@wnodex/hpp 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/.turbo/turbo-build.log +2 -2
  2. package/README.md +62 -5
  3. package/package.json +9 -4
package/.turbo/turbo-build.log CHANGED
@@ -1,7 +1,7 @@
1
1
 
2
- > @wnodex/hpp@0.2.1 build /home/runner/work/wnodex/wnodex/packages/hpp
2
+ > @wnodex/hpp@0.2.2 build /home/runner/work/wnodex/wnodex/packages/hpp
3
3
  > rolldown -c && tsc
4
4
 
5
5
  [log] <DIR>/index.js chunk │ size: 0.88 kB
6
6
  [log]
7
- [success] rolldown v1.0.0-rc.1 Finished in 16.29 ms
7
+ [success] rolldown v1.0.0-rc.1 Finished in 23.63 ms
package/README.md CHANGED
@@ -1,14 +1,71 @@
1
1
  # @wnodex/hpp
2
2
 
3
- wnodex hpp middleware
3
+ > wnodex hpp middleware
4
4
 
5
- ---
5
+ Part of the [wnodex](https://github.com/wnodex/wnodex) ecosystem, this package provides middleware to protect against HTTP Parameter Pollution attacks.
6
6
 
7
- ## Table of Content
7
+ ## About
8
8
 
9
- - [License](#license)
9
+ `@wnodex/hpp` integrates the `hpp` middleware into your `wnodex` application. It helps prevent attackers from manipulating query parameters to bypass security checks or cause unexpected behavior.
10
10
 
11
- ---
11
+ ## Features
12
+
13
+ - Protects against HTTP Parameter Pollution (HPP) attacks.
14
+ - Easy to enable and configure within `wnodex`.
15
+ - Allows whitelisting of parameters that can appear multiple times.
16
+ - Built on the `hpp` library.
17
+
18
+ ## Why use it?
19
+
20
+ Security requires a layered approach, and protecting against parameter pollution is one important layer. This package makes it trivial to add this protection to your `wnodex` application, with a simple and centralized configuration.
21
+
22
+ ## Installation
23
+
24
+ You can install the package using your favorite package manager:
25
+
26
+ **pnpm**
27
+
28
+ ```bash
29
+ pnpm add @wnodex/hpp
30
+ ```
31
+
32
+ **npm**
33
+
34
+ ```bash
35
+ npm install @wnodex/hpp
36
+ ```
37
+
38
+ **yarn**
39
+
40
+ ```bash
41
+ yarn add @wnodex/hpp
42
+ ```
43
+
44
+ **bun**
45
+
46
+ ```bash
47
+ bun add @wnodex/hpp
48
+ ```
49
+
50
+ ## Usage
51
+
52
+ `@wnodex/hpp` is enabled by default. You can customize it by providing a whitelist of parameters or disable it entirely.
53
+
54
+ ```typescript
55
+ import { Wnodex } from 'wnodex';
56
+
57
+ // Example: Provide a whitelist for specific parameters
58
+ const server = new Wnodex({
59
+ hpp: ['sort', 'filter'], // Allow 'sort' and 'filter' to appear multiple times
60
+ });
61
+
62
+ // Example: Disable HPP
63
+ const serverWithoutHpp = new Wnodex({
64
+ hpp: false,
65
+ });
66
+
67
+ server.start();
68
+ ```
12
69
 
13
70
  ## License
14
71
 
package/package.json CHANGED
@@ -1,10 +1,15 @@
1
1
  {
2
2
  "name": "@wnodex/hpp",
3
- "version": "0.2.1",
3
+ "version": "0.2.2",
4
4
  "private": false,
5
- "description": "wnodex hpp middleware",
5
+ "description": "A wnodex middleware that integrates hpp to protect against HTTP Parameter Pollution attacks.",
6
6
  "keywords": [
7
- "wnodex"
7
+ "wnodex",
8
+ "middleware",
9
+ "hpp",
10
+ "express",
11
+ "security",
12
+ "parameter-pollution"
8
13
  ],
9
14
  "homepage": "https://github.com/wnodex/wnodex#readme",
10
15
  "bugs": {
@@ -40,7 +45,7 @@
40
45
  "@types/node": "^25.0.10",
41
46
  "rolldown": "1.0.0-rc.1",
42
47
  "typescript": "5.9.2",
43
- "@wnodex/typescript-config": "0.2.1"
48
+ "@wnodex/typescript-config": "0.2.2"
44
49
  },
45
50
  "publishConfig": {
46
51
  "access": "public"