npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@safez/fetch-safez

v1.0.0

Published

Introducing fetch-safez, your go-to cybersecurity middleware for js applications! Armed with safez-cryptx for advanced AES-CBC symmetric encryption, fetch-safez automatically secures your HTTP request and response data with unmatched precision. It offers

Downloads

15

Readme

Overview of Fetch-safez

Fetch-safez is a middleware for Fetch, designed to seamlessly encrypt and decrypt HTTP requests and responses, ensuring the security of data in transit by applying robust encryption algorithms. It acts as a vital layer of security for web applications, safeguarding sensitive data from unauthorized access.

By integrating with Fetch, it provides an easy-to-use solution for developers looking to enhance their application's security. The middleware automatically encrypts data before sending it from the client and decrypts received data, ensuring that sensitive information remains protected throughout the transmission process.

Fetch-safez is highly configurable, offering developers the flexibility to set up custom encryption settings based on their specific security requirements. This adaptability makes it suitable for a wide range of applications, from those requiring high levels of data protection to those needing basic encryption for general security enhancement.

  • Supports various encryption standards, ensuring that data is securely encrypted during transit.
  • Helps mitigate the risk of data breaches and cyberattacks by providing an additional layer of security.

Integrating Fetch-safez into web applications is straightforward, enhancing security measures without complicating the development process.

Installation

Integrate Fetch-safez into your project using the following command:


npm install @safez/fetch-safez or yarn add @safez/fetch-safez

Setup and Configuration

Configure Fetch-safez with your Fetch instance to encrypt and decrypt requests and responses:


import {interceptFetch} from '@safez/fetch-safez'

Usage

All Fetch requests and responses will automatically be encrypted and decrypted after configuring Fetch-safez.

Customizing Encryption per Request

Customize the encryption type for specific requests using the x-sz-token header:


interceptFetch({enableSafez:true,safezSaavi:'dummysecretkeyab', cryptoType: 'field'});

The optional values inside interceptFetch are crypto type, configurable values are 'full', 'field', 'none'. When safezEnable is true, default value is full. When configured the safez, all your payload will be encrypted

Customizing request to be encrypted as an object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-sz-token': JSON.stringify(config)
    }
    const response = await fetch('http://example.url/api/post', payload, {
       headers: headers
    });
    // payload will be {encryptedData: 'encrypted string'}

Customizing request not to be encrypted

    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-sz-token': JSON.stringify(config)
    }
   
    const response = await fetch('http://example.url/api/post', payload, {
       headers: headers
    });

Customizing request payload is not encrypted as whole object, but only values of the object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'field',
        encryptErrorCodes: []
      }
      const headers = {
        'x-sz-token': JSON.stringify(config)
      }
   
      const response = await fetch('http://example.url/api/post', payload, {
          headers: headers
      });
      // payload will be {name: 'encrypted string', product: 'encrypted string'}

Handling Errors

When utilizing encrypted data communication, it's crucial to handle errors effectively, especially in scenarios involving encrypted error messages. Fetch-safez provides the tools necessary to intercept, decrypt, and process error messages securely, ensuring your application can respond to errors appropriately.

Best Practices for Secure Error Handling

  • Encryption Secret Management: It's vital to protect your encryption secret, ensuring it's never exposed in client-side code or to unauthorized individuals. Use secure storage solutions, like environment variables or secret management services, and restrict access to the encryption secret as much as possible.
  • Optimize Encryption Use: While encryption adds a layer of security, it also introduces complexity and potential performance implications. Use the x-sz-token header to selectively enable or disable encryption for specific requests, balancing security needs with application performance.

Troubleshooting Common Encryption Issues

  • Encryption/Decryption Failures: Ensure that the encryption keys or secrets used on the client and server are identical. Mismatches can prevent successful decryption, leading to errors. Regularly audit and synchronize encryption configurations across your infrastructure.
  • Fetch Interceptor Conflicts: Fetch-safez operates by intercepting requests and responses. If other interceptors are used within your Fetch configuration, ensure they do not conflict or override the functionality of Fetch-safez. Testing interceptor compatibility in development environments is recommended to identify and resolve potential conflicts.

By following these best practices and troubleshooting tips, you can ensure that your application securely handles encrypted error messages and maintains robust data security protocols.

Frequently Asked Questions (FAQ)

Below are answers to some of the most common questions about Fetch-safez, providing further insights into its functionality and integration.

  • Can Fetch-safez be used with any Fetch instance?

    Yes. Fetch-safez is designed to be compatible with any Fetch instance, making it a versatile tool for enhancing the security of HTTP requests and responses across various applications.

  • How can I exclude specific requests from encryption?

    To bypass encryption for particular requests, use the x-sz-token header with a value of 'none'. This tells Fetch-safez to skip encryption for those requests, offering flexibility in how encryption is applied.