@arcjet/next

[Arcjet][arcjet] helps developers protect their apps in just a few lines of
code. Bot detection. Rate limiting. Email validation. Attack protection. Data
redaction. A developer-first approach to security.

This is the [Arcjet][arcjet] SDK for the [Next.js][next-js] framework. **Find
our other [SDKs on GitHub][sdks-github]**.

- npm package (@arcjet/next)
- GitHub source code (arcjet-next/ in arcjet/arcjet-js)

Example

Try an Arcjet protected Next.js app live at
[example.arcjet.com][example-next-url]
([source code][example-next-source]).

Features

Arcjet security features for protecting Next.js apps:

- 🤖 [Bot protection][bot-protection-quick-start] - manage traffic by automated
clients and bots.
- 🛑 [Rate limiting][rate-limiting-quick-start] - limit the number of requests a
client can make.
- 🛡️ [Shield WAF][shield-quick-start] - protect your application against common
attacks.
- 📧 [Email validation][email-validation-quick-start] - prevent users from
signing up with fake email addresses.
- 📝 [Signup form protection][signup-protection-quick-start] - combines rate
limiting, bot protection, and email validation to protect your signup forms.
- 🕵️‍♂️ [Sensitive information detection][sensitive-info-quick-start] - block
personally identifiable information (PII).
- 🚅 [Nosecone][nosecone-quick-start] - set security headers such as
Content-Security-Policy (CSP).

Quick start

This example will protect a Next.js API route with a rate limit, bot detection,
and Shield WAF.

You can also find this [quick start guide][quick-start] in the docs.

What is this?

This is our adapter to integrate Arcjet into Next.js.
Arcjet helps you secure your Next web application.
This package exists so that we can provide the best possible experience to
Next users.

When should I use this?

You can use this if you are using Next.js.
See our [_Get started_ guide][arcjet-get-started] for other supported
frameworks.

Install

This package is ESM only.
Install with npm in Node.js:

``sh
npm install @arcjet/next
`

Use

`ts
import arcjet, { shield } from "@arcjet/next";
import { NextResponse } from "next/server";

// Get your Arcjet key at .
// Set it as an environment variable instead of hard coding it.
const arcjetKey = process.env.ARCJET_KEY;

if (!arcjetKey) {
throw new Error("Cannot find ARCJET_KEY environment variable");
}

const aj = arcjet({
key: arcjetKey,
rules: [
// Shield protects your app from common attacks.
// Use DRY_RUN instead of LIVE to only log.
shield({ mode: "LIVE" }),
],
});

export async function GET(request: Request) {
const decision = await aj.protect(request);

if (decision.isDenied()) {
return NextResponse.json({ message: "Forbidden" }, { status: 429 });
}

return NextResponse.json({ message: "Hello world" });
}
``

For more on how to configure Arcjet with Next.js and how to protect Next,
see the [Arcjet Next.js SDK reference][arcjet-reference-next] on our website.

License

[Apache License, Version 2.0][apache-license] © [Arcjet Labs, Inc.][arcjet]

[arcjet-get-started]: https://docs.arcjet.com/get-started
[arcjet-reference-next]: https://docs.arcjet.com/reference/nextjs
[arcjet]: https://arcjet.com
[example-next-url]: https://example.arcjet.com
[example-next-source]: https://github.com/arcjet/example-nextjs
[next-js]: https://nextjs.org/
[quick-start]: https://docs.arcjet.com/get-started?f=next-js
[apache-license]: http://www.apache.org/licenses/LICENSE-2.0
[bot-protection-quick-start]: https://docs.arcjet.com/bot-protection/quick-start?f=next-js
[rate-limiting-quick-start]: https://docs.arcjet.com/rate-limiting/quick-start?f=next-js
[shield-quick-start]: https://docs.arcjet.com/shield/quick-start?f=next-js
[email-validation-quick-start]: https://docs.arcjet.com/email-validation/quick-start?f=next-js
[signup-protection-quick-start]: https://docs.arcjet.com/signup-protection/quick-start?f=next-js
[sensitive-info-quick-start]: https://docs.arcjet.com/sensitive-info/quick-start?f=next-js
[nosecone-quick-start]: https://docs.arcjet.com/nosecone/quick-start?f=next-js
[sdks-github]: https://github.com/arcjet