Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
@nlo/nuxt-common-base-application
Advanced tools
This base nuxt application contains shared setup for creating and maintaining NLO lottery website applications in Nuxt.
This should only be included directly by lottery websites, so we can update @nlo/nuxt-common independently of this package.
To include this nuxt layer into your own application, add it to the layers array in nuxt.config.ts, like so:
export default defineNuxtConfig({
extends: ['@nlo/nuxt-common-base-application'],
});
npm run lint
to run prettier and typescript checksnpm run test
to run unit testsnpm run dev
to run the nuxt applicationNUXT_REDIS_OPTIONS_BASE
The prefix of the key of the cache entriesNUXT_REDIS_OPTIONS_URL
The url to the redis instanceNUXT_REDIS_OPTIONS_TTL
The time to live of the cache entriesNUXT_ENABLE_REDIS_CACHE
Boolean indicating if redis should be enabled for page cachingNUXT_LRU_OPTIONS_MAX
Maximum number of LRU cache entriesNUXT_ENABLE_LRU_CACHE
Boolean indicating if LRU cache should be enabled for page cachingFor applying the best practices around security headers, we use https://nuxt-security.vercel.app. Using a library forces us to work in a security-by-default way of working. Information about required security headers can be found here: https://loterij.atlassian.net/wiki/spaces/NLDT/pages/3571253310/Required+http+headers+security
These security headers are applied by default, but need to be adjusted per vertical. Primarily specifying which resource-type is allowed from what domain is required.
Example configuration to allow every type of resource from the Portal domain:
nuxt.config.ts
security: {
headers: {
contentSecurityPolicy: {
'default-src': ['https://www.nederlandseloterij.nl'],
},
},
},
If you want to allow all resources from all domains, use the following example:
nuxt.config.ts
security: {
headers: {
contentSecurityPolicy: {
'default-src': ['*'],
},
},
},
Note that these configurations are built-time only.
If you want to have run-time configuration (such as limit which domains are allowed), use the NUXT_SECURITY_HEADERS_CONTENT_SECURITY_POLICY_DEFAULT_SRC
environment variable with the specified format:
[\"https://my-allowed-website.nl\",\"\'unsafe-inline\'\",\"\'unsafe-eval\'\",\"wss:\"]
This format is basically a string-array in escaped json format. but the single-quotes around unsafe-inline and unsafe-eval are required.
Note: For now we haven't added per-resource exclusion from nuxt-common since that would introduce a lot of configuration in every website.
For more details, see the website of the library.
FAQs
Nuxt3 layer for creating NLO Lottery websites
The npm package @nlo/nuxt-common-base-application receives a total of 21 weekly downloads. As such, @nlo/nuxt-common-base-application popularity was classified as not popular.
We found that @nlo/nuxt-common-base-application demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.