venables/koa-helmet venables/koa-helmet

  • Stars
    star
    639
  • Rank 70,436 (Top 2 %)
  • Language
    JavaScript
  • License
    MIT License
  • Created over 10 years ago
  • Updated 8 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
venables/koa-helmet
github

venables

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Important security headers for koa

koa-helmet

Version Dependency Status js-semistandard-style Downloads

koa-helmet is a wrapper for helmet to work with koa. It provides important security headers to make your app more secure by default.

Installation

npm i koa-helmet

# or:

yarn add koa-helmet

Usage

Usage is the same as helmet

Helmet offers 11 security middleware functions:

// This...
app.use(helmet());

// ...is equivalent to this:
app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());

You can see more in the documentation.

Example

import Koa from 'koa';
import helmet from 'koa-helmet';

const app = new Koa();

app.use(helmet());

app.use((ctx) => {
  ctx.body = "Hello World"
});

app.listen(4000);

Testing

To run the tests, simply run

npm test

Versioning

  • koa-helmet >=2.x (master branch) supports koa 2.x
  • koa-helmet 1.x (koa-1 branch) supports koa 0.x and koa 1.x

More Repositories

1

typed-route-handler

Type-safe API Route Handlers for Next.js
TypeScript
76
star
2

node-where

A very simple geolocation library in node.js
JavaScript
37
star
3

bookshelf-secure-password

A Bookshelf.js plugin for handling secure passwords
JavaScript
24
star
4

koa-plus

The Koa framework extended for APIs. Optimized for security, scalability, and productivity.
JavaScript
16
star
5

koa-json-body

Single-purpose koa middleware to parse valid JSON request bodies and nothing else.
JavaScript
15
star
6

safe-target-blank

Using `target="_blank"` can be insecure. This helps.
JavaScript
13
star
7

totp.io

One-time passwords in your browser
JavaScript
9
star
8

where

A very simple geolocation library in Ruby
Ruby
6
star
9

koa-api

A barebones API using koa, bookshelf, postgres, mocha
JavaScript
4
star
10

nprogress-rails

Adds the nprogress slim progress bars libary to Rails
Ruby
3
star
11

has_secure_password_argon2

πŸ”’Drop-in replacement for has_secure_password that uses argon2
Ruby
3
star
12

sparkplug

Rails 3.1 Template
Ruby
2
star
13

beaker-rails

A barebones Rails 4.1 starter app focused on security and 100% test coverage
Ruby
2
star
14

hoptoad-cleaner

A "Resolve All" script for hoptoad
Ruby
1
star
15

gitpic-hook

A git post-commit hook for uploading photos to http://www.gipic.io
Shell
1
star
16

rails-json-api

A barebones, stateless, RESTFUL Rails JSON API server
Ruby
1
star
17

airbrake-resolve-all

Resolve All on Airbrake (Hoptoad)
Ruby
1
star
18

friendly_errors

Shows user-friendly error pages instead of 'Something went wrong'
Ruby
1
star
19

smaller-asset-rack

A (Smaller) Static Web Framework for Nodejs
CoffeeScript
1
star