Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@arcjet/next
Advanced tools
@arcjet/next
Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.
This is the Arcjet SDK for the Next.js framework. Find our other SDKs on GitHub.
Example app
Try an Arcjet protected app live at https://example.arcjet.com (source code).
Features
Arcjet security features for protecting Next.js apps:
- 🤖 Bot protection - manage traffic by automated clients and bots.
- 🛑 Rate limiting - limit the number of requests a client can make.
- 🛡️ Shield WAF - protect your application against common attacks.
- 📧 Email validation - prevent users from signing up with fake email addresses.
- 📝 Signup form protection - combines rate limiting, bot protection, and email validation to protect your signup forms.
- 🕵️♂️ Sensitive information detection - block personally identifiable information (PII).
- 🚅 Nosecone - set security headers such as
Content-Security-Policy(CSP).
Quick start
This example will protect a Next.js API route with a rate limit, bot detection, and Shield WAF.
You can also find this quick start guide in the docs.
What is this?
This is our adapter to integrate Arcjet into Next.js. Arcjet helps you secure your Next web application. This package exists so that we can provide the best possible experience to Next users.
When should I use this?
You can use this if you are using Next.js. See our Get started guide for other supported frameworks.
Install
This package is ESM only. Install with npm in Node.js:
npm install @arcjet/next
Use
import arcjet, { shield } from "@arcjet/next";
import { NextResponse } from "next/server";
// Get your Arcjet key at <https://app.arcjet.com>.
// Set it as an environment variable instead of hard coding it.
const arcjetKey = process.env.ARCJET_KEY;
if (!arcjetKey) {
throw new Error("Cannot find `ARCJET_KEY` environment variable");
}
const aj = arcjet({
key: arcjetKey,
rules: [
// Shield protects your app from common attacks.
// Use `DRY_RUN` instead of `LIVE` to only log.
shield({ mode: "LIVE" }),
],
});
export async function GET(request: Request) {
const decision = await aj.protect(request);
if (decision.isDenied()) {
return NextResponse.json({ message: "Forbidden" }, { status: 429 });
}
return NextResponse.json({ message: "Hello world" });
}
For more on how to configure Arcjet with Next.js and how to protect Next, see the Arcjet Next.js SDK reference on our website.
License
1.0.0-beta.11 (2025-09-03)
⚠ BREAKING CHANGES
- redact: improve types around custom entities (#4883)
- protocol: remove enum-like objects (#5053)
- env: remove support for explicit port on orb (#4988)
🚀 New Features
- add filter rule (#4802) (40953e1)
- env: Support trailing slashes on ARCJET_BASE_URL (#5035) (db1a4ac)
- ip: expose
Cidrtype (#4877) (96674f4)
🪲 Bug Fixes
- env: remove support for explicit port on orb (#4988) (3e601d7)
- protocol: Remove change that disjoined IP details and assertions (#4859) (#4913) (3304e9c)
- types: remove need for
dom.iterable,dom, lib (#5047) (fba8564)
📝 Documentation
- add info on derivative works to license sections (#4654) (d427c39)
- add JSDocs to exposed API in 10 utilities (#4741) (f836ea2)
- analyze-wasm: add JSDocs (#4996) (e7a4ba6)
- arcjet: add JSDocs (#4997) (de57d5e)
- astro: add JSDocs (#5015) (131e781)
- bun: add JSDocs (#5018) (a9e946a)
- deno: add JSDocs (#5031) (18a2700)
- examples: remove unneeded port from steps (#4987) (a908b16)
- fastify: refactor JSDocs (#5032) (9c7405f)
- logger: add JSDocs (#4839) (107c145)
- nest: add JSDocs (#5034) (0ff6b3f)
- next: refactor JSDocs (#5038) (fc61a27)
- node: add JSDocs (#5039) (309738a)
- nosecone-next: add JSDocs (#4841) (689ea3c)
- nosecone-sveltekit: add JSDocs (#4842) (de708af)
- nosecone: add derivative works to readme (#4854) (73f2bcb)
- nosecone: add JSDocs (#4840) (ead53e5)
- protocol: add JSDocs (#4851) (c1021e9)
- readme: fix list of example apps (#4891) (36ea1ca)
- readme: fix list of quick start guides (#4890) (e90d6e4)
- redact-wasm: add JSDocs (#4844) (e187ff8)
- redact: add JSDocs (#4843) (b6b14bb)
- remix: add JSDocs (#5049) (4a9efcf)
- rollup-config: add JSDocs (#4845) (3b5b477)
- runtime: add JSDocs (#4846) (a740694)
- sprintf: add JSDocs (#4847) (a5b5084)
- sprintf: add JSDocs (#4848) (d9b0adb)
- stable-hash: add derivative work to readme (#4858) (b693f2b)
- sveltekit: add JSDocs (#5050) (8077f9c)
- transport: add JSDocs (#4849) (a59390b)
🧹 Miscellaneous Chores
- decorate: add type errors for invalid values (#4865) (0f73483)
- example: Update Gatsby overrides (#5036) (fd0b115)
- headers: expose named export, deprecate default (#4860) (8d716b9)
- ip: expose named export, deprecate default (#4876) (fcb83a3)
- logger: rename
LoggerOptionstoOptions(#4874) (78962de) - normalize
package-lock.json(#4794) (e17962b) - nosecone-next: expose named export, deprecate default (#4879) (605e647)
- nosecone-sveltekit: expose named export, deprecate default (#4880) (d0e9aaf)
- nosecone: expose
Options, deprecateNoseconeOptions(#4855) (c504315) - nosecone: expose named export, deprecate default (#4878) (e7607de)
- protocol: add
hasAsn, deprecatehasASN(#4889) (4990e80) - protocol: remove enum-like objects (#5053) (cc76e1c)
- sprintf: expose named export, deprecate default (#4875) (a2624b4)
- tsconfig: remove
@arcjet/tsconfig(#5022) (fdca6a9)
⌨️ Code Refactoring
- ip: rename identifiers to match other casing (#4723) (4cbd844)
- logger: replace abbreviations with words (#4853) (de963dc)
- logger: use more specific type than
unknown(#4873) (5025378) - protocol: remove unneeded type utility (#4859) (0a638ae)
- redact: improve types around custom entities (#4883) (0b09945)
- redact: remove repetition in code (#4881) (191ccb7)
- redact: reuse exposed types (#4856) (2380307)
- sprintf: replace abbreviations with words (#4857) (13bac85)
📚 Tests
✅ Continuous Integration
FAQs
Arcjet SDK for the Next.js framework
The npm package @arcjet/next receives a total of 13,778 weekly downloads. As such, @arcjet/next popularity was classified as popular.
We found that @arcjet/next demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 03 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025