Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

nuxt-security

Package Overview
Dependencies
Maintainers
1
Versions
58
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nuxt-security - npm Package Compare versions

Comparing version 0.14.4 to 1.0.0-rc.1

dist/module.d.mts
dist/types.d.mts

157

dist/module.d.ts
import * as _nuxt_schema from '@nuxt/schema';
import { ModuleOptions as ModuleOptions$1 } from 'nuxt-csurf';
import { Options } from 'unplugin-remove/types';
type RequestSizeLimiter = {
maxRequestSizeInBytes: number;
maxUploadFileRequestInBytes: number;
throwError?: boolean;
};
type RateLimiter = {
tokensPerInterval: number;
interval: string | number;
fireImmediately?: boolean;
throwError?: boolean;
};
type XssValidator = {
whiteList: Record<string, any>;
stripIgnoreTag: boolean;
stripIgnoreTagBody: boolean;
css: Record<string, any> | boolean;
throwError?: boolean;
} | {};
type BasicAuth = {
exclude?: string[];
name: string;
pass: string;
enabled: boolean;
message: string;
};
type NonceOptions = {
enabled: boolean;
mode?: "renew" | "check";
value?: (() => string);
};
type CorsOptions = {
origin?: "*" | "null" | string | (string | RegExp)[] | ((origin: string) => boolean);
methods?: "*" | HTTPMethod[];
allowHeaders?: "*" | string[];
exposeHeaders?: "*" | string[];
credentials?: boolean;
maxAge?: string | false;
preflight?: {
statusCode?: number;
};
};
type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'POST' | string;
type AllowedHTTPMethods = HTTPMethod[] | '*';
type MiddlewareConfiguration<MIDDLEWARE> = {
value: MIDDLEWARE;
route: string;
throwError?: boolean;
};
type CrossOriginResourcePolicyValue = 'same-site' | 'same-origin' | 'cross-origin';

@@ -196,29 +149,87 @@ type CrossOriginOpenerPolicyValue = 'unsafe-none' | 'same-origin-allow-popups' | 'same-origin';

type SecurityHeaders = {
crossOriginResourcePolicy?: MiddlewareConfiguration<CrossOriginResourcePolicyValue> | CrossOriginResourcePolicyValue | false;
crossOriginOpenerPolicy?: MiddlewareConfiguration<CrossOriginOpenerPolicyValue> | CrossOriginOpenerPolicyValue | false;
crossOriginEmbedderPolicy?: MiddlewareConfiguration<CrossOriginEmbedderPolicyValue> | CrossOriginEmbedderPolicyValue | false;
contentSecurityPolicy?: MiddlewareConfiguration<ContentSecurityPolicyValue | string> | ContentSecurityPolicyValue | string | false;
originAgentCluster?: MiddlewareConfiguration<'?1'> | '?1' | false;
referrerPolicy?: MiddlewareConfiguration<ReferrerPolicyValue> | ReferrerPolicyValue | false;
strictTransportSecurity?: MiddlewareConfiguration<StrictTransportSecurityValue | string> | StrictTransportSecurityValue | string | false;
xContentTypeOptions?: MiddlewareConfiguration<XContentTypeOptionsValue> | XContentTypeOptionsValue | false;
xDNSPrefetchControl?: MiddlewareConfiguration<XDnsPrefetchControlValue> | XDnsPrefetchControlValue | false;
xDownloadOptions?: MiddlewareConfiguration<XDownloadOptionsValue> | XDownloadOptionsValue | false;
xFrameOptions?: MiddlewareConfiguration<XFrameOptionsValue> | XFrameOptionsValue | false;
xPermittedCrossDomainPolicies?: MiddlewareConfiguration<XPermittedCrossDomainPoliciesValue> | XPermittedCrossDomainPoliciesValue | false;
xXSSProtection?: MiddlewareConfiguration<string> | string | false;
permissionsPolicy?: MiddlewareConfiguration<PermissionsPolicyValue | string> | PermissionsPolicyValue | string | false;
crossOriginResourcePolicy?: CrossOriginResourcePolicyValue | false;
crossOriginOpenerPolicy?: CrossOriginOpenerPolicyValue | false;
crossOriginEmbedderPolicy?: CrossOriginEmbedderPolicyValue | false;
contentSecurityPolicy?: ContentSecurityPolicyValue | string | false;
originAgentCluster?: '?1' | false;
referrerPolicy?: ReferrerPolicyValue | false;
strictTransportSecurity?: StrictTransportSecurityValue | string | false;
xContentTypeOptions?: XContentTypeOptionsValue | false;
xDNSPrefetchControl?: XDnsPrefetchControlValue | false;
xDownloadOptions?: XDownloadOptionsValue | false;
xFrameOptions?: XFrameOptionsValue | false;
xPermittedCrossDomainPolicies?: XPermittedCrossDomainPoliciesValue | false;
xXSSProtection?: string | false;
permissionsPolicy?: PermissionsPolicyValue | string | false;
};
type RequestSizeLimiter = {
maxRequestSizeInBytes: number;
maxUploadFileRequestInBytes: number;
throwError?: boolean;
};
type RateLimiter = {
tokensPerInterval: number;
interval: string | number;
driver?: {
name: string;
options?: Record<string, any>;
};
headers?: boolean;
throwError?: boolean;
};
type XssValidator = {
whiteList: Record<string, any>;
stripIgnoreTag: boolean;
stripIgnoreTagBody: boolean;
css: Record<string, any> | boolean;
throwError?: boolean;
} | {};
type BasicAuth = {
exclude?: string[];
include?: string[];
name: string;
pass: string;
enabled?: boolean;
message: string;
};
type NonceOptions = {
enabled: boolean;
mode?: 'renew' | 'check';
value?: (() => string);
};
type HTTPMethod = 'GET' | 'POST' | 'DELETE' | 'PATCH' | 'POST' | string;
type CorsOptions = {
origin?: '*' | 'null' | string | (string | RegExp)[] | ((origin: string) => boolean);
methods?: '*' | HTTPMethod[];
allowHeaders?: '*' | string[];
exposeHeaders?: '*' | string[];
credentials?: boolean;
maxAge?: string | false;
preflight?: {
statusCode?: number;
};
};
type AllowedHTTPMethods = {
methods: HTTPMethod[] | '*';
throwError?: boolean;
};
type Ssg = {
hashScripts?: boolean;
};
interface ModuleOptions {
headers: SecurityHeaders | false;
requestSizeLimiter: MiddlewareConfiguration<RequestSizeLimiter> | RequestSizeLimiter | false;
rateLimiter: MiddlewareConfiguration<RateLimiter> | RateLimiter | false;
xssValidator: MiddlewareConfiguration<XssValidator> | XssValidator | false;
corsHandler: MiddlewareConfiguration<CorsOptions> | CorsOptions | false;
allowedMethodsRestricter: MiddlewareConfiguration<AllowedHTTPMethods> | AllowedHTTPMethods | false;
requestSizeLimiter: RequestSizeLimiter | false;
rateLimiter: RateLimiter | false;
xssValidator: XssValidator | false;
corsHandler: CorsOptions | false;
allowedMethodsRestricter: AllowedHTTPMethods | false;
hidePoweredBy: boolean;
basicAuth: MiddlewareConfiguration<BasicAuth> | BasicAuth | boolean;
basicAuth: BasicAuth | false;
enabled: boolean;
csrf: ModuleOptions$1 | boolean;
nonce: MiddlewareConfiguration<NonceOptions> | NonceOptions | boolean;
csrf: ModuleOptions$1 | false;
nonce: NonceOptions | false;
removeLoggers?: Options | false;
ssg?: Ssg;
}

@@ -230,7 +241,7 @@ interface NuxtSecurityRouteRules {

corsHandler?: CorsOptions | false;
allowedMethodsRestricter: AllowedHTTPMethods | false;
allowedMethodsRestricter?: AllowedHTTPMethods | false;
nonce?: NonceOptions | false;
}
declare module "@nuxt/schema" {
declare module '@nuxt/schema' {
interface NuxtOptions {

@@ -240,3 +251,3 @@ security: ModuleOptions;

}
declare module "nitropack" {
declare module 'nitropack' {
interface NitroRouteRules {

@@ -243,0 +254,0 @@ security: NuxtSecurityRouteRules;

2

dist/module.json
{
"name": "nuxt-security",
"configKey": "security",
"version": "0.14.4"
"version": "1.0.0-rc.1"
}

2

dist/runtime/server/middleware/allowedMethodsRestricter.d.ts

@@ -1,2 +0,2 @@

declare const _default: import("h3").EventHandler<{
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, {
statusCode: number;

@@ -3,0 +3,0 @@ statusMessage: string;

5

dist/runtime/server/middleware/basicAuth.d.ts
export type BasicAuth = {
exclude?: string[];
include?: string[];
name: string;
pass: string;
enabled: boolean;
enabled?: boolean;
message: string;
};
declare const _default: import("h3").EventHandler<void>;
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, void>;
export default _default;

2

dist/runtime/server/middleware/corsHandler.d.ts

@@ -1,2 +0,2 @@

declare const _default: import("h3").EventHandler<void>;
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, void>;
export default _default;

2

dist/runtime/server/middleware/cspNonceHandler.d.ts

@@ -6,3 +6,3 @@ export type NonceOptions = {

};
declare const _default: import("h3").EventHandler<void>;
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, void>;
export default _default;

5

dist/runtime/server/middleware/rateLimiter.d.ts

@@ -1,5 +0,2 @@

declare const _default: import("h3").EventHandler<{
statusCode: number;
statusMessage: string;
} | undefined>;
declare const _default: any;
export default _default;

2

dist/runtime/server/middleware/requestSizeLimiter.d.ts

@@ -1,2 +0,2 @@

declare const _default: import("h3").EventHandler<{
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, {
statusCode: number;

@@ -3,0 +3,0 @@ statusMessage: string;

4

dist/runtime/server/middleware/xssValidator.d.ts

@@ -1,5 +0,5 @@

declare const _default: import("h3").EventHandler<{
declare const _default: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
statusCode: number;
statusMessage: string;
} | undefined>;
} | undefined>>;
export default _default;

1

dist/types.d.ts

@@ -6,2 +6,3 @@

export { default } from './module'

24

package.json
{
"name": "nuxt-security",
"version": "0.14.4",
"version": "1.0.0-rc.1",
"license": "MIT",
"type": "module",
"homepage": "https://nuxt-security.vercel.app",
"description": "🛡 Security Module for Nuxt based on OWASP Top 10 and Helmet",
"description": "🛡️ Security Module for Nuxt based on HTTP Headers and Middleware",
"repository": {

@@ -44,17 +44,17 @@ "url": "https://github.com/Baroshem/nuxt-security"

"dev:prepare": "nuxt-module-build --stub && nuxi prepare playground",
"dev:preview": "nuxi preview playground",
"dev:docs": "cd docs && yarn dev",
"lint": "eslint --ext .js,.ts,.vue",
"test": "vitest run --silent",
"test:watch": "vitest watch",
"docs": "cd docs && yarn dev",
"preview": "nuxi preview playground",
"stackblitz": "cd .stackblitz && yarn && yarn dev"
},
"packageManager": "yarn@1.22.19",
"dependencies": {
"@nuxt/kit": "^3.2.2",
"@nuxt/kit": "^3.7.3",
"basic-auth": "^2.0.1",
"defu": "^6.1.1",
"limiter": "^2.1.0",
"memory-cache": "^0.2.0",
"nuxt-csurf": "^1.1.0",
"nuxt-csurf": "^1.3.1",
"pathe": "^1.0.0",
"unplugin-remove": "^0.1.3",
"xss": "^1.0.14"

@@ -64,9 +64,9 @@ },

"@nuxt/module-builder": "latest",
"@nuxt/schema": "^3.2.2",
"@nuxt/schema": "^3.7.3",
"@nuxt/test-utils": "^3.7.3",
"@nuxtjs/eslint-config-typescript": "latest",
"@nuxt/test-utils": "^3.2.2",
"@types/memory-cache": "^0.2.2",
"@types/node": "^18.14.4",
"eslint": "latest",
"nuxt": "^3.2.2",
"nuxt": "^3.7.3",
"typescript": "5.2.2",
"vitest": "^0.28.5"

@@ -73,0 +73,0 @@ },

26

README.md
[![nuxt-security](https://nuxt-security.vercel.app/preview.png)](https://nuxt-security.vercel.app)
# nuxt-security
[![npm version][npm-version-src]][npm-version-href]

@@ -11,16 +9,18 @@ [![npm downloads][npm-downloads-src]][npm-downloads-href]

> Security module for Nuxt based on [OWASP Top 10](https://cheatsheetseries.owasp.org/cheatsheets/Nodejs_Security_Cheat_Sheet.html#nodejs-security-cheat-sheet) and [helmet](https://helmetjs.github.io/) that adds security response headers, protection middlewares, CORS, and more.
# Nuxt Security
Automatically configure your app to follow OWASP security patterns and principles by using HTTP Headers and Middleware.
> This module works with Nuxt 3 only
- [📖 &nbsp;Read the documentation](https://nuxt-security.vercel.app)
- [👾 &nbsp;Playground](https://stackblitz.com/github/baroshem/nuxt-security?file=.stackblitz%2Fnuxt.config.ts)
- [✨ &nbsp;Intro video](https://www.youtube.com/watch?v=8ac30Py8Ses)
- [👾 &nbsp;Playground](https://nuxt-security.vercel.app/playground)
## Features
- Nuxt 3 ready
- Security response headers
- Content Security Policy (CSP) for SSG apps
- Security response headers (including CSP for SSG apps)
- Request Size & Rate Limiters
- Cross Site Scripting (XSS) Validation
- Cross-Origin Resource Sharing (CORS) support
- Hide `X-Powered-By` header and remove console loggers utils
- `[Optional]` Allowed HTTP Methods, Basic Auth, CSRF

@@ -33,5 +33,5 @@

```sh
npm i -D nuxt-security
yarn add -D nuxt-security
pnpm add -D nuxt-security
npm i -D nuxt-security@rc
yarn add -D nuxt-security@rc
pnpm add -D nuxt-security@rc
```

@@ -49,6 +49,2 @@

## Static site generation (SSG)
This module is meant to work with SSR apps, but you can also use this module in SSG apps where you will get a Content Security Policy (CSP) support via `<meta http-equiv>` tag. You can find more about configuring Content Security Policy (CSP) [here](https://nuxt-security.vercel.app/security/headers#content-security-policy).
## Configuration

@@ -55,0 +51,0 @@ 

dist/module.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/nitro/plugins/01-hidePoweredBy.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/nitro/plugins/02-cspSsg.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/server/middleware/allowedMethodsRestricter.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/server/middleware/basicAuth.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/server/middleware/rateLimiter.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/server/middleware/requestSizeLimiter.mjs

Sorry, the diff of this file is not supported yet

dist/runtime/server/middleware/xssValidator.mjs

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc