@arcjet/next
Advanced tools
@arcjet/next
Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.
This is the Arcjet SDK for the Next.js framework. Find our other SDKs on GitHub.
Try an Arcjet protected app live at https://example.arcjet.com (source code).
Arcjet security features for protecting Next.js apps:
Content-Security-Policy (CSP).This example will protect a Next.js API route with a rate limit, bot detection, and Shield WAF.
You can also find this quick start guide in the docs.
This is our adapter to integrate Arcjet into Next.js. Arcjet helps you secure your Next web application. This package exists so that we can provide the best possible experience to Next users.
You can use this if you are using Next.js. See our Get started guide for other supported frameworks.
This package is ESM only. Install with npm in Node.js:
npm install @arcjet/next
import arcjet, { shield } from "@arcjet/next";
import { NextResponse } from "next/server";
// Get your Arcjet key at <https://app.arcjet.com>.
// Set it as an environment variable instead of hard coding it.
const arcjetKey = process.env.ARCJET_KEY;
if (!arcjetKey) {
throw new Error("Cannot find `ARCJET_KEY` environment variable");
}
const aj = arcjet({
key: arcjetKey,
rules: [
// Shield protects your app from common attacks.
// Use `DRY_RUN` instead of `LIVE` to only log.
shield({ mode: "LIVE" }),
],
});
export async function GET(request: Request) {
const decision = await aj.protect(request);
if (decision.isDenied()) {
return NextResponse.json({ message: "Forbidden" }, { status: 429 });
}
return NextResponse.json({ message: "Hello world" });
}
For more on how to configure Arcjet with Next.js and how to protect Next, see the Arcjet Next.js SDK reference on our website.
1.0.0-beta.11 (2025-09-03)
Cidr type (#4877) (96674f4)dom.iterable, dom, lib (#5047) (fba8564)LoggerOptions to Options (#4874) (78962de)package-lock.json (#4794) (e17962b)Options, deprecate NoseconeOptions (#4855) (c504315)hasAsn, deprecate hasASN (#4889) (4990e80)@arcjet/tsconfig (#5022) (fdca6a9)unknown (#4873) (5025378)FAQs
Arcjet SDK for the Next.js framework
The npm package @arcjet/next receives a total of 14,875 weekly downloads. As such, @arcjet/next popularity was classified as popular.
We found that @arcjet/next demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.ย It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
Research
/Security News
Malicious update to @ctrl/tinycolor on npm is part of a supply-chain attack hitting 40+ packages across maintainers