JSPM

@nichtsam/helmet

0.1.0
  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 8519
  • Score
    100M100P100Q135103F
  • License MIT

Package Exports

  • @nichtsam/helmet
  • @nichtsam/helmet/content-security-policy
  • @nichtsam/helmet/cross-origin-embedder-policy
  • @nichtsam/helmet/cross-origin-opener-policy
  • @nichtsam/helmet/cross-origin-resource-policy
  • @nichtsam/helmet/index
  • @nichtsam/helmet/origin-agent-cluster
  • @nichtsam/helmet/package.json
  • @nichtsam/helmet/referrer-policy
  • @nichtsam/helmet/strict-transport-security
  • @nichtsam/helmet/x-content-type-options
  • @nichtsam/helmet/x-dns-prefetch-control
  • @nichtsam/helmet/x-download-options
  • @nichtsam/helmet/x-frame-options
  • @nichtsam/helmet/x-permitted-cross-domain-policies
  • @nichtsam/helmet/x-xss-protection

Readme

Helmet Security Headers Library

Helps to secure apps by setting HTTP response headers. Inspired by helmet and http-helmet

Overview

This package provides a flexible and modular way for managing security headers in a structured way.

  • General security headers
  • HTML-specific headers (e.g., Content-Security-Policy, X-Download-Options)
  • CORS-related configurations

Features

  • Returns security headers with sensible defaults (inspired by Express Helmet)
  • HTML-specific options are only applied when html: true is set
  • Cross-Origin-Resource-Policy defaults to 'same-origin', but switches to 'cross-origin' if cors: true

Installation

npm install @nichtsam/helmet

Usage

import helmet from "@nichtsam/helmet";

const headers = new Headers();

// general
helmet(headers);
// with html
helmet(headers, { html: true });
// non html with cors
helmet(headers, { cors: true });
// customize rules
helmet(headers, {
  options: {
    crossOriginEmbedderPolicy: false,
    contentSecurityPolicy: {},
  },
});