Awesome Open Source
Awesome Open Source

CodeFactor Codacy Codacy Badge Build Status Known Vulnerabilities Greenkeeper badge

Super fast, on-demand and on-the-fly, image processing.


Cometa uses sharp for image manipulation.


  • Clone this repository (navigate to its location),
  • copy the .env.example to .env and fill the required values,
  • install what is needed: npm i,
  • test: npm test,
  • run: npm start

Cometa should now be running on the specified port.

Environment variables

  • COMETA_CLUSTER: Whether the application should make use of all available CPUs or not.
  • COMETA_PORT: Port on which your application will listen. Defaults to 9090.
  • COMETA_KEY: A unique key used for request signature validation.
  • COMETA_ALLOW_UNAUTHORIZED: Whether unsigned requests are allowed or not.
  • COMETA_REQUEST_TIMEOUT: (milliseconds) before timing out URL image requests.
  • COMETA_LOG_NAME: The name for your logs (if enabled). Defaults to 'Cometa'.
  • COMETA_LOG_LEVEL: The minimal level at which to log. See pino's log levels Defaults to 'info'
If using with S3:
  • AWS_ACCESS_KEY: Your AWS access key.
  • AWS_ACCESS_SECRET: Your AWS access secret.
  • AWS_BUCKET: The name of your S3 bucket.
  • AWS_REGION: Your AWS service region.


With S3

If, for example, in your AWS_BUCKET bucket, you have a folder named cometa with an image called superlight.jpg, your request will be:

GET /s3/cometa/superlight.jpg

With a URL

Just provide the URL of the image you are requesting:

GET /url/

Query parameters

  • w || width: (integer) Output width,
  • h || height: (integer) Output height,
  • q || quality: (integer) Output image quality. Defaults to 80, ignored on png output.

Input formats

Supported input formats are: webp, png, tiff and jpeg (aka jpg).

Output formats

Supported output formats are: webp, png, tiff, and jpeg (aka jpg).

Simply append the required output format to URL:

GET /s3/cometa/superlight.jpg.webp
GET /url/
// Outputs webp

GET /s3/cometa/superlight.jpg.png
GET /url/url=
// Outputs png


Take, for example:

GET /s3/cometa/superlight.jpg?width=200&height=200

Malicious users could easily overload your server by making thousands of consecutive requests with varying widths and heights.

Luckily, Cometa provides a way of authenticating the request -and we strongly recommend you use it.

Authenticate your request by computing a SHA-1 hmac signature, with your COMETA_KEY and pass it to the request.

Signature generation

const url = '/s3/cometa/superlight.jpg?width=200&height=200';
const signature = crypto
  .createHmac('sha1', COMETA_KEY)

You may pass the signature as a query parameter:

GET /s3/cometa/superlight.jpg?width=200&height=200&authorization=[signature]

or as a HTTP header:

headers {
  'Authorization': [signature]

Note: Allowing unsigned requests can be dangerous. Use at your own discretion

Take it for a spin






Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
javascript (70,419
image-processing (521
image (498
images (172
image-manipulation (98
s3-bucket (28
bucket (17