Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
assert-headers
Advanced tools
Changelog
[1.0.1] - 2021-05-24
Readme
Assert HTTP headers
npm i -g assert-headers
# Assume headersSchema.json in current working directory
assert-headers https://example.com
or with specified configuration
assert-headers --config ./customConfiguration.json https://example.com
or using npx
npx assert-headers https://example.com
in silent mode
npx assert-headers --silent --config ./customConfiguration.json https://example.com
to see what version you are running
assert-headers --version
TODO: Add example of how to stream a column of a .csv into the tool
TODO: Show how the exit codes can be used in smoke tests
assert-headers
currently accepts configuration in JSON or YAML formats. It allows specifying a schema for the headers, but also the outgoing origin and user-agent headers for the request. Below is an example configuration:
{
"userAgent": "assert-headers-node",
"origin": "https://example.com",
"schema": {
"cache-control": false,
"strict-transport-security": true,
"x-content-type-options": "nosniff",
"x-frame-options": {
"DENY": true,
"SAMEORIGIN": false
}
}
}
userAgent: "assert-headers-py"
origin: "https://example.com"
schema:
cache-control: False
strict-transport-security: True
x-content-type-options: "nosniff"
x-frame-options:
DENY: True
SAMEORIGIN: False
Schema Explanation:
"disallowed-header-name": false
- It is considered an error if this header is defined"required-header-name": true
- It is considered an error if this header is missing (or undefined
)"strict-header-name": "only good value"
- It is considered an error if this header does not have this value"enumerated-header-name": { "good header value": true, "another good value": true }
- It is considered an error if this header contains a value other than one marked true
."enumerated-header-name": { "bad header value": false, "another bad value": false }
- It is considered an error if this header contains a value not marked true
true
, all listed values are considered invalid values. It is highly recommended to ONLY use true
and false
for enumerated valuesconst assertHeader = require('assert-header')
const headers = {
'strict-transport-security': 'max-age=31536000; includeSubDomains',
'x-content-type-options': 'nosniff',
'x-frame-options': 'DENY'
}
const schema = {
'cache-control': false,
'strict-transport-security': true,
'x-content-type-options': 'nosniff',
'x-frame-options': {
// if any are true, the header value must match a true schema value
DENY: true
}
}
try {
assertHeaders(headers, schema)
} catch (err) {
console.error('OOPS!', err.message)
if (err.errors) {
err.errors.forEach((assertionError) => {
console.error(`The header ${assertionError.headerName} was bad!`)
})
}
}
This can also be used inside a test library for validating HTTP response headers.
const assertHeader = require('assert-header')
(async () => {
const configuration {
'userAgent': 'Custom User Agent name',
origin: 'https://my-domain.com',
schema: {
'cache-control': false,
'strict-transport-security': true,
'x-content-type-options': 'nosniff',
'x-frame-options': {
// if any are true, the header value must match a true schema value
DENY: true
}
}
}
await assertHeader.fromUrl('https://example.com/my-test-page', configuration)
})()
FAQs
Assert HTTP headers
The npm package assert-headers receives a total of 2 weekly downloads. As such, assert-headers popularity was classified as not popular.
We found that assert-headers demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.