Security News
PEP 810 Proposes Explicit Lazy Imports for Python 3.15
An opt-in lazy import keyword aims to speed up Python startups, especially CLIs, without the ecosystem-wide risks that sank PEP 690.
By Sarah Gooding - Oct 04, 2025
Introducing Socket Firewall: Free, Proactive Protection for Your Software Supply Chain.Learn More →
@arcjet/next
Advanced tools
@arcjet/next
Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.
This is the Arcjet SDK for the Next.js framework. Find our other SDKs on GitHub.
Example app
Try an Arcjet protected app live at https://example.arcjet.com (source code).
Features
Arcjet security features for protecting Next.js apps:
- 🤖 Bot protection - manage traffic by automated clients and bots.
- 🛑 Rate limiting - limit the number of requests a client can make.
- 🛡️ Shield WAF - protect your application against common attacks.
- 📧 Email validation - prevent users from signing up with fake email addresses.
- 📝 Signup form protection - combines rate limiting, bot protection, and email validation to protect your signup forms.
- 🕵️♂️ Sensitive information detection - block personally identifiable information (PII).
- 🚅 Nosecone - set security headers such as
Content-Security-Policy(CSP).
Quick start
This example will protect a Next.js API route with a rate limit, bot detection, and Shield WAF.
You can also find this quick start guide in the docs.
What is this?
This is our adapter to integrate Arcjet into Next.js. Arcjet helps you secure your Next web application. This package exists so that we can provide the best possible experience to Next users.
When should I use this?
You can use this if you are using Next.js. See our Get started guide for other supported frameworks.
Install
This package is ESM only. Install with npm in Node.js:
npm install @arcjet/next
Use
import arcjet, { shield } from "@arcjet/next";
import { NextResponse } from "next/server";
// Get your Arcjet key at <https://app.arcjet.com>.
// Set it as an environment variable instead of hard coding it.
const arcjetKey = process.env.ARCJET_KEY;
if (!arcjetKey) {
throw new Error("Cannot find `ARCJET_KEY` environment variable");
}
const aj = arcjet({
key: arcjetKey,
rules: [
// Shield protects your app from common attacks.
// Use `DRY_RUN` instead of `LIVE` to only log.
shield({ mode: "LIVE" }),
],
});
export async function GET(request: Request) {
const decision = await aj.protect(request);
if (decision.isDenied()) {
return NextResponse.json({ message: "Forbidden" }, { status: 429 });
}
return NextResponse.json({ message: "Hello world" });
}
For more on how to configure Arcjet with Next.js and how to protect Next, see the Arcjet Next.js SDK reference on our website.
License
FAQs
Arcjet SDK for the Next.js framework
The npm package @arcjet/next receives a total of 13,367 weekly downloads. As such, @arcjet/next popularity was classified as popular.
We found that @arcjet/next demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 23 Sep 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PodRocket Podcast: Inside the Recent npm Supply Chain Attacks
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
By Sarah Gooding - Oct 02, 2025
Security News
Package Maintainers Call for Improvements to GitHub’s New npm Security Plan
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
By Sarah Gooding - Sep 30, 2025