@remix-run/response 0.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Shopify Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,175 @@
+# response
+
+Response helpers for the web Fetch API. `response` provides a collection of helper functions for creating common HTTP responses with proper headers and semantics.
+
+Basically, these are all the static response helpers we wish existed on the `Response` API, but don't (yet!).
+
+## Features
+
+- **Web Standards Compliant:** Built on the standard `Response` API, works in any JavaScript runtime (Node.js, Bun, Deno, Cloudflare Workers)
+- [**File Responses:**](#file-responses) Full HTTP semantics including ETags, Last-Modified, conditional requests, and Range support
+- [**HTML Responses:**](#html-responses) Automatic DOCTYPE prepending and proper Content-Type headers
+- [**Redirect Responses:**](#redirect-responses) Simple redirect creation with customizable status codes
+
+## Installation
+
+```sh
+npm install @remix-run/response
+```
+
+## Usage
+
+This package provides no default export. Instead, import the specific helper you need:
+
+```ts
+import { createFileResponse } from '@remix-run/response/file'
+import { createHtmlResponse } from '@remix-run/response/html'
+import { createRedirectResponse } from '@remix-run/response/redirect'
+```
+
+### File Responses
+
+The `createFileResponse` helper creates a response for serving files with full HTTP semantics:
+
+```ts
+import { createFileResponse } from '@remix-run/response/file'
+import { openFile } from '@remix-run/fs'
+
+let file = await openFile('./public/image.jpg')
+let response = await createFileResponse(file, request, {
+  cacheControl: 'public, max-age=3600',
+})
+```
+
+#### Features
+
+- **Content-Type** and **Content-Length** headers
+- **ETag** generation (weak or strong)
+- **Last-Modified** headers
+- **Cache-Control** headers
+- **Conditional requests** (`If-None-Match`, `If-Modified-Since`, `If-Match`, `If-Unmodified-Since`)
+- **Range requests** for partial content (`206 Partial Content`)
+- **HEAD** request support
+
+#### Options
+
+```ts
+await createFileResponse(file, request, {
+  // Cache-Control header value.
+  // Defaults to `undefined` (no Cache-Control header).
+  cacheControl: 'public, max-age=3600',
+
+  // ETag generation strategy:
+  // - 'weak': Generates weak ETags based on file size and mtime (default)
+  // - 'strong': Generates strong ETags by hashing file content
+  // - false: Disables ETag generation
+  etag: 'weak',
+
+  // Hash algorithm for strong ETags (Web Crypto API algorithm names).
+  // Only used when etag: 'strong'.
+  // Defaults to 'SHA-256'.
+  digest: 'SHA-256',
+
+  // Whether to generate Last-Modified headers.
+  // Defaults to `true`.
+  lastModified: true,
+
+  // Whether to support HTTP Range requests for partial content.
+  // Defaults to `true`.
+  acceptRanges: true,
+})
+```
+
+#### Strong ETags and Content Hashing
+
+For assets that require strong validation (e.g., to support [`If-Match`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Match) preconditions or [`If-Range`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-Range) with [`Range` requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Range)), configure strong ETag generation:
+
+```ts
+return createFileResponse(file, request, {
+  etag: 'strong',
+})
+```
+
+By default, strong ETags are generated using the Web Crypto API with the `'SHA-256'` algorithm. You can customize this:
+
+```ts
+return createFileResponse(file, request, {
+  etag: 'strong',
+  // Specify a different hash algorithm
+  digest: 'SHA-512',
+})
+```
+
+For large files or custom hashing requirements, provide a custom digest function:
+
+```ts
+await createFileResponse(file, request, {
+  etag: 'strong',
+  async digest(file) {
+    // Custom streaming hash for large files
+    let { createHash } = await import('node:crypto')
+    let hash = createHash('sha256')
+    for await (let chunk of file.stream()) {
+      hash.update(chunk)
+    }
+    return hash.digest('hex')
+  },
+})
+```
+
+### HTML Responses
+
+The `createHtmlResponse` helper creates HTML responses with proper `Content-Type` and DOCTYPE handling:
+
+```ts
+import { createHtmlResponse } from '@remix-run/response/html'
+
+let response = createHtmlResponse('<h1>Hello, World!</h1>')
+// Content-Type: text/html; charset=UTF-8
+// Body: <!DOCTYPE html><h1>Hello, World!</h1>
+```
+
+The helper automatically prepends `<!DOCTYPE html>` if not already present. It works with strings, `SafeHtml` [from `@remix-run/html-template`](https://github.com/remix-run/remix/tree/main/packages/html-template), Blobs/Files, ArrayBuffers, and ReadableStreams.
+
+```ts
+import { html } from '@remix-run/html-template'
+import { createHtmlResponse } from '@remix-run/response/html'
+
+let name = '<script>alert(1)</script>'
+let response = createHtmlResponse(html`<h1>Hello, ${name}!</h1>`)
+// Safely escaped HTML
+```
+
+### Redirect Responses
+
+The `createRedirectResponse` helper creates redirect responses. The main improvements over the native `Response.redirect` API are:
+
+- Accepts a relative `location` instead of a full URL. This isn't technically spec-compliant, but it's so widespread that many applications use relative redirects regularly without issues.
+- Accepts a `ResponseInit` object as the second argument, allowing you to set additional headers and status code.
+
+```ts
+import { createRedirectResponse } from '@remix-run/response/redirect'
+
+// Default 302 redirect
+let response = createRedirectResponse('/login')
+
+// Custom status code
+let response = createRedirectResponse('/new-page', 301)
+
+// With additional headers
+let response = createRedirectResponse('/dashboard', {
+  status: 303,
+  headers: { 'X-Redirect-Reason': 'authentication' },
+})
+```
+
+## Related Packages
+
+- [`@remix-run/headers`](https://github.com/remix-run/remix/tree/main/packages/headers) - Type-safe HTTP header manipulation
+- [`@remix-run/html-template`](https://github.com/remix-run/remix/tree/main/packages/html-template) - Safe HTML templating with automatic escaping
+- [`@remix-run/fs`](https://github.com/remix-run/remix/tree/main/packages/fs) - File system utilities including `openFile`
+- [`@remix-run/fetch-router`](https://github.com/remix-run/remix/tree/main/packages/fetch-router) - Build HTTP routers using the web fetch API
+
+## License
+
+See [LICENSE](https://github.com/remix-run/remix/blob/main/LICENSE)

package/dist/file.d.ts

@@ -0,0 +1,2 @@
+export { createFileResponse, type FileDigestFunction, type FileResponseOptions, } from './lib/file.ts';
+//# sourceMappingURL=file.d.ts.map

package/dist/file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../src/file.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,KAAK,kBAAkB,EACvB,KAAK,mBAAmB,GACzB,MAAM,eAAe,CAAA"}

package/dist/file.js

@@ -0,0 +1 @@
+export { createFileResponse, } from "./lib/file.js";

package/dist/html.d.ts

@@ -0,0 +1,2 @@
+export { createHtmlResponse } from './lib/html.ts';
+//# sourceMappingURL=html.d.ts.map

package/dist/html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"html.d.ts","sourceRoot":"","sources":["../src/html.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAA"}

package/dist/html.js

@@ -0,0 +1 @@
+export { createHtmlResponse } from "./lib/html.js";

package/dist/lib/file.d.ts

@@ -0,0 +1,80 @@
+/**
+ * Custom function for computing file digests.
+ *
+ * @param file The file to hash
+ * @returns The computed digest as a string
+ *
+ * @example
+ * async (file) => {
+ *   let buffer = await file.arrayBuffer()
+ *   return customHash(buffer)
+ * }
+ */
+export type FileDigestFunction = (file: File) => Promise<string>;
+export interface FileResponseOptions {
+    /**
+     * Cache-Control header value. If not provided, no Cache-Control header will be set.
+     *
+     * @example 'public, max-age=31536000, immutable' // for hashed assets
+     * @example 'public, max-age=3600' // 1 hour
+     * @example 'no-cache' // always revalidate
+     */
+    cacheControl?: string;
+    /**
+     * ETag generation strategy.
+     *
+     * - `'weak'`: Generates weak ETags based on file size and last modified time (`W/"<size>-<mtime>"`)
+     * - `'strong'`: Generates strong ETags by hashing file content (requires digest computation)
+     * - `false`: Disables ETag generation
+     *
+     * @default 'weak'
+     */
+    etag?: false | 'weak' | 'strong';
+    /**
+     * Hash algorithm or custom digest function for strong ETags.
+     *
+     * - String: Web Crypto API algorithm name ('SHA-256', 'SHA-384', 'SHA-512', 'SHA-1').
+     *   Note: Using strong ETags will buffer the entire file into memory before hashing.
+     *   Consider using weak ETags (default) or a custom digest function for large files.
+     * - Function: Custom digest computation that receives a File and returns the digest string
+     *
+     * Only used when `etag: 'strong'`. Ignored for weak ETags.
+     *
+     * @default 'SHA-256'
+     * @example async (file) => await customHash(file)
+     */
+    digest?: AlgorithmIdentifier | FileDigestFunction;
+    /**
+     * Whether to include `Last-Modified` headers.
+     *
+     * @default true
+     */
+    lastModified?: boolean;
+    /**
+     * Whether to support HTTP `Range` requests for partial content.
+     *
+     * When enabled, includes `Accept-Ranges` header and handles `Range` requests
+     * with 206 Partial Content responses.
+     *
+     * @default true
+     */
+    acceptRanges?: boolean;
+}
+/**
+ * Creates a file [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * with full HTTP semantics including ETags, Last-Modified, conditional requests, and Range support.
+ *
+ * @param file The file to send
+ * @param request The request object
+ * @param options (optional) configuration options
+ * @returns A `Response` object containing the file
+ *
+ * @example
+ * import { createFileResponse } from '@remix-run/response/file'
+ * let file = openFile('./public/image.jpg')
+ * return createFileResponse(file, request, {
+ *   cacheControl: 'public, max-age=3600'
+ * })
+ */
+export declare function createFileResponse(file: File, request: Request, options?: FileResponseOptions): Promise<Response>;
+//# sourceMappingURL=file.d.ts.map

package/dist/lib/file.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"file.d.ts","sourceRoot":"","sources":["../../src/lib/file.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO,CAAC,MAAM,CAAC,CAAA;AAEhE,MAAM,WAAW,mBAAmB;IAClC;;;;;;OAMG;IACH,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB;;;;;;;;OAQG;IACH,IAAI,CAAC,EAAE,KAAK,GAAG,MAAM,GAAG,QAAQ,CAAA;IAChC;;;;;;;;;;;;OAYG;IACH,MAAM,CAAC,EAAE,mBAAmB,GAAG,kBAAkB,CAAA;IACjD;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;IACtB;;;;;;;OAOG;IACH,YAAY,CAAC,EAAE,OAAO,CAAA;CACvB;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAsB,kBAAkB,CACtC,IAAI,EAAE,IAAI,EACV,OAAO,EAAE,OAAO,EAChB,OAAO,GAAE,mBAAwB,GAChC,OAAO,CAAC,QAAQ,CAAC,CA0KnB"}

package/dist/lib/file.js

@@ -0,0 +1,202 @@
+import SuperHeaders from '@remix-run/headers';
+/**
+ * Creates a file [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * with full HTTP semantics including ETags, Last-Modified, conditional requests, and Range support.
+ *
+ * @param file The file to send
+ * @param request The request object
+ * @param options (optional) configuration options
+ * @returns A `Response` object containing the file
+ *
+ * @example
+ * import { createFileResponse } from '@remix-run/response/file'
+ * let file = openFile('./public/image.jpg')
+ * return createFileResponse(file, request, {
+ *   cacheControl: 'public, max-age=3600'
+ * })
+ */
+export async function createFileResponse(file, request, options = {}) {
+    let { cacheControl, etag: etagStrategy = 'weak', digest: digestOption = 'SHA-256', lastModified: lastModifiedEnabled = true, acceptRanges: acceptRangesEnabled = true, } = options;
+    let headers = new SuperHeaders(request.headers);
+    let contentType = file.type;
+    let contentLength = file.size;
+    let etag;
+    if (etagStrategy === 'weak') {
+        etag = generateWeakETag(file);
+    }
+    else if (etagStrategy === 'strong') {
+        let digest = await computeDigest(file, digestOption);
+        etag = `"${digest}"`;
+    }
+    let lastModified;
+    if (lastModifiedEnabled) {
+        lastModified = file.lastModified;
+    }
+    let acceptRanges;
+    if (acceptRangesEnabled) {
+        acceptRanges = 'bytes';
+    }
+    let hasIfMatch = headers.has('If-Match');
+    // If-Match support: https://httpwg.org/specs/rfc9110.html#field.if-match
+    if (etag && hasIfMatch && !headers.ifMatch.matches(etag)) {
+        return new Response('Precondition Failed', {
+            status: 412,
+            headers: new SuperHeaders(omitNullableValues({
+                etag,
+                lastModified,
+                acceptRanges,
+            })),
+        });
+    }
+    // If-Unmodified-Since support: https://httpwg.org/specs/rfc9110.html#field.if-unmodified-since
+    if (lastModified && !hasIfMatch) {
+        let ifUnmodifiedSince = headers.ifUnmodifiedSince;
+        if (ifUnmodifiedSince != null) {
+            if (removeMilliseconds(lastModified) > removeMilliseconds(ifUnmodifiedSince)) {
+                return new Response('Precondition Failed', {
+                    status: 412,
+                    headers: new SuperHeaders(omitNullableValues({
+                        etag,
+                        lastModified,
+                        acceptRanges,
+                    })),
+                });
+            }
+        }
+    }
+    // If-None-Match support: https://httpwg.org/specs/rfc9110.html#field.if-none-match
+    // If-Modified-Since support: https://httpwg.org/specs/rfc9110.html#field.if-modified-since
+    if (etag || lastModified) {
+        let shouldReturnNotModified = false;
+        if (etag && headers.ifNoneMatch.matches(etag)) {
+            shouldReturnNotModified = true;
+        }
+        else if (lastModified && headers.ifNoneMatch.tags.length === 0) {
+            let ifModifiedSince = headers.ifModifiedSince;
+            if (ifModifiedSince != null) {
+                if (removeMilliseconds(lastModified) <= removeMilliseconds(ifModifiedSince)) {
+                    shouldReturnNotModified = true;
+                }
+            }
+        }
+        if (shouldReturnNotModified) {
+            return new Response(null, {
+                status: 304,
+                headers: new SuperHeaders(omitNullableValues({
+                    etag,
+                    lastModified,
+                    acceptRanges,
+                })),
+            });
+        }
+    }
+    // Range support: https://httpwg.org/specs/rfc9110.html#field.range
+    // If-Range support: https://httpwg.org/specs/rfc9110.html#field.if-range
+    if (acceptRanges && request.method === 'GET' && headers.has('Range')) {
+        let range = headers.range;
+        // Check if the Range header was sent but parsing resulted in no valid ranges (malformed)
+        if (range.ranges.length === 0) {
+            return new Response('Bad Request', {
+                status: 400,
+            });
+        }
+        // If-Range support: https://httpwg.org/specs/rfc9110.html#field.if-range
+        if (headers.ifRange.matches({
+            etag,
+            lastModified,
+        })) {
+            if (!range.canSatisfy(file.size)) {
+                return new Response('Range Not Satisfiable', {
+                    status: 416,
+                    headers: new SuperHeaders({
+                        contentRange: { unit: 'bytes', size: file.size },
+                    }),
+                });
+            }
+            let normalizedRanges = range.normalize(file.size);
+            // We only support single ranges (not multipart)
+            if (normalizedRanges.length > 1) {
+                return new Response('Range Not Satisfiable', {
+                    status: 416,
+                    headers: new SuperHeaders({
+                        contentRange: { unit: 'bytes', size: file.size },
+                    }),
+                });
+            }
+            let { start, end } = normalizedRanges[0];
+            let { size } = file;
+            return new Response(file.slice(start, end + 1), {
+                status: 206,
+                headers: new SuperHeaders(omitNullableValues({
+                    contentType,
+                    contentLength: end - start + 1,
+                    contentRange: { unit: 'bytes', start, end, size },
+                    etag,
+                    lastModified,
+                    cacheControl,
+                    acceptRanges,
+                })),
+            });
+        }
+    }
+    return new Response(request.method === 'HEAD' ? null : file, {
+        status: 200,
+        headers: new SuperHeaders(omitNullableValues({
+            contentType,
+            contentLength,
+            etag,
+            lastModified,
+            cacheControl,
+            acceptRanges,
+        })),
+    });
+}
+function generateWeakETag(file) {
+    return `W/"${file.size}-${file.lastModified}"`;
+}
+function omitNullableValues(headers) {
+    let result = {};
+    for (let key in headers) {
+        if (headers[key] != null) {
+            result[key] = headers[key];
+        }
+    }
+    return result;
+}
+/**
+ * Computes a digest (hash) for a file.
+ *
+ * @param file The file to hash
+ * @param digestOption Web Crypto algorithm name or custom digest function
+ * @returns The computed digest as a hex string
+ */
+async function computeDigest(file, digestOption) {
+    return typeof digestOption === 'function'
+        ? await digestOption(file)
+        : await hashFile(file, digestOption);
+}
+/**
+ * Hashes a file using Web Crypto API.
+ *
+ * Note: This loads the entire file into memory before hashing. For large files,
+ * consider using weak ETags (default) or providing a custom digest function.
+ *
+ * @param file The file to hash
+ * @param algorithm Web Crypto API algorithm name (default: 'SHA-256')
+ * @returns The hash as a hex string
+ */
+async function hashFile(file, algorithm = 'SHA-256') {
+    let buffer = await file.arrayBuffer();
+    let hashBuffer = await crypto.subtle.digest(algorithm, buffer);
+    return Array.from(new Uint8Array(hashBuffer))
+        .map((b) => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * Removes milliseconds from a timestamp, returning seconds.
+ * HTTP dates only have second precision, so this is useful for date comparisons.
+ */
+function removeMilliseconds(time) {
+    let timestamp = time instanceof Date ? time.getTime() : time;
+    return Math.floor(timestamp / 1000);
+}

package/dist/lib/html.d.ts

@@ -0,0 +1,13 @@
+import { type SafeHtml } from '@remix-run/html-template';
+type HtmlBody = string | SafeHtml | Blob | BufferSource | ReadableStream<Uint8Array>;
+/**
+ * Creates an HTML [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * that ensures the response has a valid DOCTYPE and appropriate `Content-Type` header.
+ *
+ * @param body The body of the response.
+ * @param init (optional) The `ResponseInit` object for the response.
+ * @returns A `Response` object with a HTML body and the appropriate `Content-Type` header.
+ */
+export declare function createHtmlResponse(body: HtmlBody, init?: ResponseInit): Response;
+export {};
+//# sourceMappingURL=html.d.ts.map

package/dist/lib/html.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"html.d.ts","sourceRoot":"","sources":["../../src/lib/html.ts"],"names":[],"mappings":"AAAA,OAAO,EAAc,KAAK,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AAIpE,KAAK,QAAQ,GAAG,MAAM,GAAG,QAAQ,GAAG,IAAI,GAAG,YAAY,GAAG,cAAc,CAAC,UAAU,CAAC,CAAA;AAEpF;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,EAAE,YAAY,GAAG,QAAQ,CAShF"}

package/dist/lib/html.js

@@ -0,0 +1,81 @@
+import { isSafeHtml } from '@remix-run/html-template';
+const DOCTYPE = '<!DOCTYPE html>';
+/**
+ * Creates an HTML [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * that ensures the response has a valid DOCTYPE and appropriate `Content-Type` header.
+ *
+ * @param body The body of the response.
+ * @param init (optional) The `ResponseInit` object for the response.
+ * @returns A `Response` object with a HTML body and the appropriate `Content-Type` header.
+ */
+export function createHtmlResponse(body, init) {
+    let payload = ensureDoctype(body);
+    let headers = new Headers(init?.headers);
+    if (!headers.has('Content-Type')) {
+        headers.set('Content-Type', 'text/html; charset=UTF-8');
+    }
+    return new Response(payload, { ...init, headers });
+}
+function ensureDoctype(body) {
+    if (isSafeHtml(body)) {
+        let str = String(body);
+        return startsWithDoctype(str) ? str : DOCTYPE + str;
+    }
+    if (typeof body === 'string') {
+        return startsWithDoctype(body) ? body : DOCTYPE + body;
+    }
+    if (body instanceof Blob) {
+        return prependDoctypeToStream(body.stream());
+    }
+    if (body instanceof ArrayBuffer || ArrayBuffer.isView(body)) {
+        let text = new TextDecoder().decode(body);
+        return startsWithDoctype(text) ? text : DOCTYPE + text;
+    }
+    if (body instanceof ReadableStream) {
+        return prependDoctypeToStream(body);
+    }
+    return body;
+}
+function startsWithDoctype(str) {
+    return /^\s*<!doctype html/i.test(str);
+}
+function prependDoctypeToStream(stream) {
+    let doctypeBytes = new TextEncoder().encode(DOCTYPE);
+    let reader = stream.getReader();
+    return new ReadableStream({
+        async start(controller) {
+            try {
+                // Read first chunk to check for DOCTYPE
+                let firstChunk = await reader.read();
+                if (firstChunk.done) {
+                    // Empty stream, just add DOCTYPE
+                    controller.enqueue(doctypeBytes);
+                    controller.close();
+                    return;
+                }
+                // Check if the first chunk starts with DOCTYPE
+                let text = new TextDecoder().decode(firstChunk.value, { stream: true });
+                if (startsWithDoctype(text)) {
+                    // Already has DOCTYPE, pass through
+                    controller.enqueue(firstChunk.value);
+                }
+                else {
+                    // Prepend DOCTYPE
+                    controller.enqueue(doctypeBytes);
+                    controller.enqueue(firstChunk.value);
+                }
+                // Pass through remaining chunks
+                while (true) {
+                    let { done, value } = await reader.read();
+                    if (done)
+                        break;
+                    controller.enqueue(value);
+                }
+                controller.close();
+            }
+            catch (error) {
+                controller.error(error);
+            }
+        },
+    });
+}

package/dist/lib/redirect.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Creates a redirect [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response).
+ *
+ * @param location The location to redirect to
+ * @param init (optional) The `ResponseInit` object for the response, or a status code
+ * @returns A `Response` object with a redirect header
+ */
+export declare function createRedirectResponse(location: string | URL, init?: ResponseInit | number): Response;
+//# sourceMappingURL=redirect.d.ts.map

package/dist/lib/redirect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect.d.ts","sourceRoot":"","sources":["../../src/lib/redirect.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,MAAM,GAAG,GAAG,EACtB,IAAI,CAAC,EAAE,YAAY,GAAG,MAAM,GAC3B,QAAQ,CAaV"}

package/dist/lib/redirect.js

@@ -0,0 +1,19 @@
+/**
+ * Creates a redirect [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response).
+ *
+ * @param location The location to redirect to
+ * @param init (optional) The `ResponseInit` object for the response, or a status code
+ * @returns A `Response` object with a redirect header
+ */
+export function createRedirectResponse(location, init) {
+    let status = 302;
+    if (typeof init === 'number') {
+        status = init;
+        init = undefined;
+    }
+    let headers = new Headers(init?.headers);
+    if (!headers.has('Location')) {
+        headers.set('Location', typeof location === 'string' ? location : location.toString());
+    }
+    return new Response(null, { status, ...init, headers });
+}

package/dist/redirect.d.ts

@@ -0,0 +1,2 @@
+export { createRedirectResponse } from './lib/redirect.ts';
+//# sourceMappingURL=redirect.d.ts.map

package/dist/redirect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"redirect.d.ts","sourceRoot":"","sources":["../src/redirect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAA"}

package/dist/redirect.js

@@ -0,0 +1 @@
+export { createRedirectResponse } from "./lib/redirect.js";

package/package.json

@@ -0,0 +1,58 @@
+{
+  "name": "@remix-run/response",
+  "version": "0.0.0",
+  "description": "Response helpers for the web Fetch API",
+  "author": "Michael Jackson <mjijackson@gmail.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/remix-run/remix.git",
+    "directory": "packages/response"
+  },
+  "homepage": "https://github.com/remix-run/remix/tree/main/packages/response#readme",
+  "files": [
+    "LICENSE",
+    "README.md",
+    "dist",
+    "src",
+    "!src/**/*.test.ts"
+  ],
+  "type": "module",
+  "exports": {
+    "./file": {
+      "types": "./dist/file.d.ts",
+      "default": "./dist/file.js"
+    },
+    "./html": {
+      "types": "./dist/html.d.ts",
+      "default": "./dist/html.js"
+    },
+    "./redirect": {
+      "types": "./dist/redirect.d.ts",
+      "default": "./dist/redirect.js"
+    },
+    "./package.json": "./package.json"
+  },
+  "devDependencies": {
+    "@types/node": "^24.6.0",
+    "typescript": "^5.9.3"
+  },
+  "peerDependencies": {
+    "@remix-run/headers": "^0.17.1",
+    "@remix-run/html-template": "^0.3.0"
+  },
+  "keywords": [
+    "fetch",
+    "response",
+    "http",
+    "html",
+    "file",
+    "redirect"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.build.json",
+    "clean": "git clean -fdX",
+    "test": "node --disable-warning=ExperimentalWarning --test './src/**/*.test.ts'",
+    "typecheck": "tsc --noEmit"
+  }
+}

package/src/file.ts

@@ -0,0 +1,5 @@
+export {
+  createFileResponse,
+  type FileDigestFunction,
+  type FileResponseOptions,
+} from './lib/file.ts'

package/src/html.ts

@@ -0,0 +1 @@
+export { createHtmlResponse } from './lib/html.ts'

package/src/lib/file.ts

@@ -0,0 +1,318 @@
+import SuperHeaders from '@remix-run/headers'
+
+/**
+ * Custom function for computing file digests.
+ *
+ * @param file The file to hash
+ * @returns The computed digest as a string
+ *
+ * @example
+ * async (file) => {
+ *   let buffer = await file.arrayBuffer()
+ *   return customHash(buffer)
+ * }
+ */
+export type FileDigestFunction = (file: File) => Promise<string>
+
+export interface FileResponseOptions {
+  /**
+   * Cache-Control header value. If not provided, no Cache-Control header will be set.
+   *
+   * @example 'public, max-age=31536000, immutable' // for hashed assets
+   * @example 'public, max-age=3600' // 1 hour
+   * @example 'no-cache' // always revalidate
+   */
+  cacheControl?: string
+  /**
+   * ETag generation strategy.
+   *
+   * - `'weak'`: Generates weak ETags based on file size and last modified time (`W/"<size>-<mtime>"`)
+   * - `'strong'`: Generates strong ETags by hashing file content (requires digest computation)
+   * - `false`: Disables ETag generation
+   *
+   * @default 'weak'
+   */
+  etag?: false | 'weak' | 'strong'
+  /**
+   * Hash algorithm or custom digest function for strong ETags.
+   *
+   * - String: Web Crypto API algorithm name ('SHA-256', 'SHA-384', 'SHA-512', 'SHA-1').
+   *   Note: Using strong ETags will buffer the entire file into memory before hashing.
+   *   Consider using weak ETags (default) or a custom digest function for large files.
+   * - Function: Custom digest computation that receives a File and returns the digest string
+   *
+   * Only used when `etag: 'strong'`. Ignored for weak ETags.
+   *
+   * @default 'SHA-256'
+   * @example async (file) => await customHash(file)
+   */
+  digest?: AlgorithmIdentifier | FileDigestFunction
+  /**
+   * Whether to include `Last-Modified` headers.
+   *
+   * @default true
+   */
+  lastModified?: boolean
+  /**
+   * Whether to support HTTP `Range` requests for partial content.
+   *
+   * When enabled, includes `Accept-Ranges` header and handles `Range` requests
+   * with 206 Partial Content responses.
+   *
+   * @default true
+   */
+  acceptRanges?: boolean
+}
+
+/**
+ * Creates a file [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * with full HTTP semantics including ETags, Last-Modified, conditional requests, and Range support.
+ *
+ * @param file The file to send
+ * @param request The request object
+ * @param options (optional) configuration options
+ * @returns A `Response` object containing the file
+ *
+ * @example
+ * import { createFileResponse } from '@remix-run/response/file'
+ * let file = openFile('./public/image.jpg')
+ * return createFileResponse(file, request, {
+ *   cacheControl: 'public, max-age=3600'
+ * })
+ */
+export async function createFileResponse(
+  file: File,
+  request: Request,
+  options: FileResponseOptions = {},
+): Promise<Response> {
+  let {
+    cacheControl,
+    etag: etagStrategy = 'weak',
+    digest: digestOption = 'SHA-256',
+    lastModified: lastModifiedEnabled = true,
+    acceptRanges: acceptRangesEnabled = true,
+  } = options
+
+  let headers = new SuperHeaders(request.headers)
+
+  let contentType = file.type
+  let contentLength = file.size
+
+  let etag: string | undefined
+  if (etagStrategy === 'weak') {
+    etag = generateWeakETag(file)
+  } else if (etagStrategy === 'strong') {
+    let digest = await computeDigest(file, digestOption)
+    etag = `"${digest}"`
+  }
+
+  let lastModified: number | undefined
+  if (lastModifiedEnabled) {
+    lastModified = file.lastModified
+  }
+
+  let acceptRanges: 'bytes' | undefined
+  if (acceptRangesEnabled) {
+    acceptRanges = 'bytes'
+  }
+
+  let hasIfMatch = headers.has('If-Match')
+
+  // If-Match support: https://httpwg.org/specs/rfc9110.html#field.if-match
+  if (etag && hasIfMatch && !headers.ifMatch.matches(etag)) {
+    return new Response('Precondition Failed', {
+      status: 412,
+      headers: new SuperHeaders(
+        omitNullableValues({
+          etag,
+          lastModified,
+          acceptRanges,
+        }),
+      ),
+    })
+  }
+
+  // If-Unmodified-Since support: https://httpwg.org/specs/rfc9110.html#field.if-unmodified-since
+  if (lastModified && !hasIfMatch) {
+    let ifUnmodifiedSince = headers.ifUnmodifiedSince
+    if (ifUnmodifiedSince != null) {
+      if (removeMilliseconds(lastModified) > removeMilliseconds(ifUnmodifiedSince)) {
+        return new Response('Precondition Failed', {
+          status: 412,
+          headers: new SuperHeaders(
+            omitNullableValues({
+              etag,
+              lastModified,
+              acceptRanges,
+            }),
+          ),
+        })
+      }
+    }
+  }
+
+  // If-None-Match support: https://httpwg.org/specs/rfc9110.html#field.if-none-match
+  // If-Modified-Since support: https://httpwg.org/specs/rfc9110.html#field.if-modified-since
+  if (etag || lastModified) {
+    let shouldReturnNotModified = false
+
+    if (etag && headers.ifNoneMatch.matches(etag)) {
+      shouldReturnNotModified = true
+    } else if (lastModified && headers.ifNoneMatch.tags.length === 0) {
+      let ifModifiedSince = headers.ifModifiedSince
+      if (ifModifiedSince != null) {
+        if (removeMilliseconds(lastModified) <= removeMilliseconds(ifModifiedSince)) {
+          shouldReturnNotModified = true
+        }
+      }
+    }
+
+    if (shouldReturnNotModified) {
+      return new Response(null, {
+        status: 304,
+        headers: new SuperHeaders(
+          omitNullableValues({
+            etag,
+            lastModified,
+            acceptRanges,
+          }),
+        ),
+      })
+    }
+  }
+
+  // Range support: https://httpwg.org/specs/rfc9110.html#field.range
+  // If-Range support: https://httpwg.org/specs/rfc9110.html#field.if-range
+  if (acceptRanges && request.method === 'GET' && headers.has('Range')) {
+    let range = headers.range
+
+    // Check if the Range header was sent but parsing resulted in no valid ranges (malformed)
+    if (range.ranges.length === 0) {
+      return new Response('Bad Request', {
+        status: 400,
+      })
+    }
+
+    // If-Range support: https://httpwg.org/specs/rfc9110.html#field.if-range
+    if (
+      headers.ifRange.matches({
+        etag,
+        lastModified,
+      })
+    ) {
+      if (!range.canSatisfy(file.size)) {
+        return new Response('Range Not Satisfiable', {
+          status: 416,
+          headers: new SuperHeaders({
+            contentRange: { unit: 'bytes', size: file.size },
+          }),
+        })
+      }
+
+      let normalizedRanges = range.normalize(file.size)
+
+      // We only support single ranges (not multipart)
+      if (normalizedRanges.length > 1) {
+        return new Response('Range Not Satisfiable', {
+          status: 416,
+          headers: new SuperHeaders({
+            contentRange: { unit: 'bytes', size: file.size },
+          }),
+        })
+      }
+
+      let { start, end } = normalizedRanges[0]
+      let { size } = file
+
+      return new Response(file.slice(start, end + 1), {
+        status: 206,
+        headers: new SuperHeaders(
+          omitNullableValues({
+            contentType,
+            contentLength: end - start + 1,
+            contentRange: { unit: 'bytes', start, end, size },
+            etag,
+            lastModified,
+            cacheControl,
+            acceptRanges,
+          }),
+        ),
+      })
+    }
+  }
+
+  return new Response(request.method === 'HEAD' ? null : file, {
+    status: 200,
+    headers: new SuperHeaders(
+      omitNullableValues({
+        contentType,
+        contentLength,
+        etag,
+        lastModified,
+        cacheControl,
+        acceptRanges,
+      }),
+    ),
+  })
+}
+
+function generateWeakETag(file: File): string {
+  return `W/"${file.size}-${file.lastModified}"`
+}
+
+type OmitNullableValues<T> = {
+  [K in keyof T as T[K] extends null | undefined ? never : K]: NonNullable<T[K]>
+}
+
+function omitNullableValues<T extends Record<string, any>>(headers: T): OmitNullableValues<T> {
+  let result: any = {}
+  for (let key in headers) {
+    if (headers[key] != null) {
+      result[key] = headers[key]
+    }
+  }
+  return result
+}
+
+/**
+ * Computes a digest (hash) for a file.
+ *
+ * @param file The file to hash
+ * @param digestOption Web Crypto algorithm name or custom digest function
+ * @returns The computed digest as a hex string
+ */
+async function computeDigest(
+  file: File,
+  digestOption: AlgorithmIdentifier | FileDigestFunction,
+): Promise<string> {
+  return typeof digestOption === 'function'
+    ? await digestOption(file)
+    : await hashFile(file, digestOption)
+}
+
+/**
+ * Hashes a file using Web Crypto API.
+ *
+ * Note: This loads the entire file into memory before hashing. For large files,
+ * consider using weak ETags (default) or providing a custom digest function.
+ *
+ * @param file The file to hash
+ * @param algorithm Web Crypto API algorithm name (default: 'SHA-256')
+ * @returns The hash as a hex string
+ */
+async function hashFile(file: File, algorithm: AlgorithmIdentifier = 'SHA-256'): Promise<string> {
+  let buffer = await file.arrayBuffer()
+  let hashBuffer = await crypto.subtle.digest(algorithm, buffer)
+  return Array.from(new Uint8Array(hashBuffer))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('')
+}
+
+/**
+ * Removes milliseconds from a timestamp, returning seconds.
+ * HTTP dates only have second precision, so this is useful for date comparisons.
+ */
+function removeMilliseconds(time: number | Date): number {
+  let timestamp = time instanceof Date ? time.getTime() : time
+  return Math.floor(timestamp / 1000)
+}

package/src/lib/html.ts

@@ -0,0 +1,97 @@
+import { isSafeHtml, type SafeHtml } from '@remix-run/html-template'
+
+const DOCTYPE = '<!DOCTYPE html>'
+
+type HtmlBody = string | SafeHtml | Blob | BufferSource | ReadableStream<Uint8Array>
+
+/**
+ * Creates an HTML [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response)
+ * that ensures the response has a valid DOCTYPE and appropriate `Content-Type` header.
+ *
+ * @param body The body of the response.
+ * @param init (optional) The `ResponseInit` object for the response.
+ * @returns A `Response` object with a HTML body and the appropriate `Content-Type` header.
+ */
+export function createHtmlResponse(body: HtmlBody, init?: ResponseInit): Response {
+  let payload: BodyInit = ensureDoctype(body)
+
+  let headers = new Headers(init?.headers)
+  if (!headers.has('Content-Type')) {
+    headers.set('Content-Type', 'text/html; charset=UTF-8')
+  }
+
+  return new Response(payload, { ...init, headers })
+}
+
+function ensureDoctype(body: HtmlBody): BodyInit {
+  if (isSafeHtml(body)) {
+    let str = String(body)
+    return startsWithDoctype(str) ? str : DOCTYPE + str
+  }
+
+  if (typeof body === 'string') {
+    return startsWithDoctype(body) ? body : DOCTYPE + body
+  }
+
+  if (body instanceof Blob) {
+    return prependDoctypeToStream(body.stream())
+  }
+
+  if (body instanceof ArrayBuffer || ArrayBuffer.isView(body)) {
+    let text = new TextDecoder().decode(body)
+    return startsWithDoctype(text) ? text : DOCTYPE + text
+  }
+
+  if (body instanceof ReadableStream) {
+    return prependDoctypeToStream(body)
+  }
+
+  return body
+}
+
+function startsWithDoctype(str: string): boolean {
+  return /^\s*<!doctype html/i.test(str)
+}
+
+function prependDoctypeToStream(stream: ReadableStream<Uint8Array>): ReadableStream<Uint8Array> {
+  let doctypeBytes = new TextEncoder().encode(DOCTYPE)
+  let reader = stream.getReader()
+
+  return new ReadableStream({
+    async start(controller) {
+      try {
+        // Read first chunk to check for DOCTYPE
+        let firstChunk = await reader.read()
+
+        if (firstChunk.done) {
+          // Empty stream, just add DOCTYPE
+          controller.enqueue(doctypeBytes)
+          controller.close()
+          return
+        }
+
+        // Check if the first chunk starts with DOCTYPE
+        let text = new TextDecoder().decode(firstChunk.value, { stream: true })
+        if (startsWithDoctype(text)) {
+          // Already has DOCTYPE, pass through
+          controller.enqueue(firstChunk.value)
+        } else {
+          // Prepend DOCTYPE
+          controller.enqueue(doctypeBytes)
+          controller.enqueue(firstChunk.value)
+        }
+
+        // Pass through remaining chunks
+        while (true) {
+          let { done, value } = await reader.read()
+          if (done) break
+          controller.enqueue(value)
+        }
+
+        controller.close()
+      } catch (error) {
+        controller.error(error)
+      }
+    },
+  })
+}

package/src/lib/redirect.ts

@@ -0,0 +1,24 @@
+/**
+ * Creates a redirect [`Response`](https://developer.mozilla.org/en-US/docs/Web/API/Response).
+ *
+ * @param location The location to redirect to
+ * @param init (optional) The `ResponseInit` object for the response, or a status code
+ * @returns A `Response` object with a redirect header
+ */
+export function createRedirectResponse(
+  location: string | URL,
+  init?: ResponseInit | number,
+): Response {
+  let status = 302
+  if (typeof init === 'number') {
+    status = init
+    init = undefined
+  }
+
+  let headers = new Headers(init?.headers)
+  if (!headers.has('Location')) {
+    headers.set('Location', typeof location === 'string' ? location : location.toString())
+  }
+
+  return new Response(null, { status, ...init, headers })
+}

package/src/redirect.ts

@@ -0,0 +1 @@
+export { createRedirectResponse } from './lib/redirect.ts'