New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

http-directives

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

http-directives

A TypeScript-friendly package that provides strongly-typed HTTP constants

latest
Source
npmnpm
Version
1.0.6
Version published
Weekly downloads
14
180%
Maintainers
1
Weekly downloads
 
Created
Source

http-directives

A TypeScript-friendly package that provides strongly-typed constants for common HTTP headers, directives, status codes, MIME types, caching policies, CSP rules, and more.
Say goodbye to string typos and make your HTTP code safer, cleaner, and more maintainable.

Installation

npm i http-directives

What’s included

The following categories of constants are included in this package:

CategoryConstants examples
HTTP Status CodesOK, NOT_FOUND, INTERNAL_SERVER_ERROR, etc.
HTTP MethodsGET, POST, PUT, DELETE, etc.
HTTP HeadersCONTENT_TYPE, CACHE_CONTROL, STRICT_TRANSPORT_SECURITY, CONTENT_SECURITY_POLICY, etc.
MIME TypesAPPLICATION_JSON, APPLICATION_JAVASCRIPT, APPLICATION_ZIP, TEXT_PLAIN, TEXT_HTML, etc.
Content EncodingsGZIP, BR, etc.
Cache ControlMAX_AGE, NO_CACHE, PRIVATE, etc.
CharsetsUTF-8, UTF-16, ISO-8859-1, etc.
CSP DirectivesSCRIPT_SRC, STYLE_SRC, etc.
CSP SourcesSELF, UNSAFE_INLINE, nonce(), sha256(), etc.
DNT!, ?, N, T, etc.
ProtocolsHTTP, HTTPS, SSH, WSS, MQTT, etc.

Usage example

import {
    Headers,
    MimeTypes,
    ContentEncodings,
    Charsets,
    StatusCodes,
    CacheControl,
    CSPDirectives,
    CSPSources,
    Methods,
    DNT,
    Protocols
} from 'http-directives';

Headers.STRICT_TRANSPORT_SECURITY // "Strict-Transport-Security"
MimeTypes.APPLICATION_JAVASCRIPT  // "application/javascript"
ContentEncodings.GZIP             // "gzip"
Charsets.UTF_8                    // "UTF-8"
StatusCodes.OK                    // 200
CacheControl.MAX_AGE              // "max-age"
CSPDirectives.BASE_URI            // "base-uri"
CSPSources.SELF                   // "self"
Methods.POST                      // "POST"
DNT.NOT_TRACKING                  // "N"
Protocols.HTTPS                   // "https:"

Additionally, exported CSP utility functions:

import {CSPSources} from 'http-directives';

CSPSources.nonce('abc123')        // "'nonce-abc123'"
CSPSources.sha256('hash')         // "'sha256-hash'"
CSPSources.sha384('hash')         // "'sha384-hash'"
CSPSources.sha512('hash')         // "'sha512-hash'"

Extensible

Define and reuse your own constants with full autocompletion and type safety:

import {Headers} from 'http-directives';

class CustomHeaders extends Headers {
    public static readonly CUSTOM_HEADER = 'custom-header';
}

CustomHeaders.CUSTOM_HEADER    // "custom-header"

Benefits

  • Type-safe: Avoid typos in strings and headers
  • Autocompletion: Full IDE support with TypeScript
  • Up-to-date: Includes modern headers, directives, and encodings
  • Zero dependencies: Lightweight and fast
  • Compatible: Supports both ESM and CJS
  • Extensible: Easily add custom directives and headers

Contributing

Please motivate yourself to submit a PR.

License

MIT

Keywords

HTTP Constants
Constants
Response Codes
Status Codes
MIME Types
Cache Control

FAQs

Package last updated on 19 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026