npm.io
2.2.0 • Published 2 weeks agoCLI

@headwall/trusted-network-providers

Licence
MIT
Version
2.2.0
Deps
2
Size
220 kB
Vulns
0
Weekly
0

trusted-network-providers

A lightweight Node.js library for identifying IP addresses that belong to trusted network providers. Prevent your firewalls from blocking legitimate services like payment processors, search engine crawlers, and monitoring tools.

npm version License: MIT Node.js Version Test Status Security

v2.0.0 Breaking Changes: This version migrates from CommonJS to ES modules. Use import instead of require(). See the migration guide for details.

Quick Start

npm install @headwall/trusted-network-providers
import trustedProviders from '@headwall/trusted-network-providers';

// Load built-in providers (Googlebot, Stripe, PayPal, Cloudflare, etc.)
trustedProviders.loadDefaultProviders();

// Initialize dynamic providers
await trustedProviders.reloadAll();

// Check an IP address
const provider = trustedProviders.getTrustedProvider('66.249.66.87');
console.log(provider); // "Googlebot"

const unknown = trustedProviders.getTrustedProvider('123.123.123.123');
console.log(unknown); // null

Use Cases

  • Firewall Management: Whitelist IPs for WordPress hosting networks
  • Rate Limiting: Bypass rate limits for trusted crawlers
  • Access Control: Allow trusted services through security layers
  • Traffic Analysis: Identify and categorize legitimate traffic sources

Built-in Providers

Includes 20+ trusted providers out of the box:

  • Search Engines: Googlebot, Bingbot, AhrefsBot, SemrushBot
  • Advertising: Google AdsBot, AdSense (Google Special Crawlers)
  • User-Triggered Fetchers: Google (Gmail image proxy, Chrome prefetch proxy, Feedfetcher, etc.)
  • Payment Processors: Stripe, PayPal, Opayo
  • Email Services: Outlook, Brevo, Mailgun
  • CDN/Infrastructure: Cloudflare, BunnyNet
  • Development Tools: GTmetrix, GetTerms, Labrika
  • Social Media: FacebookBot
  • E-commerce: ShipHero
  • Networks: Private/Internal (RFC 1918)

Key Features

  • Fast synchronous IP lookups (< 1ms typical with caching)
  • Support for IPv4 and IPv6
  • CIDR range matching
  • Dynamic provider updates from external sources
  • Provider lifecycle events (reload, error, stale detection)
  • Configurable result caching with TTL
  • Easy custom provider integration
  • Zero configuration with sensible defaults

API

Core Functions
// Load default providers
loadDefaultProviders();

// Update all providers with dynamic data
await reloadAll();

// Check if IP is trusted (returns provider name or null)
getTrustedProvider(ipAddress);

// Check if IP is trusted (returns boolean)
isTrusted(ipAddress);

// Provider management
addProvider(provider);
deleteProvider(providerName);
hasProvider(providerName);
getAllProviders();

// Testing
await runTests();
Lifecycle & Monitoring
// Get provider status and metadata
const status = getProviderStatus('Googlebot');
// Returns: { name, state, lastUpdated, lastError }
// State: 'ready' | 'loading' | 'error' | 'stale'

// Listen to provider lifecycle events
trustedProviders.on('reload:success', ({ provider, timestamp }) => {
  console.log(`${provider} reloaded at ${new Date(timestamp)}`);
});

trustedProviders.on('reload:error', ({ provider, error }) => {
  console.error(`${provider} failed to reload:`, error);
});

trustedProviders.on('stale', ({ provider, lastUpdated, staleDuration }) => {
  console.warn(`${provider} is stale (last updated ${staleDuration}ms ago)`);
});

// Configure staleness detection (default: 24 hours)
trustedProviders.setStalenessThreshold(12 * 60 * 60 * 1000); // 12 hours
Caching & Performance
// Configure IP lookup result cache TTL (default: 1 hour)
trustedProviders.setResultCacheTTL(30 * 60 * 1000); // 30 minutes
const currentTtl = trustedProviders.getResultCacheTTL();
Logging
// Configure log level: 'silent' | 'error' | 'warn' | 'info' | 'debug'
trustedProviders.setLogLevel('info');
const level = trustedProviders.getLogLevel();

Provider State Constants

The library exports constants for checking provider states programmatically:

import trustedProviders, {
  PROVIDER_STATE_READY,
  PROVIDER_STATE_LOADING,
  PROVIDER_STATE_ERROR,
  PROVIDER_STATE_STALE,
} from '@headwall/trusted-network-providers';

const status = trustedProviders.getProviderStatus('Stripe API');
if (status.state === PROVIDER_STATE_ERROR) {
  // Handle provider failure
}

CLI

A trusted-lookup command is included for ad-hoc IP checks from the terminal.

Run it without installing, via npx:

# Check a single IP
npx -p @headwall/trusted-network-providers trusted-lookup 66.249.66.87

# Check several at once
npx -p @headwall/trusted-network-providers trusted-lookup 66.249.66.87 1.2.3.4

Or install globally to get the bare command:

npm install -g @headwall/trusted-network-providers
trusted-lookup 66.249.90.77

It prints the matching provider for each IP (or "not trusted"), and exits 0 when every IP is trusted or 1 if any are untrusted — handy for scripts and CI:

if npx -p @headwall/trusted-network-providers trusted-lookup "$ip"; then
  echo "$ip is trusted"
fi

Documentation

Example: Custom Provider

import trustedProviders from '@headwall/trusted-network-providers';

trustedProviders.addProvider({
  name: 'My Custom Network',
  testAddresses: ['10.0.0.1'],
  ipv4: {
    addresses: ['10.0.0.1'],
    ranges: ['10.0.0.0/24'],
  },
  ipv6: {
    addresses: [],
    ranges: [],
  },
});

Example: Express.js Middleware

import express from 'express';
import trustedProviders from '@headwall/trusted-network-providers';

const app = express();

app.use((req, res, next) => {
  const provider = trustedProviders.getTrustedProvider(req.ip);
  if (provider) {
    req.trustedProvider = provider;
    // Skip rate limiting, logging, etc.
  }
  next();
});

Example: Long-Running Service with Monitoring

import trustedProviders from '@headwall/trusted-network-providers';

// Configure logging for production
trustedProviders.setLogLevel('warn');

// Load providers
trustedProviders.loadDefaultProviders();
await trustedProviders.reloadAll();

// Monitor provider health
trustedProviders.on('stale', ({ provider, lastUpdated }) => {
  console.warn(`Provider ${provider} is stale, triggering reload...`);
  trustedProviders.reloadAll();
});

trustedProviders.on('reload:error', ({ provider, error }) => {
  // Alert your monitoring system
  console.error(`Critical: ${provider} reload failed:`, error.message);
});

// Check provider health periodically
setInterval(
  () => {
    const googlebot = trustedProviders.getProviderStatus('Googlebot');
    if (googlebot.state === 'error' || googlebot.state === 'stale') {
      console.warn(`Googlebot health check failed: ${googlebot.state}`);
    }
  },
  60 * 60 * 1000
); // Every hour

Maintenance

Update bundled IP assets before releases:

./scripts/update-assets.sh

License

MIT Paul Faulkner

Contributing

Issues and pull requests welcome on GitHub.

Keywords