getContentType = (file) =>
+  TextFiles.test(file) ? 'text/plain' : mime.lookup(file)
+
+const getStats = (file) =>
+  new Promise((resolve, reject) => {
+    fs.lstat(file, (error, stats) => {
+      if (error) {
+        reject(error)
+      } else {
+        resolve(stats)
+      }
+    })
+  })
+
+const getFileType = (stats) => {
+  if (stats.isFile()) return 'file'
+  if (stats.isDirectory()) return 'directory'
+  if (stats.isBlockDevice()) return 'blockDevice'
+  if (stats.isCharacterDevice()) return 'characterDevice'
+  if (stats.isSymbolicLink()) return 'symlink'
+  if (stats.isSocket()) return 'socket'
+  if (stats.isFIFO()) return 'fifo'
+  return 'unknown'
+}
+
+module.exports = {
+  getContentType,
+  getStats,
+  getFileType
+}
--- a/server/middleware/IndexUtils.js
+++ b/server/middleware/IndexUtils.js
@ -0,0 +1,41 @@
+const fs = require('fs')
+const path = require('path')
+const React = require('react')
+const ReactDOMServer = require('react-dom/server')
+const IndexPage = require('./components/IndexPage')
+const { getStats } = require('./FileUtils')
+
+const e = React.createElement
+
+const getEntries = (dir) =>
+  new Promise((resolve, reject) => {
+    fs.readdir(dir, (error, files) => {
+      if (error) {
+        reject(error)
+      } else {
+        resolve(
+          Promise.all(
+            files.map(file => getStats(path.join(dir, file)))
+          ).then(
+            statsArray => statsArray.map(
+              (stats, index) => ({ file: files[index], stats })
+            )
+          )
+        )
+      }
+    })
+  })
+
+const DOCTYPE = '<!DOCTYPE html>'
+
+const generateIndexPage = (props) =>
+  DOCTYPE + ReactDOMServer.renderToStaticMarkup(e(IndexPage, props))
+
+const generateDirectoryIndexHTML = (packageInfo, version, baseDir, dir, callback) =>
+  getEntries(path.join(baseDir, dir))
+    .then(entries => generateIndexPage({ packageInfo, version, dir, entries }))
+    .then(html => callback(null, html), callback)
+
+module.exports = {
+  generateDirectoryIndexHTML
+}
--- a/server/middleware/MetadataUtils.js
+++ b/server/middleware/MetadataUtils.js
@ -0,0 +1,51 @@
+const fs = require('fs')
+const { join: joinPaths } = require('path')
+const { getContentType, getStats, getFileType } = require('./FileUtils')
+
+const getEntries = (baseDir, path, maximumDepth) =>
+  new Promise((resolve, reject) => {
+    fs.readdir(joinPaths(baseDir, path), (error, files) => {
+      if (error) {
+        reject(error)
+      } else {
+        resolve(
+          Promise.all(
+            files.map(f => getStats(joinPaths(baseDir, path, f)))
+          ).then(
+            statsArray => Promise.all(statsArray.map(
+              (stats, index) => getMetadata(baseDir, joinPaths(path, files[index]), stats, maximumDepth - 1)
+            ))
+          )
+        )
+      }
+    })
+  })
+
+const formatTime = (time) =>
+  new Date(time).toISOString()
+
+const getMetadata = (baseDir, path, stats, maximumDepth) => {
+  const metadata = {
+    path,
+    lastModified: formatTime(stats.mtime),
+    contentType: getContentType(path),
+    size: stats.size,
+    type: getFileType(stats)
+  }
+
+  if (!stats.isDirectory() || maximumDepth === 0)
+    return Promise.resolve(metadata)
+
+  return getEntries(baseDir, path, maximumDepth).then(files => {
+    metadata.files = files
+    return metadata
+  })
+}
+
+const generateMetadata = (baseDir, path, stats, maximumDepth, callback) =>
+  getMetadata(baseDir, path, stats, maximumDepth)
+    .then(metadata => callback(null, metadata), callback)
+
+module.exports = {
+  generateMetadata
+}
--- a/server/middleware/PackageUtils.js
+++ b/server/middleware/PackageUtils.js
@ -0,0 +1,59 @@
+const { parse: parseURL } = require('url')
+
+const URLFormat = /^\/((?:@[^\/@]+\/)?[^\/@]+)(?:@([^\/]+))?(\/.*)?$/
+
+const decodeParam = (param) =>
+  param && decodeURIComponent(param)
+
+const ValidQueryKeys = {
+  main: true,
+  json: true
+}
+
+const queryIsValid = (query) =>
+  Object.keys(query).every(key => ValidQueryKeys[key])
+
+const parsePackageURL = (url) => {
+  const { pathname, search, query } = parseURL(url, true)
+
+  if (!queryIsValid(query))
+    return null
+
+  const match = URLFormat.exec(pathname)
+
+  if (match == null)
+    return null
+
+  const packageName = match[1]
+  const version = decodeParam(match[2]) || 'latest'
+  const filename = decodeParam(match[3])
+
+  return {        // If the URL is /@scope/name@version/path.js?main=browser:
+    pathname,     // /@scope/name@version/path.js
+    search,       // ?main=browser
+    query,        // { main: 'browser' }
+    packageName,  // @scope/name
+    version,      // version
+    filename      // /path.js
+  }
+}
+
+const createPackageURL = (packageName, version, filename, search) => {
+  let pathname = `/${packageName}`
+
+  if (version != null)
+    pathname += `@${version}`
+
+  if (filename != null)
+    pathname += filename
+
+  if (search)
+    pathname += search
+
+  return pathname
+}
+
+module.exports = {
+  parsePackageURL,
+  createPackageURL
+}
--- a/server/middleware/RegistryCache.js
+++ b/server/middleware/RegistryCache.js
@ -0,0 +1,49 @@
+const redis = require('redis')
+const createLRUCache = require('lru-cache')
+
+const createRedisCache = (redisURL) => {
+  const client = redis.createClient(redisURL)
+
+  const createKey = (key) => 'registry:' + key
+
+  const set = (key, value, expiry) => {
+    client.set(createKey(key), JSON.stringify(value))
+    client.pexpire(createKey(key), expiry)
+  }
+
+  const get = (key, callback) => {
+    client.get(createKey(key), (error, value) => {
+      callback(error, value && JSON.parse(value))
+    })
+  }
+
+  const del = (key) => {
+    client.del(createKey(key))
+  }
+
+  return { set, get, del }
+}
+
+const createMemoryCache = (options) => {
+  const cache = createLRUCache(options)
+
+  const set = (key, value, expiry) => {
+    cache.set(key, value, expiry)
+  }
+
+  const get = (key, callback) => {
+    callback(null, cache.get(key))
+  }
+
+  const del = (key) => {
+    cache.del(key)
+  }
+
+  return { set, get, del }
+}
+
+const RegistryCache = process.env.REDIS_URL
+  ? createRedisCache(process.env.REDIS_URL)
+  : createMemoryCache({ max: 1000 })
+
+module.exports = RegistryCache
--- a/server/middleware/RegistryUtils.js
+++ b/server/middleware/RegistryUtils.js
@ -0,0 +1,104 @@
+require('isomorphic-fetch')
+const debug = require('debug')
+const gunzip = require('gunzip-maybe')
+const mkdirp = require('mkdirp')
+const tar = require('tar-fs')
+const RegistryCache = require('./RegistryCache')
+
+const log = debug('express-unpkg')
+
+const getPackageInfoFromRegistry = (registryURL, packageName) => {
+  let encodedPackageName
+  if (packageName.charAt(0) === '@') {
+    encodedPackageName = `@${encodeURIComponent(packageName.substring(1))}`
+  } else {
+    encodedPackageName = encodeURIComponent(packageName)
+  }
+
+  const url = `${registryURL}/${encodedPackageName}`
+
+  return fetch(url, {
+    headers: { 'Accept': 'application/json' }
+  }).then(response => (
+    response.status === 404 ? null : response.json()
+  ))
+}
+
+const OneMinute = 60 * 1000
+const PackageNotFound = 'PackageNotFound'
+
+const getPackageInfo = (registryURL, packageName, callback) => {
+  const cacheKey = registryURL + packageName
+
+  RegistryCache.get(cacheKey, (error, value) => {
+    if (error) {
+      callback(error)
+    } else if (value) {
+      callback(null, value === PackageNotFound ? null : value)
+    } else {
+      log('Registry cache miss for package %s', packageName)
+
+      getPackageInfoFromRegistry(registryURL, packageName).then(value => {
+        if (value == null) {
+          // Keep 404s in the cache for 5 minutes. This prevents us
+          // from making unnecessary requests to the registry for
+          // bad package names. In the worst case, a brand new
+          // package's info will be available within 5 minutes.
+          RegistryCache.set(cacheKey, PackageNotFound, OneMinute * 5)
+        } else {
+          RegistryCache.set(cacheKey, value, OneMinute)
+        }
+
+        callback(null, value)
+      }, error => {
+        // Do not cache errors.
+        RegistryCache.del(cacheKey)
+        callback(error)
+      })
+    }
+  })
+}
+
+const normalizeTarHeader = (header) => {
+  // Most packages have header names that look like "package/index.js"
+  // so we shorten that to just "index.js" here. A few packages use a
+  // prefix other than "package/". e.g. the firebase package uses the
+  // "firebase_npm/" prefix. So we just strip the first dir name.
+  header.name = header.name.replace(/^[^\/]+\//, '')
+  return header
+}
+
+const getPackage = (tarballURL, outputDir, callback) => {
+  mkdirp(outputDir, (error) => {
+    if (error) {
+      callback(error)
+    } else {
+      let callbackWasCalled = false
+
+      fetch(tarballURL).then(response => {
+        response.body
+          .pipe(gunzip())
+          .pipe(
+            tar.extract(outputDir, {
+              dmode: 0o666, // All dirs should be writable
+              fmode: 0o444, // All files should be readable
+              map: normalizeTarHeader
+            })
+          )
+          .on('finish', callback)
+          .on('error', (error) => {
+            if (callbackWasCalled) // LOL node streams
+              return
+
+            callbackWasCalled = true
+            callback(error)
+          })
+      })
+    }
+  })
+}
+
+module.exports = {
+  getPackageInfo,
+  getPackage
+}
--- a/server/middleware/ResponseUtils.js
+++ b/server/middleware/ResponseUtils.js
@ -0,0 +1,91 @@
+const fs = require('fs')
+const etag = require('etag')
+const { getContentType } = require('./FileUtils')
+
+const sendText = (res, statusCode, text) => {
+  res.writeHead(statusCode, {
+    'Content-Type': 'text/plain',
+    'Content-Length': text.length
+  })
+
+  res.end(text)
+}
+
+const sendJSON = (res, json, maxAge = 0, statusCode = 200) => {
+  const text = JSON.stringify(json)
+
+  res.writeHead(statusCode, {
+    'Content-Type': 'application/json',
+    'Content-Length': text.length,
+    'Cache-Control': `public, max-age=${maxAge}`
+  })
+
+  res.end(text)
+}
+
+const sendInvalidURLError = (res, url) =>
+  sendText(res, 403, `Invalid URL: ${url}`)
+
+const sendNotFoundError = (res, what) =>
+  sendText(res, 404, `Not found: ${what}`)
+
+const sendServerError = (res, error) =>
+  sendText(res, 500, `Server error: ${error.message || error}`)
+
+const sendHTML = (res, html, maxAge = 0, statusCode = 200) => {
+  res.writeHead(statusCode, {
+    'Content-Type': 'text/html',
+    'Content-Length': html.length,
+    'Cache-Control': `public, max-age=${maxAge}`
+  })
+
+  res.end(html)
+}
+
+const sendRedirect = (res, relativeLocation, maxAge = 0, statusCode = 302) => {
+  const location = res.req && res.req.baseUrl ? res.req.baseUrl + relativeLocation : relativeLocation
+
+  const html = `<p>You are being redirected to <a href="${location}">${location}</a>`
+
+  res.writeHead(statusCode, {
+    'Content-Type': 'text/html',
+    'Content-Length': html.length,
+    'Cache-Control': `public, max-age=${maxAge}`,
+    'Location': location
+  })
+
+  res.end(html)
+}
+
+const sendFile = (res, file, stats, maxAge = 0) => {
+  let contentType = getContentType(file)
+
+  if (contentType === 'text/html')
+    contentType = 'text/plain' // We can't serve HTML because bad people :(
+
+  res.writeHead(200, {
+    'Content-Type': contentType,
+    'Content-Length': stats.size,
+    'Cache-Control': `public, max-age=${maxAge}`,
+    'ETag': etag(stats)
+  })
+
+  const stream = fs.createReadStream(file)
+
+  stream.on('error', (error) => {
+    sendServerError(res, error)
+  })
+
+  stream.pipe(res)
+}
+
+module.exports = {
+  sendText,
+  sendJSON,
+  sendInvalidURLError,
+  sendNotFoundError,
+  sendServerError,
+  sendHTML,
+  sendRedirect,
+  sendFile
+}
--- a/server/middleware/StyleUtils.js
+++ b/server/middleware/StyleUtils.js
@ -0,0 +1,14 @@
+const fs = require('fs')
+const path = require('path')
+const csso = require('csso')
+
+const minifyCSS = (css) =>
+  csso.minify(css).css
+
+const readCSS = (...args) =>
+  minifyCSS(fs.readFileSync(path.resolve(...args), 'utf8'))
+
+module.exports = {
+  minifyCSS,
+  readCSS
+}
--- a/server/middleware/components/DirectoryListing.js
+++ b/server/middleware/components/DirectoryListing.js
@ -0,0 +1,50 @@
+const React = require('react')
+const prettyBytes = require('pretty-bytes')
+const { getContentType } = require('../FileUtils')
+
+const e = React.createElement
+
+const formatTime = (time) =>
+  new Date(time).toISOString()
+
+const DirectoryListing = ({ dir, entries }) => {
+  const rows = entries.map(({ file, stats }, index) => {
+    const isDir = stats.isDirectory()
+    const href = file + (isDir ? '/' : '')
+
+    return (
+      e('tr', { key: file, className: index % 2 ? 'odd' : 'even' },
+        e('td', null, e('a', { title: file, href }, file)),
+        e('td', null, isDir ? '-' : getContentType(file)),
+        e('td', null, isDir ? '-' : prettyBytes(stats.size)),
+        e('td', null, isDir ? '-' : formatTime(stats.mtime))
+      )
+    )
+  })
+
+  if (dir !== '/')
+    rows.unshift(
+      e('tr', { key: '..', className: 'odd' },
+        e('td', null, e('a', { title: 'Parent directory', href: '../' }, '..')),
+        e('td', null, '-'),
+        e('td', null, '-'),
+        e('td', null, '-')
+      )
+    )
+
+  return (
+    e('table', null,
+      e('thead', null,
+        e('tr', null,
+          e('th', null, 'Name'),
+          e('th', null, 'Type'),
+          e('th', null, 'Size'),
+          e('th', null, 'Last Modified')
+        )
+      ),
+      e('tbody', null, rows)
+    )
+  )
+}
+
+module.exports = DirectoryListing
--- a/server/middleware/components/IndexPage.css
+++ b/server/middleware/components/IndexPage.css
@ -0,0 +1,39 @@
+body {
+  font-size: 16px;
+  font-family: -apple-system,
+               BlinkMacSystemFont,
+               "Segoe UI",
+               Roboto,
+               Helvetica,
+               Arial,
+               sans-serif;
+  line-height: 1.5;
+  padding: 0px 10px 5px;
+}
+
+table {
+  width: 100%;
+  border-collapse: collapse;
+  font: 0.85em Monaco, monospace;
+}
+tr.even {
+  background-color: #eee;
+}
+th {
+  text-align: left;
+}
+th, td {
+  padding: 0.1em 0.25em;
+}
+
+.version-wrapper {
+  line-height: 2.25em;
+  float: right;
+}
+#version {
+  font-size: 1em;
+}
+
+address {
+  text-align: right;
+}
--- a/server/middleware/components/IndexPage.js
+++ b/server/middleware/components/IndexPage.js
@ -0,0 +1,48 @@
+const semver = require('semver')
+const React = require('react')
+const PropTypes = require('prop-types')
+const DirectoryListing = require('./DirectoryListing')
+const { readCSS } = require('../StyleUtils')
+
+const e = React.createElement
+
+const IndexPageStyle = readCSS(__dirname, 'IndexPage.css')
+const IndexPageScript = `
+var s = document.getElementById('version'), v = s.value
+s.onchange = function () {
+  window.location.href = window.location.href.replace('@' + v, '@' + s.value)
+}
+`
+
+const byVersion = (a, b) =>
+  semver.lt(a, b) ? -1 : (semver.gt(a, b) ? 1 : 0)
+
+const IndexPage = ({ packageInfo, version, dir, entries }) => {
+  const versions = Object.keys(packageInfo.versions).sort(byVersion)
+  const options = versions.map(v => (
+    e('option', { key: v, value: v }, `${packageInfo.name}@${v}`)
+  ))
+
+  return (
+    e('html', null,
+      e('head', null,
+        e('meta', { charSet: 'utf-8' }),
+        e('title', null, `Index of ${dir}`),
+        e('style', { dangerouslySetInnerHTML: { __html: IndexPageStyle } })
+      ),
+      e('body', null,
+        e('div', { className: 'version-wrapper' },
+          e('select', { id: 'version', defaultValue: version }, options)
+        ),
+        e('h1', null, `Index of ${dir}`),
+        e('script', { dangerouslySetInnerHTML: { __html: IndexPageScript } }),
+        e('hr'),
+        e(DirectoryListing, { dir, entries }),
+        e('hr'),
+        e('address', null, `${packageInfo.name}@${version}`)
+      )
+    )
+  )
+}
+
+module.exports = IndexPage
--- a/server/middleware/index.js
+++ b/server/middleware/index.js
@ -0,0 +1,286 @@
+const http = require('http')
+const tmpdir = require('os-tmpdir')
+const { join: joinPaths } = require('path')
+const { stat: statFile, readFile } = require('fs')
+const { maxSatisfying: maxSatisfyingVersion } = require('semver')
+const { parsePackageURL, createPackageURL } = require('./PackageUtils')
+const { getPackageInfo, getPackage } = require('./RegistryUtils')
+const { generateDirectoryIndexHTML } = require('./IndexUtils')
+const { generateMetadata } = require('./MetadataUtils')
+const { getFileType } = require('./FileUtils')
+const {
+  sendNotFoundError,
+  sendInvalidURLError,
+  sendServerError,
+  sendRedirect,
+  sendFile,
+  sendText,
+  sendJSON,
+  sendHTML
+} = require('./ResponseUtils')
+
+const OneMinute = 60
+const OneDay = OneMinute * 60 * 24
+const OneYear = OneDay * 365
+
+const checkLocalCache = (dir, callback) =>
+  statFile(joinPaths(dir, 'package.json'), (error, stats) => {
+    callback(stats && stats.isFile())
+  })
+
+const ResolveExtensions = [ '', '.js', '.json' ]
+
+const createTempPath = (name) =>
+  joinPaths(tmpdir(), `express-unpkg-${name}`)
+
+/**
+ * Resolves a path like "lib/file" into "lib/file.js" or
+ * "lib/file.json" depending on which one is available, similar
+ * to how require('lib/file') does.
+ */
+const resolveFile = (path, useIndex, callback) => {
+  ResolveExtensions.reduceRight((next, ext) => {
+    const file = path + ext
+
+    return () => {
+      statFile(file, (error, stats) => {
+        if (error) {
+          if (error.code === 'ENOENT' || error.code === 'ENOTDIR') {
+            next()
+          } else {
+            callback(error)
+          }
+        } else if (useIndex && stats.isDirectory()) {
+          resolveFile(joinPaths(file, 'index'), false, (error, indexFile, indexStats) => {
+            if (error) {
+              callback(error)
+            } else if (indexFile) {
+              callback(null, indexFile, indexStats)
+            } else {
+              next()
+            }
+          })
+        } else {
+          callback(null, file, stats)
+        }
+      })
+    }
+  }, callback)()
+}
+
+/**
+ * Creates and returns a function that can be used in the "request"
+ * event of a standard node HTTP server. Options are:
+ *
+ * - registryURL    The URL of the npm registry (defaults to https://registry.npmjs.org)
+ * - redirectTTL    The TTL (in seconds) for redirects (defaults to 0)
+ * - autoIndex      Automatically generate index HTML pages for directories (defaults to true)
+ *
+ * Supported URL schemes are:
+ *
+ * /history@1.12.5/umd/History.min.js (recommended)
+ * /history@1.12.5 (package.json's main is implied)
+ *
+ * Additionally, the following URLs are supported but will return a
+ * temporary (302) redirect:
+ *
+ * /history (redirects to version, latest is implied)
+ * /history/umd/History.min.js (redirects to version, latest is implied)
+ * /history@latest/umd/History.min.js (redirects to version)
+ * /history@^1/umd/History.min.js (redirects to max satisfying version)
+ */
+const createRequestHandler = (options = {}) => {
+  const registryURL = options.registryURL || 'https://registry.npmjs.org'
+  const redirectTTL = options.redirectTTL || 0
+  const autoIndex = options.autoIndex !== false
+  const maximumDepth = options.maximumDepth || Number.MAX_VALUE
+  const blacklist = options.blacklist || []
+
+  const handleRequest = (req, res) => {
+    let url
+    try {
+      url = parsePackageURL(req.url)
+    } catch (error) {
+      return sendInvalidURLError(res, req.url)
+    }
+
+    if (url == null)
+      return sendInvalidURLError(res, req.url)
+
+    const { pathname, search, query, packageName, version, filename } = url
+    const displayName = `${packageName}@${version}`
+
+    const isBlacklisted = blacklist.indexOf(packageName) !== -1
+
+    if (isBlacklisted)
+      return sendText(res, 403, `Package ${packageName} is blacklisted`)
+
+    // Step 1: Fetch the package from the registry and store a local copy.
+    // Redirect if the URL does not specify an exact version number.
+    const fetchPackage = (next) => {
+      const packageDir = createTempPath(displayName)
+
+      checkLocalCache(packageDir, (isCached) => {
+        if (isCached)
+          return next(packageDir) // Best case: we already have this package on disk.
+
+        // Fetch package info from NPM registry.
+        getPackageInfo(registryURL, packageName, (error, packageInfo) => {
+          if (error)
+            return sendServerError(res, error)
+
+          if (packageInfo == null)
+            return sendNotFoundError(res, `package "${packageName}"`)
+
+          if (packageInfo.versions == null)
+            return sendServerError(res, new Error(`Unable to retrieve info for package ${packageName}`))
+
+          const { versions, 'dist-tags': tags } = packageInfo
+
+          if (version in versions) {
+            // A valid request for a package we haven't downloaded yet.
+            const packageConfig = versions[version]
+            const tarballURL = packageConfig.dist.tarball
+
+            getPackage(tarballURL, packageDir, (error) => {
+              if (error) {
+                sendServerError(res, error)
+              } else {
+                next(packageDir)
+              }
+            })
+          } else if (version in tags) {
+            sendRedirect(res, createPackageURL(packageName, tags[version], filename, search), redirectTTL)
+          } else {
+            const maxVersion = maxSatisfyingVersion(Object.keys(versions), version)
+
+            if (maxVersion) {
+              sendRedirect(res, createPackageURL(packageName, maxVersion, filename, search), redirectTTL)
+            } else {
+              sendNotFoundError(res, `package ${displayName}`)
+            }
+          }
+        })
+      })
+    }
+
+    // Step 2: Determine which file we're going to serve and get its stats.
+    // Redirect if the request targets a directory with no trailing slash.
+    const findFile = (packageDir, next) => {
+      if (filename) {
+        const path = joinPaths(packageDir, filename)
+
+        // Based on the URL, figure out which file they want.
+        resolveFile(path, false, (error, file, stats) => {
+          if (error) {
+            sendServerError(res, error)
+          } else if (file == null) {
+            sendNotFoundError(res, `file "${filename}" in package ${displayName}`)
+          } else if (stats.isDirectory() && pathname[pathname.length - 1] !== '/') {
+            // Append `/` to directory URLs
+            sendRedirect(res, pathname + '/' + search, OneYear)
+          } else {
+            next(file.replace(packageDir, ''), stats)
+          }
+        })
+      } else {
+        // No filename in the URL. Try to serve the package's "main" file.
+        readFile(joinPaths(packageDir, 'package.json'), 'utf8', (error, data) => {
+          if (error)
+            return sendServerError(res, error)
+
+          let packageConfig
+          try {
+            packageConfig = JSON.parse(data)
+          } catch (error) {
+            return sendText(res, 500, `Error parsing ${displayName}/package.json: ${error.message}`)
+          }
+
+          let mainFilename
+          const queryMain = query && query.main
+
+          if (queryMain) {
+            if (!(queryMain in packageConfig))
+              return sendNotFoundError(res, `field "${queryMain}" in ${displayName}/package.json`)
+
+            mainFilename = packageConfig[queryMain]
+          } else {
+            if (typeof packageConfig.unpkg === 'string') {
+              // The "unpkg" field allows packages to explicitly declare the
+              // file to serve at the bare URL (see #59).
+              mainFilename = packageConfig.unpkg
+            } else if (typeof packageConfig.browser === 'string') {
+              // Fall back to the "browser" field if declared (only support strings).
+              mainFilename = packageConfig.browser
+            } else {
+              // If there is no main, use "index" (same as npm).
+              mainFilename = packageConfig.main || 'index'
+            }
+          }
+
+          resolveFile(joinPaths(packageDir, mainFilename), true, (error, file, stats) => {
+            if (error) {
+              sendServerError(res, error)
+            } else if (file == null) {
+              sendNotFoundError(res, `main file "${mainFilename}" in package ${displayName}`)
+            } else {
+              next(file.replace(packageDir, ''), stats)
+            }
+          })
+        })
+      }
+    }
+
+    // Step 3: Send the file, JSON metadata, or HTML directory listing.
+    const serveFile = (baseDir, path, stats) => {
+      if (query.json != null) {
+        generateMetadata(baseDir, path, stats, maximumDepth, (error, metadata) => {
+          if (metadata) {
+            sendJSON(res, metadata, OneYear)
+          } else {
+            sendServerError(res, `unable to generate JSON metadata for ${displayName}${filename}`)
+          }
+        })
+      } else if (stats.isFile()) {
+        sendFile(res, joinPaths(baseDir, path), stats, OneYear)
+      } else if (autoIndex && stats.isDirectory()) {
+        getPackageInfo(registryURL, packageName, (error, packageInfo) => {
+          if (error) {
+            sendServerError(res, `unable to generate index page for ${displayName}${filename}`)
+          } else {
+            generateDirectoryIndexHTML(packageInfo, version, baseDir, path, (error, html) => {
+              if (html) {
+                sendHTML(res, html, OneYear)
+              } else {
+                sendServerError(res, `unable to generate index page for ${displayName}${filename}`)
+              }
+            })
+          }
+        })
+      } else {
+        sendInvalidURLError(res, `${displayName}${filename} is a ${getFileType(stats)}`)
+      }
+    }
+
+    fetchPackage(packageDir => {
+      findFile(packageDir, (file, stats) => {
+        serveFile(packageDir, file, stats)
+      })
+    })
+  }
+
+  return handleRequest
+}
+
+/**
+ * Creates and returns an HTTP server that serves files from NPM packages.
+ */
+const createServer = (options) =>
+  http.createServer(
+    createRequestHandler(options)
+  )
+
+module.exports = {
+  createRequestHandler,
+  createServer
+}