JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 3148
  • Score
    100M100P100Q115867F
  • License MIT

A Node.js Security.txt implementation

Package Exports

  • sectxt

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (sectxt) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

sectxt

Build Status

A Node.js Security.txt implementation

Features:

  • Middleware
  • Intro / Outtro
  • Comments
  • Custom ordering
  • Signing

References:

Installation

yarn add sectxt

Usage

import { SecurityTxt } from "sectxt";

const securityTxt = new SecurityTxt({
    contacts: ["mailto:security@example.org"],
    expires: new Date("2022-12-31"),
    preferredLanguages: ["en", "de"],
    hiring: ["https://secjobs.example.org"],
});

console.log(await securityTxt.render());

outputs:

Contact: mailto:security@example.org
Expires: 2022-12-31T00:00:00.000Z
Preferred-Languages: en, de
Hiring: https://secjobs.example.org

Intro / Outtro

import { SecurityTxt } from "sectxt";

const securityTxt = new SecurityTxt({
  intro: "Intro",
  contacts: ["mailto:security@example.org"],
  expires: new Date("2019-01-16"),
  outtro: "Outtro",
});

console.log(await securityTxt.render());

outputs:

# Intro

Contact: mailto:security@example.org
Expires: 2019-01-16T00:00:00.000Z

# Outtro

Adding comments

import { SecurityTxt } from "sectxt";

const securityTxt = new SecurityTxt({
    contacts: [{
      comment:"This comment is displayed directly above the field", 
      value: "mailto:security@example.org",
    }],
    expires: new Date("2019-01-16"),
    preferredLanguages: ["en", "de"],
    hiring: ["https://secjobs.example.org"],
});

console.log(await securityTxt.render());

outputs:

# This comment is displayed directly above the field
Contact: mailto:security@example.org
Expires: 2019-01-16T00:00:00.000Z
Preferred-Languages: en, de
Hiring: https://secjobs.example.org

Field ordering

import { SecurityTxt, FieldName } from "sectxt";

const securityTxt = new SecurityTxt({
  intro: "Intro",
  contacts: ["mailto:security@example.org"],
  expires: new Date("2019-01-16"),
  outtro: "Outtro",
  order: [FieldName.EXPIRES, FieldName.CONTACT],
});

console.log(await securityTxt.render());

outputs:

# Intro

Expires: 2019-01-16T00:00:00.000Z
Contact: mailto:security@example.org

# Outtro

Signed security.txt

const privateKey = await openpgp.decryptKey({
  privateKey: await openpgp.readPrivateKey({
    armoredKey: privateKeyArmored,
  }),
  passphrase: "helloworld",
});

const securityTxt = new SecurityTxt({
  privateKey,
  contacts: ["mailto:security@example.org"],
  expires: new Date("2019-01-16"),
});

console.log(await securityTxt.render());

outputs:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Contact: mailto:security@example.org
Expires: 2019-01-16T00:00:00.000Z
-----BEGIN PGP SIGNATURE-----

[signature]
-----END PGP SIGNATURE-----

Middleware

import express from "express";
import { sectxt } from "sectxt";

const app = express();

app.use(
  sectxt({
    contacts: ["mailto:security@example.org"],
    expires: new Date("2022-12-31"),
    preferredLanguages: ["en", "de"],
    hiring: ["https://secjobs.example.org"],
  })
);

app.get("/", (_req, res) => {
  res.send("Hello world!");
});

app.listen(3000, () => {
  console.log("The application is listening on port 3000!");
});

Gatsby

See gatsby-plugin-sectxt.

Examples

See more complete examples.

License

MIT