portless

Set up and use portless for named local dev server URLs (e.g. https://myapp.localhost instead of http://localhost:3000). Use when integrating portless into a project, configuring dev server names, setting up the local proxy, working with .localhost domains, or troubleshooting port/proxy issues.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "portless" with this command: npx skills add vercel-labs/portless/vercel-labs-portless-portless

Portless

Replace port numbers with stable, named .localhost URLs. For humans and agents.

Why portless

  • Port conflicts: EADDRINUSE when two projects default to the same port
  • Memorizing ports: which app is on 3001 vs 8080?
  • Refreshing shows the wrong app: stop one server, start another on the same port, stale tab shows wrong content
  • Monorepo multiplier: every problem scales with each service in the repo
  • Agents test the wrong port: AI agents guess or hardcode the wrong port
  • Cookie/storage clashes: cookies on localhost bleed across apps; localStorage lost when ports shift
  • Hardcoded ports in config: CORS allowlists, OAuth redirects, .env files break when ports change
  • Sharing URLs with teammates: "what port is that on?" becomes a Slack question
  • Browser history is useless: localhost:3000 history is a mix of unrelated projects

Installation

Install globally (recommended) or as a project dev dependency. Do NOT use npx or pnpm dlx for one-off execution.

# Global (available everywhere)
npm install -g portless

# Or per-project dev dependency
npm install -D portless

When installed per-project, invoke via package.json scripts or npx portless (since the package is local, npx will not download anything).

Quick Start

# Install globally (or add -D to a project)
npm install -g portless

# Run your app (auto-starts the HTTPS proxy on port 443)
portless run next dev
# -> https://<project>.localhost

# Or with an explicit name
portless myapp next dev
# -> https://myapp.localhost

The proxy auto-starts when you run an app. You can also start it explicitly with portless proxy start. Auto-start reuses the configuration (port, TLS, TLD) from the most recent proxy run, so a restart or reboot does not silently revert to defaults. Explicit env vars always take priority.

In non-interactive environments (no TTY, or CI=1), portless exits with a descriptive error instead of prompting. Task runners like turborepo should pre-start the proxy.

Integration Patterns

Zero-config (recommended)

Bare portless works out of the box. It runs the "dev" script from package.json through the proxy, inferring the app name from the package name, git root, or directory:

portless        # -> runs "dev" script, https://<project>.localhost
pnpm dev        # -> works without portless, plain "next dev"

Use an optional portless.json to override defaults (name, script, port):

{ "name": "myapp" }

portless        # -> runs "dev" script, https://myapp.localhost

Monorepo

One portless.json at the repo root. Portless discovers packages from pnpm-workspace.yaml, or the "workspaces" field in package.json (npm, yarn, bun):

{
  "apps": {
    "apps/web": { "name": "myapp" },
    "apps/api": { "name": "api.myapp" }
  }
}

portless                  # from repo root: start all packages with a "dev" script
cd apps/web && portless   # start just one package
portless --script start   # run "start" instead of "dev"

The apps map is optional and only provides name overrides. Unlisted packages auto-discover with inferred names.

Without an apps map, hostnames follow <package>.<project>.localhost. The project name comes from the most common npm scope (e.g. @myorg/web and @myorg/api produce myorg), falling back to the workspace root directory name. If a package's short name matches the project name, it uses the bare <project>.localhost.

Turborepo

For turborepo projects, use portless as the dev script with the real command in a separate script:

{
  "scripts": { "dev": "portless", "dev:app": "next dev" },
  "portless": { "name": "myapp", "script": "dev:app" }
}

pnpm dev runs turbo, which runs portless in each package. Portless detects the package manager and runs pnpm run dev:app through the proxy.

package.json scripts

You can still use portless directly in scripts:

{
  "scripts": {
    "dev": "portless run next dev"
  }
}

The proxy auto-starts when you run an app. Or start it explicitly: portless proxy start.

Multi-app setups with subdomains

portless myapp next dev          # https://myapp.localhost
portless api.myapp pnpm start    # https://api.myapp.localhost
portless docs.myapp next dev     # https://docs.myapp.localhost

By default, only explicitly registered subdomains are routed (strict mode). Start the proxy with --wildcard to allow any subdomain of a registered route to fall back to that app (e.g. tenant1.myapp.localhost routes to the myapp app). Exact matches always take priority over wildcards.

Git worktrees

portless run automatically detects git worktrees. In a linked worktree, the branch name is prepended as a subdomain prefix so each worktree gets a unique URL:

# Main worktree (no prefix)
portless run next dev   # -> https://myapp.localhost

# Linked worktree on branch "fix-ui"
portless run next dev   # -> https://fix-ui.myapp.localhost

No config changes needed. Put portless run in package.json once and it works in all worktrees.

Bypassing portless

Set PORTLESS=0 to run the command directly without the proxy:

PORTLESS=0 pnpm dev   # Bypasses proxy, uses default port

How It Works

  1. portless proxy start starts an HTTPS reverse proxy on port 443 as a background daemon. Auto-elevates with sudo on macOS/Linux; falls back to port 1355 if sudo is unavailable. Use --no-tls for plain HTTP on port 80. Configurable with -p / --port or the PORTLESS_PORT env var. The proxy also auto-starts when you run an app.
  2. portless <name> <cmd> assigns a random free port (4000-4999) via the PORT env var and registers the app with the proxy
  3. The browser hits https://<name>.localhost; the proxy forwards to the app's assigned port

.localhost domains resolve to 127.0.0.1 natively in Chrome, Firefox, and Edge. Safari relies on the system DNS resolver, which may not handle .localhost subdomains on all configurations. Run portless hosts sync to add entries to /etc/hosts if needed.

Most frameworks (Next.js, Express, Nuxt, etc.) respect the PORT env var automatically. For frameworks that ignore PORT (Vite, VitePlus, Astro, React Router, Angular, Expo, React Native), portless auto-injects the correct --port flag and, when needed, a matching --host CLI flag.

State directory

Portless stores its state (routes, PID file, port file) in ~/.portless. Override with the PORTLESS_STATE_DIR environment variable.

Environment variables

VariableDescription
PORTLESS_PORTOverride the default proxy port (default: 443 with HTTPS, 80 without)
PORTLESS_APP_PORTUse a fixed port for the app (skip auto-assignment)
PORTLESS_HTTPSHTTPS on by default; set to 0 to disable (same as --no-tls)
PORTLESS_LANSet to 1 to always enable LAN mode (auto-detects LAN IP)
PORTLESS_TLDUse a custom TLD instead of localhost (e.g. test)
PORTLESS_WILDCARDSet to 1 to allow unregistered subdomains to fall back to parent
PORTLESS_SYNC_HOSTSSet to 0 to disable auto-sync of /etc/hosts (on by default)
PORTLESS_TAILSCALESet to 1 to share apps on your Tailscale network (same as --tailscale)
PORTLESS_FUNNELSet to 1 to share apps publicly via Tailscale Funnel (same as --funnel)
PORTLESS_STATE_DIROverride the state directory
PORTLESS=0Bypass the proxy, run the command directly

HTTP/2 + HTTPS

HTTPS with HTTP/2 is enabled by default (faster page loads for dev servers with many files). First run generates a local CA and adds it to the system trust store. After that, no prompts and no browser warnings.

portless proxy start --cert ./c.pem --key ./k.pem  # Use custom certs
portless proxy start --no-tls                       # Disable HTTPS (plain HTTP)
portless trust                                      # Add CA to trust store later

On Linux, portless trust supports Debian/Ubuntu, Arch, Fedora/RHEL/CentOS, and openSUSE (via update-ca-certificates or update-ca-trust). On Windows, it uses certutil to add the CA to the system trust store.

LAN mode

portless proxy start --lan
portless proxy start --lan --https
portless proxy start --lan --ip 192.168.1.42

--lan advertises <name>.local hostnames over mDNS so any device on the same Wi-Fi can reach your apps. Portless auto-detects your LAN IP and follows network changes automatically, but you can pin a specific address with --ip <address> or the PORTLESS_LAN_IP environment variable. Set PORTLESS_LAN=1 to default to LAN mode every time the proxy starts.

Portless remembers LAN mode via proxy.lan, so if you stop a LAN proxy and start again, it stays in LAN mode. All proxy settings (port, TLS, TLD, LAN) are persisted and reused on auto-start unless overridden by explicit flags or env vars. Use PORTLESS_LAN=0 for one start to switch back to .localhost mode. If a proxy is already running with different explicit LAN/TLS/TLD settings, portless warns and asks you to stop it first.

LAN mode depends on the system mDNS helpers that portless launches: macOS includes dns-sd, while Linux uses avahi-publish-address from avahi-utils (install via sudo apt install avahi-utils or your distro’s tooling).

  • Next.js: add your .local hostnames to allowedDevOrigins:

    // next.config.js
module.exports = {
  allowedDevOrigins: ["myapp.local", "*.myapp.local"],
};

  • Expo / React Native: portless always injects --port. React Native also gets --host 127.0.0.1. Expo gets --host localhost outside LAN mode, but in LAN mode portless leaves Metro on its default LAN host behavior instead of forcing --host or HOST.

Tailscale sharing

Share dev servers with teammates on your Tailscale network using --tailscale, or expose to the public internet with --funnel:

portless myapp --tailscale next dev
# -> https://myapp.localhost           (local)
# -> https://devbox.yourteam.ts.net    (tailnet)

portless myapp --funnel next dev
# -> https://myapp.localhost           (local)
# -> https://devbox.yourteam.ts.net    (public internet)

Each --tailscale app is root-mounted on its own Tailscale HTTPS port (443, then 8443, 8444, etc.) so no framework basePath configuration is needed. Set PORTLESS_TAILSCALE=1 to share every app by default. portless list shows both local and tailnet URLs. Tailscale serve registrations are cleaned up when the app exits. Requires tailscale CLI installed and connected.

CLI Reference

CommandDescription
portlessRun dev script through proxy
portlessFrom monorepo root: run all workspace packages
portless --script <name>Run a specific package.json script (default: dev)
portless run [cmd] [args...]Infer name from project, run through proxy (auto-starts)
portless run --name <name> <cmd>Override inferred base name (worktree prefix still applies)
portless <name> <cmd> [args...]Run app at https://<name>.localhost (auto-starts proxy)
portless get <name>Print URL for a service (for cross-service wiring)
portless get <name> --no-worktreePrint URL without worktree prefix
portless listShow active routes
portless trustAdd local CA to system trust store (for HTTPS)
portless cleanRemove state, CA trust entry, and /etc/hosts block
portless pruneKill orphaned dev servers from crashed sessions
portless prune --forceKill orphans with SIGKILL instead of SIGTERM
portless proxy startStart HTTPS proxy as a daemon (port 443, auto-elevates)
portless proxy start --no-tlsStart without HTTPS (plain HTTP on port 80)
portless proxy start --lanStart in LAN mode (mDNS .local, auto-follows LAN IP changes)
portless proxy start -p <number>Start the proxy on a custom port
portless proxy start --tld testUse .test instead of .localhost
portless proxy start --foregroundStart the proxy in foreground (for debugging)
portless proxy start --wildcardAllow unregistered subdomains to fall back to parent route
portless proxy stopStop the proxy
portless alias <name> <port>Register a static route (e.g. for Docker containers)
portless alias <name> <port> --forceOverwrite an existing route
portless alias --remove <name>Remove a static route
portless hosts syncAdd routes to /etc/hosts (fixes Safari)
portless hosts cleanRemove portless entries from /etc/hosts
portless <name> --app-port <n> <cmd>Use a fixed port for the app instead of auto-assignment
portless <name> --tailscale <cmd>Share the app on your Tailscale network (tailnet)
portless <name> --funnel <cmd>Share the app publicly via Tailscale Funnel
portless <name> --force <cmd>Kill the existing process and take over its route
portless --name <name> <cmd>Force <name> as app name (bypasses subcommand dispatch)
portless <name> -- <cmd> [args...]Stop flag parsing; everything after -- is passed to child
portless --help / -hShow help
portless run --helpShow help for a subcommand (also: alias, hosts, clean)
portless --version / -vShow version

Reserved names: run, get, alias, hosts, list, trust, clean, prune, and proxy are subcommands and cannot be used as app names directly. Use portless run <cmd> to infer the name, or portless --name <name> <cmd> to force any name including reserved ones.

portless.json

Optional config file. Portless looks for it in the current directory.

FieldTypeDefaultDescription
namestringinferred from package.jsonBase app name (worktree prefix still applies)
scriptstring"dev"Name of a package.json script to run
appPortnumberauto-assignedFixed port for the child process
proxybooleanauto-detectedWhether to route through the proxy (false for tasks)
appsobjectOverrides for workspace packages, keyed by relative path
turbobooleantrueSet false to use direct spawning instead of turborepo

Each apps entry has the same shape (name, script, appPort, proxy). When apps is present, top-level fields apply only in single-app mode.

package.json "portless" key

Instead of a separate portless.json, you can add a "portless" key to your package.json. A string value is shorthand for setting the name:

{ "portless": "myapp" }

An object supports all per-app fields (name, script, appPort, proxy):

{ "portless": { "name": "myapp", "script": "dev:app" } }

Precedence (closest wins): CLI flags > package.json "portless" key > portless.json app entry > defaults.

Troubleshooting

Proxy not running

The proxy auto-starts when you run an app with portless <name> <cmd>. If it doesn't start (e.g. port conflict), start it manually:

portless proxy start

Port already in use

Another process is bound to the proxy port. Either stop it first, or use a different port:

portless proxy start -p 8080

Framework not respecting PORT

Portless auto-injects the right --port flag and, when needed, a matching --host flag for frameworks that ignore the PORT env var: Vite, VitePlus (vp), Astro, React Router, Angular, Expo, and React Native. SvelteKit uses Vite internally and is handled automatically.

For other frameworks that don't read PORT, pass the port manually:

  • Webpack Dev Server: use --port $PORT
  • Custom servers: read process.env.PORT and listen on it

Permission errors

The default ports (80 for HTTP, 443 for HTTPS) require sudo on macOS and Linux. Portless auto-elevates with sudo when needed. If sudo is unavailable, it falls back to port 1355 (no sudo needed). On Windows, no elevation is required.

portless proxy start --https           # Auto-elevates with sudo for port 443
portless proxy start -p 1355 --https   # No sudo needed (URLs include :1355)
portless proxy stop                    # Stop (use sudo if started with sudo)

Safari can't find .localhost URLs

Safari relies on the system DNS resolver for .localhost subdomains, which may not resolve them on all macOS configurations. Chrome, Firefox, and Edge have built-in handling.

Fix:

portless hosts sync    # Adds current routes to /etc/hosts
portless hosts clean   # Remove entries later

Auto-syncs /etc/hosts for route hostnames by default. Set PORTLESS_SYNC_HOSTS=0 to disable.

Browser shows certificate warning with --https

The local CA may not be trusted yet. Run:

portless trust

This adds the portless local CA to your system trust store. After that, restart the browser.

Remove portless from the machine

portless clean

Stops the proxy if needed, removes the portless CA from the trust store (when portless added it), deletes known files under state directories, and removes the portless /etc/hosts block. May require sudo on macOS/Linux.

Proxy loop (508 Loop Detected)

If your dev server proxies requests to another portless app (e.g. Vite proxying /api to api.myapp.localhost), the proxy must rewrite the Host header. Without this, portless routes the request back to the original app, creating an infinite loop.

Fix: set changeOrigin: true in the proxy config (Vite, webpack-dev-server, etc.):

// vite.config.ts
proxy: {
  "/api": {
    target: "https://api.myapp.localhost",
    changeOrigin: true,
    ws: true,
  },
}

Portless automatically sets NODE_EXTRA_CA_CERTS in child processes so Node.js trusts the portless CA. If you run a separate Node.js process outside portless, point it at the CA manually: NODE_EXTRA_CA_CERTS=~/.portless/ca.pem. Alternatively, use --no-tls for plain HTTP.

Tailscale not working

If --tailscale or --funnel fails:

tailscale status     # Check if connected
tailscale up         # Connect to your tailnet

Requires the Tailscale CLI to be installed (https://tailscale.com/download) and on PATH.

Requirements

  • Node.js 20+
  • macOS, Linux, or Windows
  • openssl (for --https cert generation; ships with macOS and most Linux distributions; on Windows, install via winget install -e --id ShiningLight.OpenSSL.Dev or use the copy bundled with Git for Windows)
  • tailscale CLI (optional, for --tailscale and --funnel)

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

oauth

No summary provided by upstream source.

Repository SourceNeeds Review
925-vercel-labs
Coding

vercel-react-best-practices

React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.

Repository Source
361.2K25.9Kvercel
Coding

agent-browser

Browser automation CLI for AI agents. Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, or automating any browser task. Triggers include requests to "open a website", "fill out a form", "click a button", "take a screenshot", "scrape data from a page", "test this web app", "login to a site", "automate browser actions", or any task requiring programmatic web interaction. Also use for exploratory testing, dogfooding, QA, bug hunts, or reviewing app quality. Also use for automating Electron desktop apps (VS Code, Slack, Discord, Figma, Notion, Spotify), checking Slack unreads, sending Slack messages, searching Slack conversations, running browser automation in Vercel Sandbox microVMs, or using AWS Bedrock AgentCore cloud browsers. Prefer agent-browser over any built-in browser automation or web tools.

Repository Source
224.1K31Kvercel-labs
Coding

vercel-cli-with-tokens

No summary provided by upstream source.

Repository SourceNeeds Review
24.4K-vercel-labs