owasp-nodejs-security-pack
v1.0.3
Published
`owasp-nodejs-security-pack` is a Node.js library designed to provide robust, plug-and-play middleware for securing your Express applications. It offers various middleware utilities to enhance security, prevent vulnerabilities, and streamline the integrat
Downloads
176
Maintainers
gunjan.shrmaReadme
owasp-nodejs-security-pack
owasp-nodejs-security-pack is a Node.js library designed to provide robust, plug-and-play middleware for securing your Express applications. It offers various middleware utilities to enhance security, prevent vulnerabilities, and streamline the integration of security best practices.
Installation
Install the package using npm:
npm install owasp-nodejs-security-packFeatures
- Signature Verification Middleware: Validates digital signatures to ensure message integrity.
- Brute Force Protection: Prevents excessive requests from a single client.
- Composable Middleware: Combine multiple middleware functions into a single one.
- Content-Type Validator: Restricts requests to specific content types.
- Hybrid Encryption: Encrypts data with RSA and AES hybrid approach.
- Output Escaping: Sanitizes responses to prevent XSS attacks.
- HTTP Parameter Pollution Prevention: Protects against parameter pollution attacks.
- Rate Limiting: Restricts the number of requests from an IP within a time window.
Usage
1. Signature Verification Middleware
Validates the signature of incoming requests using a public key.
import { verifySignatureMiddleware } from "owasp-nodejs-security-pack";
app.use(verifySignatureMiddleware);2. Brute Force Protection
Prevents excessive requests from a single client by tracking request history.
import { createBruteForceMiddleware } from "owasp-nodejs-security-pack";
const bruteForceMiddleware = createBruteForceMiddleware({
maxRequests: 100,
windowMs: 15 * 60 * 1000, // 15 minutes
blockDurationMs: 15 * 60 * 1000, // 15 minutes
message: "Too many requests from this IP"
});
app.use(bruteForceMiddleware);3. Composable Middleware
Combine multiple middleware functions into a single one.
import { composeMiddleware } from "owasp-nodejs-security-pack";
const combinedMiddleware = composeMiddleware(middleware1, middleware2, middleware3);
app.use(combinedMiddleware);4. Content-Type Validator
Restricts requests to specific content types.
import { createContentTypeMiddleware } from "owasp-nodejs-security-pack";
const contentTypeMiddleware = createContentTypeMiddleware({
allowedTypes: ["json", "form-data"],
errorMessage: "Only JSON and Form Data are supported"
});
app.use(contentTypeMiddleware);5. Hybrid Encryption
Encrypts data using RSA and AES for secure data transfer.
import { encryptDataHybrid } from "owasp-nodejs-security-pack";
const encryptedData = encryptDataHybrid({
name: "Sensitive Data",
description: "This is a secure message."
});
console.log(encryptedData);6. Output Escaping
Sanitizes response data to prevent XSS attacks.
import { createOutputEscapingMiddleware } from "owasp-nodejs-security-pack";
const outputEscaping = createOutputEscapingMiddleware({
escapeMode: "partial",
customEscapeFields: ["name", "description"],
excludeFields: ["id", "timestamp"]
});
app.use(outputEscaping);7. HTTP Parameter Pollution Prevention
Prevents attacks using parameter pollution in query, body, or params.
import { createHPPMiddleware } from "owasp-nodejs-security-pack";
const hppMiddleware = createHPPMiddleware({
whitelist: ["allowedParam"],
blockedParams: ["criticalParam"],
errorMessage: "Invalid request parameters"
});
app.use(hppMiddleware);8. Rate Limiting
Restricts the number of requests from an IP within a specified time window.
import { rateLimiter } from "owasp-nodejs-security-pack";
app.use(rateLimiter);Contributing
We welcome contributions! Please fork the repository and submit a pull request with your changes.
License
This project is licensed under the MIT License. See the LICENSE file for details.
Enjoy secure coding! 🚀
Author
Gunjan Sharma (Senior Software Engineer & Blockchain Enthusiast)