Enterprise-grade React component for NIS2 compliance, session timeout management, and security auditing.
npm install @nis2shield/react-guard
Client-Side Security Telemetry & Session Protection for NIS2 Compliance.
Companies subject to NIS2 Directive require strict session management, audit logs, and client-side security controls. This library provides drop-in React components to handle:
1. Automatic session termination (Idle Timer) - Art. 21.2.h
2. Visual protection against shoulder surfing (Tab Napping)
3. Security event hooks for SIEM integration
4. Encrypted local storage for sensitive data (GDPR-compliant)
@nis2shield/react-guard acts as the "sentinel" for your frontend applications, integrating with any NIS2 Shield Backend Adapter (Django, Express, Spring) to provide end-to-end compliance coverage.
> Part of the NIS2 Shield Ecosystem: Use with infrastructure for Demonstrable Compliance (audited via tfsec).
- ๐ก๏ธ Session Watchdog: Detects user inactivity and "Tab Napping" (background tab hijacking risks)
- ๐ก Telemetry Engine: Automatically captures React component crashes (AuditBoundary) and sends sanitized reports to your SIEM
- ๐ Secure Storage: Drop-in replacement for localStorage/sessionStorage with AES-GCM encryption
- โจ๏ธ Secure Input: Pre-configured props to harden input fields against caching and clipboard
- ๐ Device Fingerprinting (v0.2.0+): Passive device fingerprint collection for session hijacking detection
- โ ๏ธ Security Banner (v0.2.0+): Warns users about insecure connections (HTTP) and outdated browsers
``bash`
npm install @nis2shield/react-guardor
yarn add @nis2shield/react-guard
`tsx
import { Nis2Provider, SessionWatchdog, AuditBoundary } from '@nis2shield/react-guard';
function App() {
return (
auditEndpoint: '/api/nis2/telemetry/',
idleTimeoutMinutes: 15,
debug: process.env.NODE_ENV === 'development'
}}
>
);
}
`
`tsx
import { useSecureStorage } from '@nis2shield/react-guard';
const UserProfile = () => {
const { value: iban, setValue: setIban } = useSecureStorage('user_iban', '');
return (
value={iban}
onChange={(e) => setIban(e.target.value)}
placeholder="IBAN (Encrypted locally)"
/>
);
};
`
`tsx
import { useSecureInput } from '@nis2shield/react-guard';
const PasswordField = () => {
const secureProps = useSecureInput({ type: 'password' });
return ;
};
`
`tsx
import { useNis2Log } from '@nis2shield/react-guard';
const TransferMoney = () => {
const { logWarning } = useNis2Log();
const handleTransfer = (amount: number) => {
if (amount > 10000) {
logWarning('HIGH_VALUE_TRANSACTION_ATTEMPT', { amount });
}
};
};
`
Collect passive device fingerprints to detect session hijacking:
`tsx
import { useDeviceFingerprint } from '@nis2shield/react-guard';
const LoginPage = () => {
const { fingerprint, isLoading, sendToBackend } = useDeviceFingerprint();
const handleLogin = async () => {
// Send fingerprint with login for backend validation
sendToBackend();
// ... rest of login logic
};
return ;
};
`
Collected data:
- Screen resolution, color depth
- Timezone, language, platform
- Hardware concurrency, device memory
- Canvas fingerprint (SHA-256 hash)
- WebGL renderer/vendor
`
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Frontend โ
โ @nis2shield/{react,angular,vue}-guard โ
โ โโโ SessionWatchdog (idle detection) โ
โ โโโ AuditBoundary (crash reports) โ
โ โโโ useDeviceFingerprint (session validation) โ
โ โโโ โ POST /api/nis2/telemetry/ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Backend (NIS2 Adapter) โ
โ Supported: Django, Express, Spring Boot, .NET โ
โ โโโ ForensicLogger (HMAC signed logs) โ
โ โโโ RateLimiter, SessionGuard, TorBlocker โ
โ โโโ โ SIEM (Elasticsearch, Splunk, QRadar, etc.) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Infrastructure โ
โ nis2shield/infrastructure โ
โ โโโ Centralized Logging (ELK/Splunk) โ
โ โโโ Compliance Reporting (Automatic PDF generation) โ
โ โโโ Audited Deployment (Terraform/Helm) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
`tsx
import { Nis2Provider, SessionWatchdog, AuditBoundary, useSecureStorage } from '@nis2shield/react-guard';
function BankingApp() {
return (
window.location.href = '/logout?reason=idle';
}}
/>
);
}
`
`tsx
import { useSecureStorage, useSecureInput } from '@nis2shield/react-guard';
const PaymentForm = () => {
const { value: cardNumber, setValue: setCardNumber } = useSecureStorage('card', '');
const secureProps = useSecureInput({ type: 'password' });
return (
$3
tsx
import { useDeviceFingerprint, useNis2Log } from '@nis2shield/react-guard';const LoginPage = () => {
const { fingerprint, sendToBackend } = useDeviceFingerprint();
const { logWarning } = useNis2Log();
const handleLogin = async (credentials) => {
// Send fingerprint with login for session hijacking detection
await sendToBackend();
// Log high-risk attempts
if (credentials.failedAttempts > 3) {
logWarning('BRUTE_FORCE_ATTEMPT', { attempts: credentials.failedAttempts });
}
};
};
`๐งช Development
bash
npm install # Install dependencies
npm test # Run test suite (35 tests)
npm run build # Build for production
``MIT License - see LICENSE for details.
See CONTRIBUTING.md for guidelines.
---
Documentation ยท npm ยท Changelog