Socket
Socket
Sign inDemoInstall

helmet

Package Overview
Dependencies
Maintainers
2
Versions
132
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

helmet - npm Package Compare versions

Comparing version 6.0.1 to 6.1.0

index.cjs
index.d.ts
index.mjs

6

CHANGELOG.md
# Changelog
## 6.1.0 - 2023-04-08
### Changed
- Improve support for various TypeScript setups, including "nodenext". See [#405](https://github.com/helmetjs/helmet/pull/405)
## 6.0.1 - 2022-11-29

@@ -4,0 +10,0 @@

94

package.json
{
"name": "helmet",
"author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)",
"contributors": [
"Evan Hahn <me@evanhahn.com> (https://evanhahn.com)",
"Ameen Abdeen <ameen.abdeen.se@gmail.com>"
],
"description": "help secure Express/Connect apps with various HTTP headers",
"version": "6.0.1",
"keywords": [
"express",
"security",
"headers",
"backend"
],
"homepage": "https://helmetjs.github.io/",
"bugs": {
"url": "https://github.com/helmetjs/helmet/issues",
"email": "me@evanhahn.com"
},
"repository": {
"type": "git",
"url": "git://github.com/helmetjs/helmet.git"
},
"engines": {
"node": ">=14.0.0"
},
"devDependencies": {
"@rollup/plugin-typescript": "^8.3.3",
"@types/connect": "^3.4.35",
"@types/jest": "^28.1.6",
"@types/supertest": "^2.0.12",
"@typescript-eslint/eslint-plugin": "^5.30.7",
"@typescript-eslint/parser": "^5.30.7",
"connect": "^3.7.0",
"eslint": "^8.20.0",
"jest": "^28.1.3",
"prettier": "^2.7.1",
"rollup": "^2.77.0",
"supertest": "^6.2.4",
"ts-jest": "^28.0.7",
"typescript": "^4.7.4"
},
"scripts": {
"pretest": "npm run lint",
"prepublishOnly": "npm run build-helmet",
"lint": "npm run lint:eslint && npm run lint:prettier",
"lint:eslint": "eslint .",
"lint:prettier": "prettier --check .",
"format": "prettier --write .",
"clean": "node ./bin/clean.js",
"build-helmet": "npm run clean && node ./bin/build-helmet.js && prettier --write --config .prettierrc-dist.cjs --ignore-path /dev/null dist",
"build-middleware-package": "npm run clean && tsc --emitDeclarationOnly -p tsconfig-types.json && node ./bin/build-middleware-package.js",
"test": "jest"
},
"license": "MIT",
"type": "module",
"main": "./dist/cjs/index.js",
"module": "./dist/esm/index.js",
"types": "./dist/types/index.d.ts",
"exports": {
".": {
"import": "./dist/esm/index.js",
"require": "./dist/cjs/index.js",
"types": "./dist/types/index.d.ts"
}
}
"name": "helmet",
"version": "6.1.0",
"author": "Adam Baldwin <adam@npmjs.com> (https://evilpacket.net)",
"contributors": [
"Evan Hahn <me@evanhahn.com> (https://evanhahn.com)"
],
"homepage": "https://helmetjs.github.io/",
"bugs": {
"url": "https://github.com/helmetjs/helmet/issues",
"email": "me@evanhahn.com"
},
"repository": {
"type": "git",
"url": "git://github.com/helmetjs/helmet.git"
},
"license": "MIT",
"exports": {
".": {
"import": {
"types": "./index.d.ts",
"default": "./index.mjs"
},
"require": {
"types": "./index.d.ts",
"default": "./index.cjs"
}
}
}
}

331

README.md

@@ -13,8 +13,8 @@ # Helmet

```js
const express = require("express");
const helmet = require("helmet");
const express = require("express")
const helmet = require("helmet")
const app = express();
const app = express()
app.use(helmet());
app.use(helmet())

@@ -27,7 +27,7 @@ // ...

```js
import helmet from "helmet";
import helmet from "helmet"
const app = express();
const app = express()
app.use(helmet());
app.use(helmet())
```

@@ -58,6 +58,6 @@

app.use(
helmet({
referrerPolicy: { policy: "no-referrer" },
})
);
helmet({
referrerPolicy: {policy: "no-referrer"}
})
)
```

@@ -70,6 +70,6 @@

app.use(
helmet({
contentSecurityPolicy: false,
})
);
helmet({
contentSecurityPolicy: false
})
)
```

@@ -81,3 +81,3 @@

The top-level `helmet` function is a wrapper around 15 smaller middlewares.
The top-level `helmet` function is a wrapper around 14 smaller middlewares.

@@ -87,29 +87,28 @@ In other words, these two code snippets are equivalent:

```js
import helmet from "helmet";
import helmet from "helmet"
// ...
app.use(helmet());
app.use(helmet())
```
```js
import * as helmet from "helmet";
import * as helmet from "helmet"
// ...
app.use(helmet.contentSecurityPolicy());
app.use(helmet.crossOriginEmbedderPolicy());
app.use(helmet.crossOriginOpenerPolicy());
app.use(helmet.crossOriginResourcePolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.originAgentCluster());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());
app.use(helmet.contentSecurityPolicy())
app.use(helmet.crossOriginEmbedderPolicy())
app.use(helmet.crossOriginOpenerPolicy())
app.use(helmet.crossOriginResourcePolicy())
app.use(helmet.dnsPrefetchControl())
app.use(helmet.frameguard())
app.use(helmet.hidePoweredBy())
app.use(helmet.hsts())
app.use(helmet.ieNoOpen())
app.use(helmet.noSniff())
app.use(helmet.originAgentCluster())
app.use(helmet.permittedCrossDomainPolicies())
app.use(helmet.referrerPolicy())
app.use(helmet.xssFilter())
```

@@ -126,3 +125,3 @@

// Includes all 15 middlewares
app.use(helmet());
app.use(helmet())
```

@@ -135,6 +134,6 @@

app.use(
helmet({
frameguard: false,
})
);
helmet({
frameguard: false
})
)
```

@@ -147,8 +146,8 @@

app.use(
helmet({
frameguard: {
action: "deny",
},
})
);
helmet({
frameguard: {
action: "deny"
}
})
)
```

@@ -198,56 +197,56 @@

app.use(
helmet.contentSecurityPolicy({
directives: {
"script-src": ["'self'", "example.com"],
"style-src": null,
},
})
);
helmet.contentSecurityPolicy({
directives: {
"script-src": ["'self'", "example.com"],
"style-src": null
}
})
)
// Sets "Content-Security-Policy: default-src 'self';script-src 'self' example.com;object-src 'none';upgrade-insecure-requests"
app.use(
helmet.contentSecurityPolicy({
useDefaults: false,
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "example.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: [],
},
})
);
helmet.contentSecurityPolicy({
useDefaults: false,
directives: {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", "example.com"],
objectSrc: ["'none'"],
upgradeInsecureRequests: []
}
})
)
// Sets the "Content-Security-Policy-Report-Only" header instead
app.use(
helmet.contentSecurityPolicy({
directives: {
/* ... */
},
reportOnly: true,
})
);
helmet.contentSecurityPolicy({
directives: {
/* ... */
},
reportOnly: true
})
)
// Sets the `script-src` directive to "'self' 'nonce-e33ccde670f149c1789b1e1e113b0916'" (or similar)
app.use((req, res, next) => {
res.locals.cspNonce = crypto.randomBytes(16).toString("hex");
next();
});
res.locals.cspNonce = crypto.randomBytes(16).toString("hex")
next()
})
app.use(
helmet.contentSecurityPolicy({
directives: {
scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`],
},
})
);
helmet.contentSecurityPolicy({
directives: {
scriptSrc: ["'self'", (req, res) => `'nonce-${res.locals.cspNonce}'`]
}
})
)
// Sets "Content-Security-Policy: script-src 'self'"
app.use(
helmet.contentSecurityPolicy({
useDefaults: false,
directives: {
"default-src": helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
"script-src": ["'self'"],
},
})
);
helmet.contentSecurityPolicy({
useDefaults: false,
directives: {
"default-src": helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc,
"script-src": ["'self'"]
}
})
)

@@ -257,8 +256,8 @@ // Sets the `frame-ancestors` directive to "'none'"

app.use(
helmet.contentSecurityPolicy({
directives: {
frameAncestors: ["'none'"],
},
})
);
helmet.contentSecurityPolicy({
directives: {
frameAncestors: ["'none'"]
}
})
)
```

@@ -285,6 +284,6 @@

// Sets "Cross-Origin-Embedder-Policy: require-corp"
app.use(helmet.crossOriginEmbedderPolicy());
app.use(helmet.crossOriginEmbedderPolicy())
// Sets "Cross-Origin-Embedder-Policy: credentialless"
app.use(helmet.crossOriginEmbedderPolicy({ policy: "credentialless" }));
app.use(helmet.crossOriginEmbedderPolicy({policy: "credentialless"}))
```

@@ -311,8 +310,6 @@

// Sets "Cross-Origin-Opener-Policy: same-origin"
app.use(helmet({ crossOriginOpenerPolicy: true }));
app.use(helmet({crossOriginOpenerPolicy: true}))
// Sets "Cross-Origin-Opener-Policy: same-origin-allow-popups"
app.use(
helmet({ crossOriginOpenerPolicy: { policy: "same-origin-allow-popups" } })
);
app.use(helmet({crossOriginOpenerPolicy: {policy: "same-origin-allow-popups"}}))
```

@@ -324,9 +321,9 @@

// Sets "Cross-Origin-Opener-Policy: same-origin"
app.use(helmet.crossOriginOpenerPolicy());
app.use(helmet.crossOriginOpenerPolicy())
// Sets "Cross-Origin-Opener-Policy: same-origin-allow-popups"
app.use(helmet.crossOriginOpenerPolicy({ policy: "same-origin-allow-popups" }));
app.use(helmet.crossOriginOpenerPolicy({policy: "same-origin-allow-popups"}))
// Sets "unsafe-none-Opener-Policy: unsafe-none"
app.use(helmet.crossOriginOpenerPolicy({ policy: "unsafe-none" }));
app.use(helmet.crossOriginOpenerPolicy({policy: "unsafe-none"}))
```

@@ -355,6 +352,6 @@

// Sets "Cross-Origin-Resource-Policy: same-origin"
app.use(helmet({ crossOriginResourcePolicy: true }));
app.use(helmet({crossOriginResourcePolicy: true}))
// Sets "Cross-Origin-Resource-Policy: same-site"
app.use(helmet({ crossOriginResourcePolicy: { policy: "same-site" } }));
app.use(helmet({crossOriginResourcePolicy: {policy: "same-site"}}))
```

@@ -366,9 +363,9 @@

// Sets "Cross-Origin-Resource-Policy: same-origin"
app.use(helmet.crossOriginResourcePolicy());
app.use(helmet.crossOriginResourcePolicy())
// Sets "Cross-Origin-Resource-Policy: same-site"
app.use(helmet.crossOriginResourcePolicy({ policy: "same-site" }));
app.use(helmet.crossOriginResourcePolicy({policy: "same-site"}))
// Sets "Cross-Origin-Resource-Policy: cross-origin"
app.use(helmet.crossOriginResourcePolicy({ policy: "cross-origin" }));
app.use(helmet.crossOriginResourcePolicy({policy: "cross-origin"}))
```

@@ -404,15 +401,15 @@

app.use(
helmet.expectCt({
maxAge: 86400,
})
);
helmet.expectCt({
maxAge: 86400
})
)
// Sets "Expect-CT: max-age=86400, enforce, report-uri="https://example.com/report"
app.use(
helmet.expectCt({
maxAge: 86400,
enforce: true,
reportUri: "https://example.com/report",
})
);
helmet.expectCt({
maxAge: 86400,
enforce: true,
reportUri: "https://example.com/report"
})
)
```

@@ -442,13 +439,13 @@

app.use(
helmet.referrerPolicy({
policy: "no-referrer",
})
);
helmet.referrerPolicy({
policy: "no-referrer"
})
)
// Sets "Referrer-Policy: origin,unsafe-url"
app.use(
helmet.referrerPolicy({
policy: ["origin", "unsafe-url"],
})
);
helmet.referrerPolicy({
policy: ["origin", "unsafe-url"]
})
)
```

@@ -482,22 +479,22 @@

app.use(
helmet.hsts({
maxAge: 123456,
})
);
helmet.hsts({
maxAge: 123456
})
)
// Sets "Strict-Transport-Security: max-age=123456"
app.use(
helmet.hsts({
maxAge: 123456,
includeSubDomains: false,
})
);
helmet.hsts({
maxAge: 123456,
includeSubDomains: false
})
)
// Sets "Strict-Transport-Security: max-age=123456; includeSubDomains; preload"
app.use(
helmet.hsts({
maxAge: 63072000,
preload: true,
})
);
helmet.hsts({
maxAge: 63072000,
preload: true
})
)
```

@@ -526,3 +523,3 @@

// Sets "X-Content-Type-Options: nosniff"
app.use(helmet.noSniff());
app.use(helmet.noSniff())
```

@@ -549,3 +546,3 @@

// Sets "Origin-Agent-Cluster: ?1"
app.use(helmet.originAgentCluster());
app.use(helmet.originAgentCluster())
```

@@ -575,13 +572,13 @@

app.use(
helmet.dnsPrefetchControl({
allow: false,
})
);
helmet.dnsPrefetchControl({
allow: false
})
)
// Sets "X-DNS-Prefetch-Control: on"
app.use(
helmet.dnsPrefetchControl({
allow: true,
})
);
helmet.dnsPrefetchControl({
allow: true
})
)
```

@@ -610,3 +607,3 @@

// Sets "X-Download-Options: noopen"
app.use(helmet.ieNoOpen());
app.use(helmet.ieNoOpen())
```

@@ -636,13 +633,13 @@

app.use(
helmet.frameguard({
action: "deny",
})
);
helmet.frameguard({
action: "deny"
})
)
// Sets "X-Frame-Options: SAMEORIGIN"
app.use(
helmet.frameguard({
action: "sameorigin",
})
);
helmet.frameguard({
action: "sameorigin"
})
)
```

@@ -672,13 +669,13 @@

app.use(
helmet.permittedCrossDomainPolicies({
permittedPolicies: "none",
})
);
helmet.permittedCrossDomainPolicies({
permittedPolicies: "none"
})
)
// Sets "X-Permitted-Cross-Domain-Policies: by-content-type"
app.use(
helmet.permittedCrossDomainPolicies({
permittedPolicies: "by-content-type",
})
);
helmet.permittedCrossDomainPolicies({
permittedPolicies: "by-content-type"
})
)
```

@@ -705,3 +702,3 @@

// Removes the X-Powered-By header if it was set.
app.use(helmet.hidePoweredBy());
app.use(helmet.hidePoweredBy())
```

@@ -730,3 +727,3 @@

// Sets "X-XSS-Protection: 0"
app.use(helmet.xssFilter());
app.use(helmet.xssFilter())
```

@@ -733,0 +730,0 @@ 

dist/cjs/index.js
dist/cjs/package.json
dist/esm/index.js
dist/types/index.d.ts
dist/types/middlewares/content-security-policy/index.d.ts
dist/types/middlewares/cross-origin-embedder-policy/index.d.ts
dist/types/middlewares/cross-origin-opener-policy/index.d.ts
dist/types/middlewares/cross-origin-resource-policy/index.d.ts
dist/types/middlewares/expect-ct/index.d.ts
dist/types/middlewares/origin-agent-cluster/index.d.ts
dist/types/middlewares/referrer-policy/index.d.ts
dist/types/middlewares/strict-transport-security/index.d.ts
dist/types/middlewares/x-content-type-options/index.d.ts
dist/types/middlewares/x-dns-prefetch-control/index.d.ts
dist/types/middlewares/x-download-options/index.d.ts
dist/types/middlewares/x-frame-options/index.d.ts
dist/types/middlewares/x-permitted-cross-domain-policies/index.d.ts
dist/types/middlewares/x-powered-by/index.d.ts
dist/types/middlewares/x-xss-protection/index.d.ts
LICENSE

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc