Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

helmet

Package Overview
Dependencies
Maintainers
2
Versions
132
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

helmet - npm Package Versions

1
14

4.1.0-rc.1

Diff
evanhahn
 published 4.1.0-rc.1 •

4.0.0

Diff
evanhahn
 published 4.0.0 •

Changelog

Source

4.0.0 - 2020-08-02

See the Helmet 4 upgrade guide for help upgrading from Helmet 3.

Added

  • helmet.contentSecurityPolicy:
    • If no default-src directive is supplied, an error is thrown
    • Directive lists can be any iterable, not just arrays

Changed

  • This package no longer has dependencies. This should have no effect on end users, other than speeding up installation time.
  • helmet.contentSecurityPolicy:
    • There is now a default set of directives if none are supplied
    • Duplicate keys now throw an error. See helmetjs/csp#73
    • This middleware is more lenient, allowing more directive names or values
  • helmet.xssFilter now disables the buggy XSS filter by default. See #230

Removed

  • Dropped support for old Node versions. Node 10+ is now required
  • helmet.featurePolicy. If you still need it, use the feature-policy package on npm.
  • helmet.hpkp. If you still need it, use the hpkp package on npm.
  • helmet.noCache. If you still need it, use the nocache package on npm.
  • helmet.contentSecurityPolicy:
    • Removed browser sniffing (including the browserSniff and disableAndroid parameters). See helmetjs/csp#97
    • Removed conditional support. This includes directive functions and support for a function as the reportOnly. Read this if you need help.
    • Removed a lot of checks—you should be checking your CSP with a different tool
    • Removed support for legacy headers (and therefore the setAllHeaders parameter). Read this if you need help.
    • Removed the loose option
    • Removed support for functions as directive values. You must supply an iterable of strings
  • helmet.frameguard:
  • helmet.hidePoweredBy no longer accepts arguments. See this article to see how to replicate the removed behavior. See #224.
  • helmet.hsts:
  • helmet.xssFilter no longer accepts options. Read "How to disable blocking with X-XSS-Protection" and "How to enable the report directive with X-XSS-Protection" if you need the legacy behavior.

4.0.0-rc.2

Diff
evanhahn
 published 4.0.0-rc.2 •

4.0.0-rc.1

Diff
evanhahn
 published 4.0.0-rc.1 •

4.0.0-alpha.1

Diff
evanhahn
 published 4.0.0-alpha.1 •

3.23.3

Diff
evanhahn
 published 3.23.3 •

Changelog

Source

3.23.3 - 2020-06-26

Changed

  • helmet.expectCt is no longer a separate package. This should have no effect on end users.
  • helmet.frameguard is no longer a separate package. This should have no effect on end users.

3.23.2

Diff
evanhahn
 published 3.23.2 •

Changelog

Source

3.23.2 - 2020-06-23

Changed

  • helmet.dnsPrefetchControl is no longer a separate package. This should have no effect on end users.

3.23.1

Diff
evanhahn
 published 3.23.1 •

Changelog

Source

3.23.1 - 2020-06-16

Changed

  • helmet.ieNoOpen is no longer a separate package. This should have no effect on end users.

3.23.0

Diff
evanhahn
 published 3.23.0 •

Changelog

Source

3.23.0 - 2020-06-12

Deprecated

  • helmet.featurePolicy is deprecated. Use the feature-policy module instead.

3.22.1

Diff
evanhahn
 published 3.22.1 •

Changelog

Source

3.22.1 - 2020-06-10

Changed

  • Rewrote internals in TypeScript. This should have no effect on end users.
1
14
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc