`owasp-nodejs-security-pack` is a Node.js library designed to provide robust, plug-and-play middleware for securing your Express applications. It offers various middleware utilities to enhance security, prevent vulnerabilities, and streamline the integrat
npm install owasp-nodejs-security-packowasp-nodejs-security-pack is a Node.js library designed to provide robust, plug-and-play middleware for securing your Express applications. It offers various middleware utilities to enhance security, prevent vulnerabilities, and streamline the integration of security best practices.
bash
npm install owasp-nodejs-security-pack
`
---
Features
1. Signature Verification Middleware: Validates digital signatures to ensure message integrity.
2. Brute Force Protection: Prevents excessive requests from a single client.
3. Composable Middleware: Combine multiple middleware functions into a single one.
4. Content-Type Validator: Restricts requests to specific content types.
5. Hybrid Encryption: Encrypts data with RSA and AES hybrid approach.
6. Output Escaping: Sanitizes responses to prevent XSS attacks.
7. HTTP Parameter Pollution Prevention: Protects against parameter pollution attacks.
8. Rate Limiting: Restricts the number of requests from an IP within a time window.
---
Usage
$3
Validates the signature of incoming requests using a public key.
`typescript
import { verifySignatureMiddleware } from "owasp-nodejs-security-pack";
app.use(verifySignatureMiddleware);
`
$3
Prevents excessive requests from a single client by tracking request history.
`typescript
import { createBruteForceMiddleware } from "owasp-nodejs-security-pack";
const bruteForceMiddleware = createBruteForceMiddleware({
maxRequests: 100,
windowMs: 15 60 1000, // 15 minutes
blockDurationMs: 15 60 1000, // 15 minutes
message: "Too many requests from this IP"
});
app.use(bruteForceMiddleware);
`
$3
Combine multiple middleware functions into a single one.
`typescript
import { composeMiddleware } from "owasp-nodejs-security-pack";
const combinedMiddleware = composeMiddleware(middleware1, middleware2, middleware3);
app.use(combinedMiddleware);
`
$3
Restricts requests to specific content types.
`typescript
import { createContentTypeMiddleware } from "owasp-nodejs-security-pack";
const contentTypeMiddleware = createContentTypeMiddleware({
allowedTypes: ["json", "form-data"],
errorMessage: "Only JSON and Form Data are supported"
});
app.use(contentTypeMiddleware);
`
$3
Encrypts data using RSA and AES for secure data transfer.
`typescript
import { encryptDataHybrid } from "owasp-nodejs-security-pack";
const encryptedData = encryptDataHybrid({
name: "Sensitive Data",
description: "This is a secure message."
});
console.log(encryptedData);
`
$3
Sanitizes response data to prevent XSS attacks.
`typescript
import { createOutputEscapingMiddleware } from "owasp-nodejs-security-pack";
const outputEscaping = createOutputEscapingMiddleware({
escapeMode: "partial",
customEscapeFields: ["name", "description"],
excludeFields: ["id", "timestamp"]
});
app.use(outputEscaping);
`
$3
Prevents attacks using parameter pollution in query, body, or params.
`typescript
import { createHPPMiddleware } from "owasp-nodejs-security-pack";
const hppMiddleware = createHPPMiddleware({
whitelist: ["allowedParam"],
blockedParams: ["criticalParam"],
errorMessage: "Invalid request parameters"
});
app.use(hppMiddleware);
`
$3
Restricts the number of requests from an IP within a specified time window.
`typescript
import { rateLimiter } from "owasp-nodejs-security-pack";
app.use(rateLimiter);
``