express-security-txt
Advanced tools
Express middleware that implements a security.txt path and policy
References:
yarn add express-security-txt
Define an options object with the proper fields that make up a valid
security.txt policy,
and use it as a middleware for an express app.
const securityTxt = require('express-security-txt')
const options = {
contact: 'mailto:email@example.com',
encryption: 'https://www.mykey.com/pgp-key.txt',
acknowledgement: 'thank you'
}
app.use(securityTxt.setup(options))
Where allowed, you can provide multiple values for a single directive by passing an array.
const securityTxt = require('express-security-txt')
const options = {
contact: [
'https://firstMethodOfContact.example.com',
'https://secondMethodOfContact.example.com'
]
}
app.use(securityTxt.setup(options))
To add a comment at the beggining or end of the security.txt file, one may use the keys _prefixComment and _postfixComment respectively. If one wishes to place a comment immediately before a field, one may use an object which specifies the value of the field and the comment which must come before it.
const securityTxt = require('express-security-txt')
const options = {
_prefixComment: 'This comment goes at the very beggining of the file',
contact: {
comment: 'This comment goes directly before the Contact: directive',
value: 'mailto:email@example.com'
},
encryption: [
'https://example.com/encryption',
{
comment: 'Comments can appear in the middle of an array of values',
value: 'https://example.com/alternativeEncryption'
}
],
_postfixComment: 'This comment goes at the very end of the file'
}
app.use(securityTxt.setup(options))
Would generate the file
# This comment goes at the very beggining of the file
# This comment goes directly before the Contact: directive
Contact: mailto:email@example.com
Encryption: https://example.com/encryption
# Comments can appear in the middle of an array of values
Encryption: https://example.com/alternativeEncryption
# This comment goes at the very end of the file
If your comment spans multiple lines, you can use \n to split it. express-security-txt will automatically insert the relevant # symbols. Alternatively, one can use an array of lines instead of a string.
For example:
const options = {
_prefixComment: ['this is a', 'comment\nwhich', 'spans many lines'],
contact: 'mailto:email@example.com'
}
Would generate
# this is a
# comment
# which
# spans many lines
Contact: mailto:email@example.com
Project tests:
yarn run test
Project linting:
yarn run lint
The project uses the commitizen tool for standardizing changelog style commit messages so you should follow it as so:
git add . # add files to staging
yarn run commit # use the wizard for the commit message
FAQs
Express middleware that implements a security.txt path and policy
The npm package express-security-txt receives a total of 707 weekly downloads. As such, express-security-txt popularity was classified as not popular.
We found that express-security-txt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.