Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

fastify-helmet

Package Overview
Dependencies
Maintainers
17
Versions
26
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

fastify-helmet - npm Package Compare versions

Comparing version 5.3.2 to 6.0.0

6

index.d.ts
import { FastifyPluginCallback } from "fastify";
import helmet = require("helmet");
import helmet from "helmet";

@@ -13,5 +13,5 @@ declare module 'fastify' {

type FastifyHelmetOptions = Parameters<typeof helmet>[0] & { enableCSPNonces?: boolean };
export type FastifyHelmetOptions = NonNullable<Parameters<typeof helmet>[0] & { enableCSPNonces?: boolean }>;
export const fastifyHelmet: FastifyPluginCallback<NonNullable<FastifyHelmetOptions>> & {
export const fastifyHelmet: FastifyPluginCallback<FastifyHelmetOptions> & {
contentSecurityPolicy: typeof helmet.contentSecurityPolicy;

@@ -18,0 +18,0 @@ };

@@ -1,5 +0,5 @@

import fastify from "fastify";
import { expectType } from "tsd";
import fastify, { FastifyPluginCallback } from "fastify";
import { expectAssignable, expectType } from "tsd";
import helmet from "helmet";
import fastifyHelmet from ".";
import fastifyHelmet, { FastifyHelmetOptions } from ".";

@@ -10,3 +10,4 @@ const app = fastify();

app.register(fastifyHelmet, {});
app.register(fastifyHelmet, {
const helmetOptions = {
contentSecurityPolicy: false,

@@ -23,4 +24,7 @@ dnsPrefetchControl: false,

xssFilter: false
});
};
expectAssignable<FastifyHelmetOptions>(helmetOptions);
app.register(fastifyHelmet, helmetOptions);
app.register(fastifyHelmet, {

@@ -56,3 +60,3 @@ contentSecurityPolicy: {

// these options are false or never
// hidePoweredBy: false
// hidePoweredBy: false
// ieNoOpen: false,

@@ -65,3 +69,3 @@ // noSniff: false,

app.register(fastifyHelmet, { enableCSPNonces: true });
app.register(fastifyHelmet, {
app.register(fastifyHelmet, {
enableCSPNonces: true,

@@ -84,1 +88,6 @@ contentSecurityPolicy: {

expectType<typeof helmet.contentSecurityPolicy>(csp);
// fastify-helmet instance is using the FastifyHelmetOptions options
expectType<FastifyPluginCallback<FastifyHelmetOptions> & {
contentSecurityPolicy: typeof helmet.contentSecurityPolicy;
}>(fastifyHelmet);
{
"name": "fastify-helmet",
"version": "5.3.2",
"version": "6.0.0",
"description": "Important security headers for Fastify",

@@ -34,3 +34,3 @@ "main": "index.js",

"devDependencies": {
"@types/node": "^15.0.0",
"@types/node": "^17.0.0",
"fastify": "^3.0.0",

@@ -41,3 +41,3 @@ "pre-commit": "^1.2.2",

"tap": "^15.0.0",
"tsd": "^0.17.0",
"tsd": "^0.19.0",
"typescript": "^4.0.2"

@@ -47,4 +47,4 @@ },

"fastify-plugin": "^3.0.0",
"helmet": "^4.0.0"
"helmet": "^5.0.1"
}
}

@@ -131,3 +131,3 @@ 'use strict'

const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' }
const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;form-action \'self\';frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' }

@@ -191,3 +191,3 @@ t.include(res.headers, expected)

t.includes(res.headers, {
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
})

@@ -221,3 +221,3 @@ })

t.includes(res.headers, {
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
})

@@ -230,3 +230,3 @@

t.includes(res.headers, {
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'`
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
})

@@ -260,3 +260,3 @@ })

t.includes(res.headers, {
'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests`
'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests`
})

@@ -288,4 +288,4 @@ })

t.includes(res.headers, {
'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}'`
'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests`
})
})

Sorry, the diff of this file is not supported yet

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc