Package Exports
- @lock-sdk/payload-guard
Readme
๐ก Payload Guard
A smart and extensible request payload inspection module for the Lock Security Framework. Protect your APIs and web services from malicious input patterns like XSS, SQLi, command injection, SSRF, and more โ with configurable modes, caching, and field-level filtering.
๐ Features
- ๐งช Detects XSS, SQLi, SSRF, command/path/template injections
- โ๏ธ Supports
query,params,body,headers, andcookies - ๐ Block or detect mode per environment
- ๐ฆ Smart LRU caching to avoid reprocessing
๐ Usage
Basic Example (block malicious content)
import { secure, payloadGuard } from '@lock-sdk/main';
const middleware = secure()(
payloadGuard({
detectXSS: true,
detectSQLi: true,
detectSSRF: true,
})
);โ๏ธ Configuration
| Option | Type | Default | Description |
|---|---|---|---|
mode |
'block' | 'detect' |
'block' |
Block immediately or just log/detect |
blockStatusCode |
number |
403 |
Status code when blocked |
blockMessage |
string |
'Request blocked due to potential security threat' |
Error message for blocked responses |
checkParts |
('params' | 'query' | 'body' | 'headers' | 'cookies')[] |
['params', 'query', 'body', 'headers'] |
Request parts to inspect |
excludeHeaders |
string[] |
['authorization', 'cookie', 'set-cookie'] |
Headers to ignore |
excludeFields |
string[][] |
JSON keys to skip during inspection | |
detectXSS |
boolean |
true |
Enable XSS detection |
detectSQLi |
boolean |
true |
Enable SQL injection detection |
detectSSRF |
boolean |
true |
Enable SSRF detection |
detectCommandInjection |
boolean |
true |
Enable shell injection detection |
detectPathTraversal |
boolean |
true |
Enable ../ and file path traversal detection |
enableCaching |
boolean |
true |
Enable LRU-based payload caching |
cacheTtl |
number (ms) |
3600000 |
Cache expiration time |
cacheSize |
number |
10000 |
Max entries in cache |
failBehavior |
'open' | 'closed' |
'open' |
What to do if the module throws internally |
๐ก Maintained By
Lock Team