koa-helmet


koa-helmet is a wrapper for helmet to work with koa (v2 and v3). It provides important security headers to make your app more secure by default.

This package has zero direct dependencies, with peerDependencies of koa and helmet.

Installation

``sh
npm i koa-helmet helmet

or:

bun add koa-helmet helmet
`

Usage

Usage is the same as helmet

Helmet offers 11 security middleware functions:

`js
// This...
app.use(helmet());

// ...is equivalent to this:
app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());
`

You can see more in the documentation.

Example

`js
import Koa from "koa";
import helmet from "koa-helmet";

const app = new Koa();

app.use(helmet());

app.use((ctx) => {
ctx.body = "Hello World";
});

app.listen(4000);
`

Testing

To run the test and lint suite, simply run

`
npm check
`

Alternatively, you can run:

`bash
npm run test
npm run lint
npm run format:check
``

Contributing

Please see CONTRIBUTING.md for details.

Versioning

- koa-helmet >=2.x (main branch) supports koa 2.x and 3.x
- koa-helmet 1.x (koa-1 branch) supports koa 0.x and koa 1.x