Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@hint/hint-ssllabs

Package Overview
Dependencies
Maintainers
2
Versions
52
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hint/hint-ssllabs

hint that that checks using SSL Labs for best practices related to the website's SSL configuration

  • 1.0.0-beta.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
26K
increased by13.32%
Maintainers
2
Weekly downloads
 
Created
Source

SSL Server Test (ssllabs)

ssllabs does a deep analysis of the site's SSL configuration using SSL Labs’ SSL Server Test.

Why is this important?

SSL/TLS is a deceptively simple technology. It is easy to deploy, and it works--except when it does not. The main problem is that encryption is not often easy to deploy correctly. To ensure that TLS provides the necessary security, system administrators and developers must put extra effort into properly configuring their servers and developing their applications.

From SSL Labs’ SSL and TLS Deployment Best Practices

What does the hint check?

This hint uses the SSL Labs API via node-ssllabs to analyze the SSL configuration of a server and report a grade.

Please look at SSL Labs’ Methodology Overview if you want to know more about the process.

Notes:

  • Only servers on the public internet can be scanned by SSL Labs. Internal domains will fail.
  • SSL Labs might have decided not to allow scanning of a domain (if, for example, the owner has requested it).

Can the hint be configured?

By default the minimum grade is A- but you can configure it to any valid grade reported by SSL Labs by setting the grade option for the ssllabs hint in the .hintrc file.

E.g. The following configuration will change the minium grade to A+:

{
    "connector": {...},
    "formatters": [...],
    "hints": {
        "ssllabs": [ "error", {
            "grade": "A+"
        }],
        ...
    },
    ...
}

SSL Labs’ scanner also allows some configuration. By default the one used is:

{
    "all": "done",
    "fromCache": true,
    "maxAge": 2
}

You can override the defaults with the following configuration:

{
    "connector": {...},
    "formatters": [...],
    "hints": {
        "ssllabs": [ "error", {
            "ssllabs": {
                "fromCache": false,
                ...
            }
        }],
        ...
    },
    ...
}

The list of possible parameters is available in SSL Labs’ documentation with the difference that on/off parameters are booleans in our case as shown in node-ssllabs’ advanced usage.

How to use this hint?

To use it you will have to install it via npm:

npm install @hint/hint-ssllabs

Note: You can make npm install it as a devDependency using the --save-dev parameter, or to install it globally, you can use the -g parameter. For other options see npm's documentation.

And then activate it via the .hintrc configuration file:

{
    "connector": {...},
    "formatters": [...],
    "hints": {
        "ssllabs": "error",
        ...
    },
    "parsers": [...],
    ...
}

Further Reading

Keywords

FAQs

Package last updated on 17 Jul 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc