1.0.0 • Published 5 months ago

@seckav/security-sdk v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
5 months ago

SecKav Security SDK

Enterprise-grade API security protection in just 2 lines of code.

npm version License: MIT

🚀 Features

  • Rate Limiting - Protect against API abuse and DDoS attacks
  • 🚧 API Firewall - Request validation and filtering (Coming Soon)
  • 🚧 AI Threat Detection - Behavioral analysis and bot detection (Coming Soon)
  • 🚧 Security Scanning - Automated vulnerability assessments (Coming Soon)
  • 🚧 Compliance Reporting - GDPR, DPDP, and CERT-IN compliance (Coming Soon)

📦 Installation

npm install @seckav/security-sdk

🎯 Quick Start

Express.js (2 lines of code!)

import express from 'express';
import { createSecKavMiddleware } from '@seckav/security-sdk';

const app = express();

// Add SecKav protection
app.use(createSecKavMiddleware({
  apiUrl: 'https://api.seckav.com',
  organizationId: 'your-org-id',
  apiKey: 'your-api-key'
}));

// Your routes are now protected!
app.get('/api/users', (req, res) => {
  res.json({ message: 'Protected endpoint' });
});

Next.js

// middleware.ts
import { createSecKavNextMiddleware } from '@seckav/security-sdk';

export default createSecKavNextMiddleware({
  apiUrl: 'https://api.seckav.com',
  organizationId: 'your-org-id',
  apiKey: 'your-api-key'
});

export const config = {
  matcher: '/api/:path*'
};

🔧 Advanced Usage

Full SDK with Feature Control

import { SecKavSDK } from '@seckav/security-sdk';

const secKav = new SecKavSDK({
  apiUrl: 'https://api.seckav.com',
  organizationId: 'your-org-id',
  apiKey: 'your-api-key',
  features: {
    rateLimit: true,
    apiFirewall: false,        // Coming in v2.0.0
    threatDetection: false,    // Coming in v5.0.0
    securityScanning: false,   // Coming in v6.0.0
  },
  debug: true,
  onError: (error) => {
    console.error('SecKav error:', error);
  }
});

app.use(secKav.getExpressMiddleware());

📊 Response Headers

SecKav automatically adds security headers to your responses:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 97
X-RateLimit-Reset: 1640995200
X-RateLimit-Policy: Default Policy

🚨 Error Handling

Rate Limited (429)

{
  "error": "Too many requests",
  "retryAfter": 300,
  "policy": {
    "name": "Strict Auth Policy",
    "limit": 5,
    "window": 300000
  }
}

Unregistered Endpoint (403)

{
  "error": "Endpoint not registered",
  "message": "Please register this endpoint in your dashboard",
  "action": {
    "type": "REGISTER_ENDPOINT",
    "dashboardUrl": "https://dashboard.seckav.com/endpoints/register?path=/api/auth/login&method=POST"
  }
}

🎯 Configuration

OptionTypeRequiredDescription
apiUrlstringSecKav API endpoint
organizationIdstringYour organization ID
apiKeystringYour API key
timeoutnumberRequest timeout (default: 5000ms)
featuresobjectEnable/disable features
debugbooleanEnable debug logging
onErrorfunctionError callback

🔄 Automatic Endpoint Discovery

SecKav automatically discovers new endpoints in your application:

  1. Deploy SDK with protection enabled
  2. When requests hit unregistered endpoints, SecKav tracks them
  3. Check your dashboard to see discovered endpoints
  4. Register them with one click
  5. Future requests are automatically protected

🚀 Framework Support

  • Express.js - Native middleware
  • Next.js - App Router and Pages Router
  • Fastify - Plugin available
  • Koa - Middleware available
  • Any Framework - Direct HTTP API integration

📚 Examples

Python Flask

import requests
from functools import wraps

def seckav_protect(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        response = requests.post('https://api.seckav.com/v1/ratelimit/check', {
            'organizationId': 'your-org-id',
            'endpoint': request.path,
            'method': request.method
        }, headers={'X-API-Key': 'your-api-key'})
        
        if not response.json().get('allowed'):
            return {'error': 'Rate limited'}, 429
            
        return f(*args, **kwargs)
    return decorated

@app.route('/api/users')
@seckav_protect
def get_users():
    return {'users': []}

🆙 Migration Guide

From v1.x to v2.x (Future)

// v1.x (current)
import { createRateLimitMiddleware } from '@seckav/security-sdk';
app.use(createRateLimitMiddleware(config));

// v2.x (seamless upgrade)
import { SecKavSDK } from '@seckav/security-sdk';
const secKav = new SecKavSDK({
  ...config,
  features: { 
    rateLimit: true,
    apiFirewall: true  // 🆕 New feature
  }
});
app.use(secKav.getExpressMiddleware());

📈 Monitoring & Analytics

View real-time security metrics in your SecKav Dashboard:

  • Request rates and patterns
  • Rate limit violations
  • Blocked threats and attacks
  • Geographic traffic distribution
  • API endpoint usage analytics

🛡️ Security Features

Current (v1.0.0)

  • Rate Limiting - Configurable policies per endpoint
  • Endpoint Discovery - Automatic unregistered endpoint detection
  • Multi-tenant - Organization-based isolation
  • Fail-open - Never breaks your application

Coming Soon

  • 🚧 API Firewall - Request validation and filtering
  • 🚧 AI Threat Detection - ML-powered attack detection
  • 🚧 Security Scanning - Automated vulnerability assessments
  • 🚧 Compliance Tools - GDPR, DPDP, CERT-IN reporting

📞 Support

📄 License

MIT License - see LICENSE file for details.

Made with ❤️ by the SecKav Team

WebsiteDashboardDocsTwitter

securityrate-limitingapi-protectionmiddlewareexpressnextjsseckavauthenticationfirewallthreat-detection
axios
1.0.0

5 months ago