1.0.9 • Published 7 months ago

express-safe v1.0.9

Weekly downloads
-
License
ISC
Repository
-
Last release
7 months ago

express-safe Security Middleware

The express-safe middleware enhances the security of your Express application by blocking requests containing certain keywords and patterns commonly used in SQL injection attacks, XSS attacks, and other malicious activities.

Security Logic

The middleware function includes the following security logic:

  • Block requests containing SQL injection attack patterns.
  • Block requests containing XSS attack patterns.
  • Block requests containing other malicious patterns.

Installation

You can install this package via npm:

npm install express-safe --save

Usage

To use this middleware in your Express application, simply require it and use it like any other middleware:

const express = require('express');
const safe = require('express-safe');

const app = express();

app.use(safe({
  keywords: ['<script>', 'alert', 'onerror'], // Add custom keywords
  sendText: "Access is denied.", // Text returned when a request is blocked
  frameOption: 'SAMEORIGIN' // Method to prevent clickjacking
}));

app.get('/', (req, res) => {
  res.send('Hello World!');
});

app.listen(3000, () => {
  console.log('The server is running on <http://localhost:3000>');
});

Custom Keywords

You can customize the blocked keywords and patterns by passing a configuration object:

const express = require('express');
const safe = require('express-safe');

const app = express();

// Global interception
app.use(safe({
  keywords: ['.zip', '.sql']
}));

// Global interception
app.get('/',safe(), (req, res) => {
  res.send('Hello World!');
});

app.listen(3000, () => {
   console.log('Server running on http://localhost:3000');
});

Notes

  • Ensure that this middleware is placed before all other middlewares to apply the security logic before processing requests.

  • This middleware provides basic security protection. You may need to further customize and enhance it based on your application's specific requirements.

contribution

If you have any improvement suggestions or want to contribute code, feel free to send an email to yanyutao2023@136.com.

Author's Open Source Project

  • ChanCMS——A CMS content management system developed based on Chanjs. A middleware for recording Express application requests.
  • Chanjs——A lightweight multi-module MVC framework developed based on express+mysql using pure JavaScript.
  • Saduocss——A lightweight atomic class CSS framework.

License

This project is licensed under the MIT License.

"express-safe""nodejs safe""express security""nodejs""express security""web security""nodejs xss protection""nodejs sql injection protection""nodejs clickjacking protection""nodejs security""nodejs express security""nodejs express safe""nodejs express security middleware""nodejs express safe middleware""nodejs express xss middleware"
chancms
1.0.9

7 months ago

1.0.8

7 months ago

1.0.7

7 months ago

1.0.6

7 months ago

1.0.5

7 months ago

1.0.4

7 months ago

1.0.3

7 months ago

1.0.2

7 months ago

1.0.1

7 months ago

1.0.0

7 months ago

0.0.9

7 months ago

0.0.8

7 months ago

0.0.7

7 months ago

0.0.6

7 months ago

0.0.5

7 months ago

0.0.4

7 months ago

0.0.3

7 months ago

0.0.2

7 months ago

0.0.1

7 months ago