serve-static is a Node.js middleware that serves static files from a specified root directory, mapping each request URL to a file path. If a file is not found, it can call next() to allow stacking and fallback to other middleware, with options for caching headers, range requests, indexing behavior, and custom response headers.
Project status
- Active maintenance: The repository has recent upstream activity (last push 2026-01-03) and has shipped multiple npm updates across 2025 (v1.16.3, then v2.2.0 and v2.2.1), indicating it is actively maintained.
- Apparent cadence: Updates appear to land roughly every 3 to 9 months (v2.2.0 on 2025-03-28, v2.2.1 on 2025-12-15), with additional CI and dependency-focused follow-up work.
AI summary generated Today
Recent updates
v2.2.1
5 months agoRelease v2.2.1 release notes mainly describe CI workflow maintenance, including Dependabot setup, using full commit SHAs for GitHub Actions, and bumping several action versions, plus expanding the Node.js test matrix to include Node.js 24. The release notes also mention removing HISTORY.md from the npm tarball and updating some documentation examples. However, the provided code diff (v1.16.3 -> v2.2.1) shows additional library-level and packaging changes that are not mentioned in the v2.2.1 release notes.
BreakingSecurityFeaturesv1.16.3
5 months agoRelease v1.16.3 is primarily a dependency update. The documented change is a bump of the `send` dependency to `~0.19.1`, with no other behavior changes mentioned.
v2.2.0
3/28/2025v2.2.0 focuses on internal refactors (zeroPad, HISTORY formatting), dependency and CI modernization, and some redirect response rendering tweaks. The release notes describe CI updates (CodeQL, workflow changes, removing AppVeyor) and a send dependency bump, but the code diff shows additional API and behavior changes that are not documented.
v1.16.2
1/14/2025This release updates serve-static to version 1.16.2 and bumps its dependency encodeurl from the 1.x line to the 2.x line. The only functional change reflected in the diff is the encodeurl version update recorded in HISTORY.md and package.json.
v1.16.1
1/14/2025Release v1.16.1 primarily bumps the dependency send to 0.19.0. However, the code diff also shows a behavioral change to the HTML body returned with directory redirect responses, which is not mentioned in the release notes.
Breaking2.1.0
9/10/2024Release 2.1.0 of serve-static includes a redirect HTML rendering change, plus CI and dependency maintenance. The diff also shows a wider set of repo and runtime-impacting updates, including a major Node.js support drop and dependency major bumps that are not fully described in the release notes.
BreakingFeatures1.16.0
9/10/2024Release 1.16.0 updates serve-static redirect responses to stop rendering the target URL as an HTML hyperlink. The change removes the anchor tag from the redirect HTML body and updates the corresponding tests, while bumping the package version and recording the change in HISTORY.md.
Breakingv1.15.0
3/25/2022Release 1.15.0 primarily bumps the core runtime dependency send to 0.18.0 and updates related transitive dependencies. The diff also shows multiple CI/testing and repository hygiene changes (Node version patches, supertest installation, and removal of package-lock.json) that are not mentioned in the release notes.
v2.0.0-beta.1
2/5/2022This release bumps serve-static to version 2.0.0-beta.1 and upgrades its core dependency, send, to 1.0.0-beta.1. The release notes document the dotfiles option behavior change, removal of the hidden option, dropping Node.js 0.8 support, and send/mime-type mapping changes.
Breakingv1.14.2
12/16/2021serve-static v1.14.2 updates its main dependency, send, to 0.17.2 (including transitive updates to http-errors@1.8.1 and ms@2.1.3). The release notes only mention the dependency bump, but the actual diff also includes a broader modernization of the repository tooling and CI setup (GitHub Actions added, Travis removed, and coverage tooling switched).