Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@dansmaculotte/nuxt-security
Advanced tools
Readme
Module for Nuxt.js 2 to configure security headers and more
This module as been developed for Nuxt 2. If you are looking for an equivalent compatible with Nuxt 3, please have a look to https://www.npmjs.com/package/nuxt-security.
This module allows you to configure various security headers such as CSP, HSTS or even generate security.txt file. Here is a list of availables features :
@dansmaculotte/nuxt-security
dependency to your projectyarn add @dansmaculotte/nuxt-security # or npm install @dansmaculotte/nuxt-security
@dansmaculotte/nuxt-security
to the modules
section of nuxt.config.js
{
modules: [
// Simple usage
'@dansmaculotte/nuxt-security',
// With options
[
'@dansmaculotte/nuxt-security',
{
/* module options */
}
]
],
// Top level options
security: {}
}
dev
process.env.SECURITY_DEV || false
Enable module in development mode
hsts
null
This option rely on helmet hsts package.
Example:
hsts: {
maxAge: 15552000,
includeSubDomains: true,
preload: true
},
csp
null
This option rely on helmet csp package.
Example:
csp: {
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'"],
objectSrc: ["'self'"],
},
reportOnly: false,
},
referrer
null
This option rely on helmet referrer policy package.
Example:
referrer: 'same-origin',
permissions
null
This option rely on permissions policy package.
Example:
permissions: {
notifications: ['none']
},
Note: this come in replacement for feature
option as Feature-Policy
header is deprecated.
Previous features
option is still supported for now but displays a warning
and use Permissions-Policy header instead.
securityFile
null
This option allows you to generate a security.txt
described by securitytxt.org.
When generating for SPA applications, the file will appear in the dist/.well-known
folder.
For universal applications, the file is accessible at this path: /.well-known/security.txt
.
Example:
securityFile: {
contacts: [
'mailto:security@example.com',
'https://example.com/security'
],
// or contacts: 'mailto:security@example.com'
canonical: 'https://example.com/.well-know/security.txt',
preferredLanguages: ['fr', 'en'],
// or preferredLanguages: 'fr',
encryptions: ['https://example.com/pgp-key.txt'],
// or encryptions: 'https://example.com/pgp-key.txt',
acknowledgments: ['https://example.com/hall-of-fame.html'],
// or acknowledgments: 'https://example.com/hall-of-fame.html',
policies: ['https://example.com/policy.html'],
// or policies: 'https://example.com/policy.html',
hirings: ['https://example.com/jobs.html']
// or hirings: 'https://example.com/jobs.html'
},
additionalHeaders
false
If true
it adds additional headers :
X-Frame-Options: SAMEORIGIN
- documentationX-Xss-Protection: 1; mode=block
- documentationX-Content-Type-Options: nosniff
- documentationyarn install
or npm install
npm run dev
Copyright (c) Dans Ma Culotte tech@dansmaculotte.fr
FAQs
Module for Nuxt.js to configure security headers and more
The npm package @dansmaculotte/nuxt-security receives a total of 605 weekly downloads. As such, @dansmaculotte/nuxt-security popularity was classified as not popular.
We found that @dansmaculotte/nuxt-security demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.