Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@middy/http-security-headers
Advanced tools
@middy/http-security-headers
Applies best practice security headers to responses. It's a simplified port of HelmetJS
Middy http-security-headers middleware
HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.
Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.
Install
To install this middleware you can use NPM:
npm install --save @middy/http-security-headers
Options
dnsPrefetchControlcontrols browser DNS prefetchingexpectCtfor handling Certificate Transparency (Future Feature)frameguardto prevent clickjackinghidePoweredByto remove the Server/X-Powered-By headerhstsfor HTTP Strict Transport SecurityieNoOpensets X-Download-Options for IE8+noSniffto keep clients from sniffing the MIME typereferrerPolicyto hide the Referer headerxssFilteradds some small XSS protections
Sample usage
import middy from '@middy/core'
import httpSecurityHeaders from '@middy/http-security-headers'
const handler = middy((event, context) => {
return {}
})
handler
.use(httpSecurityHeaders())
Middy documentation and examples
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2021 Luciano Mammino, will Farrell, and the Middy team.
FAQs
Applies best practice security headers to responses. It's a simplified port of HelmetJS
The npm package @middy/http-security-headers receives a total of 0 weekly downloads. As such, @middy/http-security-headers popularity was classified as not popular.
We found that @middy/http-security-headers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 25 Jan 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025