Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
feature-policy
Advanced tools
NOTE: The Feature-Policy
header has been deprecated by browsers in favor of Permissions-Policy
. This module will still be supported but no new features will be added.
This is Express middleware to set the Feature-Policy
header. You can read more about it here and here.
To use:
const featurePolicy = require("feature-policy");
// ...
app.use(
featurePolicy({
features: {
fullscreen: ["'self'"],
vibrate: ["'none'"],
payment: ["example.com"],
syncXhr: ["'none'"],
},
})
);
The following features are currently supported:
accelerometer
ambientLightSensor
autoplay
battery
camera
displayCapture
documentDomain
documentWrite
encryptedMedia
executionWhileNotRendered
executionWhileOutOfViewport
fontDisplayLateSwap
fullscreen
geolocation
gyroscope
layoutAnimations
legacyImageFormats
loadingFrameDefaultEager
magnetometer
microphone
midi
navigationOverride
notifications
oversizedImages
payment
pictureInPicture
publickeyCredentials
push
serial
speaker
syncScript
syncXhr
unoptimizedImages
unoptimizedLosslessImages
unoptimizedLossyImages
unsizedMedia
usb
verticalScroll
vibrate
vr
wakeLock
xr
xrSpatialTracking
0.6.0 - 2020-12-22
Readonly
FAQs
Middleware to set the Feature-Policy HTTP header
The npm package feature-policy receives a total of 313,610 weekly downloads. As such, feature-policy popularity was classified as popular.
We found that feature-policy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.