koa-helmet 6.0.0 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -19
- package/coverage/lcov-report/index.html +7 -7
- package/coverage/lcov-report/koa-helmet.js.html +12 -12
- package/coverage/lcov.info +17 -16
- package/koa-helmet.d.ts +67 -0
- package/lib/koa-helmet.js +4 -4
- package/package.json +4 -3
package/README.md
CHANGED
|
@@ -2,8 +2,6 @@ koa-helmet
|
|
|
2
2
|
==========
|
|
3
3
|
|
|
4
4
|
[](https://www.npmjs.com/package/koa-helmet)
|
|
5
|
-
[](https://travis-ci.org/venables/koa-helmet)
|
|
6
|
-
[](https://coveralls.io/github/venables/koa-helmet)
|
|
7
5
|
[](https://david-dm.org/venables/koa-helmet)
|
|
8
6
|
[](https://github.com/Flet/semistandard)
|
|
9
7
|
[](https://www.npmjs.com/package/koa-helmet)
|
|
@@ -13,14 +11,12 @@ koa-helmet is a wrapper for [helmet](https://github.com/helmetjs/helmet) to work
|
|
|
13
11
|
Installation
|
|
14
12
|
------------
|
|
15
13
|
|
|
16
|
-
```
|
|
17
|
-
|
|
18
|
-
```
|
|
14
|
+
```sh
|
|
15
|
+
npm i koa-helmet
|
|
19
16
|
|
|
20
|
-
or
|
|
17
|
+
# or:
|
|
21
18
|
|
|
22
|
-
|
|
23
|
-
npm install koa-helmet --save
|
|
19
|
+
yarn add koa-helmet
|
|
24
20
|
```
|
|
25
21
|
|
|
26
22
|
Usage
|
|
@@ -50,21 +46,13 @@ app.use(helmet.xssFilter());
|
|
|
50
46
|
|
|
51
47
|
You can see more in [the documentation](https://helmetjs.github.io/docs/).
|
|
52
48
|
|
|
53
|
-
Note:
|
|
54
|
-
-----
|
|
55
|
-
|
|
56
|
-
In order to work well with the helmet HSTS module, koa-helmet will augment
|
|
57
|
-
`this.request` to include a `secure` boolean to determine if the request
|
|
58
|
-
is over HTTPS.
|
|
59
|
-
|
|
60
49
|
Example
|
|
61
50
|
-------
|
|
62
51
|
|
|
63
52
|
```js
|
|
64
|
-
|
|
53
|
+
import Koa from 'koa';
|
|
54
|
+
import helmet from 'koa-helmet';
|
|
65
55
|
|
|
66
|
-
const Koa = require("koa");
|
|
67
|
-
const helmet = require("koa-helmet");
|
|
68
56
|
const app = new Koa();
|
|
69
57
|
|
|
70
58
|
app.use(helmet());
|
|
@@ -83,7 +71,7 @@ Testing
|
|
|
83
71
|
To run the tests, simply run
|
|
84
72
|
|
|
85
73
|
```
|
|
86
|
-
|
|
74
|
+
npm test
|
|
87
75
|
```
|
|
88
76
|
|
|
89
77
|
Versioning
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
<div class='fl pad1y space-right2'>
|
|
26
26
|
<span class="strong">100% </span>
|
|
27
27
|
<span class="quiet">Statements</span>
|
|
28
|
-
<span class='fraction'>
|
|
28
|
+
<span class='fraction'>16/16</span>
|
|
29
29
|
</div>
|
|
30
30
|
|
|
31
31
|
|
|
@@ -39,14 +39,14 @@
|
|
|
39
39
|
<div class='fl pad1y space-right2'>
|
|
40
40
|
<span class="strong">100% </span>
|
|
41
41
|
<span class="quiet">Functions</span>
|
|
42
|
-
<span class='fraction'>
|
|
42
|
+
<span class='fraction'>6/6</span>
|
|
43
43
|
</div>
|
|
44
44
|
|
|
45
45
|
|
|
46
46
|
<div class='fl pad1y space-right2'>
|
|
47
47
|
<span class="strong">100% </span>
|
|
48
48
|
<span class="quiet">Lines</span>
|
|
49
|
-
<span class='fraction'>
|
|
49
|
+
<span class='fraction'>16/16</span>
|
|
50
50
|
</div>
|
|
51
51
|
|
|
52
52
|
|
|
@@ -78,13 +78,13 @@
|
|
|
78
78
|
<div class="chart"><div class="cover-fill cover-full" style="width: 100%"></div><div class="cover-empty" style="width: 0%"></div></div>
|
|
79
79
|
</td>
|
|
80
80
|
<td data-value="100" class="pct high">100%</td>
|
|
81
|
-
<td data-value="
|
|
81
|
+
<td data-value="16" class="abs high">16/16</td>
|
|
82
82
|
<td data-value="100" class="pct high">100%</td>
|
|
83
83
|
<td data-value="0" class="abs high">0/0</td>
|
|
84
84
|
<td data-value="100" class="pct high">100%</td>
|
|
85
|
-
<td data-value="
|
|
85
|
+
<td data-value="6" class="abs high">6/6</td>
|
|
86
86
|
<td data-value="100" class="pct high">100%</td>
|
|
87
|
-
<td data-value="
|
|
87
|
+
<td data-value="16" class="abs high">16/16</td>
|
|
88
88
|
</tr>
|
|
89
89
|
|
|
90
90
|
</tbody>
|
|
@@ -95,7 +95,7 @@
|
|
|
95
95
|
<div class='footer quiet pad2 space-top1 center small'>
|
|
96
96
|
Code coverage generated by
|
|
97
97
|
<a href="https://istanbul.js.org/" target="_blank">istanbul</a>
|
|
98
|
-
at
|
|
98
|
+
at Fri Mar 17 2023 11:20:22 GMT-0400 (Eastern Daylight Time)
|
|
99
99
|
</div>
|
|
100
100
|
</div>
|
|
101
101
|
<script src="prettify.js"></script>
|
|
@@ -25,7 +25,7 @@
|
|
|
25
25
|
<div class='fl pad1y space-right2'>
|
|
26
26
|
<span class="strong">100% </span>
|
|
27
27
|
<span class="quiet">Statements</span>
|
|
28
|
-
<span class='fraction'>
|
|
28
|
+
<span class='fraction'>16/16</span>
|
|
29
29
|
</div>
|
|
30
30
|
|
|
31
31
|
|
|
@@ -39,14 +39,14 @@
|
|
|
39
39
|
<div class='fl pad1y space-right2'>
|
|
40
40
|
<span class="strong">100% </span>
|
|
41
41
|
<span class="quiet">Functions</span>
|
|
42
|
-
<span class='fraction'>
|
|
42
|
+
<span class='fraction'>6/6</span>
|
|
43
43
|
</div>
|
|
44
44
|
|
|
45
45
|
|
|
46
46
|
<div class='fl pad1y space-right2'>
|
|
47
47
|
<span class="strong">100% </span>
|
|
48
48
|
<span class="quiet">Lines</span>
|
|
49
|
-
<span class='fraction'>
|
|
49
|
+
<span class='fraction'>16/16</span>
|
|
50
50
|
</div>
|
|
51
51
|
|
|
52
52
|
|
|
@@ -96,22 +96,22 @@
|
|
|
96
96
|
<span class="cline-any cline-neutral"> </span>
|
|
97
97
|
<span class="cline-any cline-yes">1x</span>
|
|
98
98
|
<span class="cline-any cline-yes">1x</span>
|
|
99
|
-
<span class="cline-any cline-yes">1x</span>
|
|
100
99
|
<span class="cline-any cline-neutral"> </span>
|
|
101
100
|
<span class="cline-any cline-yes">1x</span>
|
|
102
101
|
<span class="cline-any cline-yes">1x</span>
|
|
103
102
|
<span class="cline-any cline-neutral"> </span>
|
|
104
103
|
<span class="cline-any cline-neutral"> </span>
|
|
105
104
|
<span class="cline-any cline-yes">1x</span>
|
|
106
|
-
<span class="cline-any cline-yes">
|
|
107
|
-
<span class="cline-any cline-yes">10x</span>
|
|
105
|
+
<span class="cline-any cline-yes">16x</span>
|
|
108
106
|
<span class="cline-any cline-yes">10x</span>
|
|
109
107
|
<span class="cline-any cline-neutral"> </span>
|
|
110
108
|
<span class="cline-any cline-yes">10x</span>
|
|
111
109
|
<span class="cline-any cline-yes">10x</span>
|
|
112
|
-
<span class="cline-any cline-yes">10x</span>
|
|
113
110
|
<span class="cline-any cline-neutral"> </span>
|
|
114
111
|
<span class="cline-any cline-neutral"> </span>
|
|
112
|
+
<span class="cline-any cline-yes">16x</span>
|
|
113
|
+
<span class="cline-any cline-yes">18x</span>
|
|
114
|
+
<span class="cline-any cline-neutral"> </span>
|
|
115
115
|
<span class="cline-any cline-neutral"> </span>
|
|
116
116
|
<span class="cline-any cline-neutral"> </span>
|
|
117
117
|
<span class="cline-any cline-yes">1x</span>
|
|
@@ -124,7 +124,6 @@ const koaHelmet = function () {
|
|
|
124
124
|
const helmetPromise = promisify(helmet.apply(null, arguments));
|
|
125
125
|
|
|
126
126
|
const middleware = (ctx, next) => {
|
|
127
|
-
ctx.req.secure = ctx.request.secure;
|
|
128
127
|
return helmetPromise(ctx.req, ctx.res).then(next);
|
|
129
128
|
};
|
|
130
129
|
middleware._name = 'helmet';
|
|
@@ -133,14 +132,15 @@ const koaHelmet = function () {
|
|
|
133
132
|
|
|
134
133
|
Object.keys(helmet).forEach(function (helmetMethod) {
|
|
135
134
|
koaHelmet[helmetMethod] = function () {
|
|
136
|
-
const
|
|
137
|
-
const methodPromise = promisify(method.apply(null, arguments));
|
|
135
|
+
const methodPromise = promisify(helmet[helmetMethod].apply(null, arguments));
|
|
138
136
|
|
|
139
137
|
return (ctx, next) => {
|
|
140
|
-
ctx.req.secure = ctx.request.secure;
|
|
141
138
|
return methodPromise(ctx.req, ctx.res).then(next);
|
|
142
139
|
};
|
|
143
140
|
};
|
|
141
|
+
Object.keys(helmet[helmetMethod]).forEach((methodExports) => {
|
|
142
|
+
koaHelmet[helmetMethod][methodExports] = helmet[helmetMethod][methodExports];
|
|
143
|
+
});
|
|
144
144
|
});
|
|
145
145
|
|
|
146
146
|
module.exports = koaHelmet;
|
|
@@ -151,7 +151,7 @@ module.exports = koaHelmet;
|
|
|
151
151
|
<div class='footer quiet pad2 space-top1 center small'>
|
|
152
152
|
Code coverage generated by
|
|
153
153
|
<a href="https://istanbul.js.org/" target="_blank">istanbul</a>
|
|
154
|
-
at
|
|
154
|
+
at Fri Mar 17 2023 11:20:22 GMT-0400 (Eastern Daylight Time)
|
|
155
155
|
</div>
|
|
156
156
|
</div>
|
|
157
157
|
<script src="prettify.js"></script>
|
package/coverage/lcov.info
CHANGED
|
@@ -2,35 +2,36 @@ TN:
|
|
|
2
2
|
SF:lib/koa-helmet.js
|
|
3
3
|
FN:6,(anonymous_0)
|
|
4
4
|
FN:9,(anonymous_1)
|
|
5
|
-
FN:
|
|
6
|
-
FN:
|
|
7
|
-
FN:
|
|
8
|
-
|
|
9
|
-
|
|
5
|
+
FN:16,(anonymous_2)
|
|
6
|
+
FN:17,(anonymous_3)
|
|
7
|
+
FN:20,(anonymous_4)
|
|
8
|
+
FN:24,(anonymous_5)
|
|
9
|
+
FNF:6
|
|
10
|
+
FNH:6
|
|
10
11
|
FNDA:1,(anonymous_0)
|
|
11
12
|
FNDA:1,(anonymous_1)
|
|
12
|
-
FNDA:
|
|
13
|
+
FNDA:16,(anonymous_2)
|
|
13
14
|
FNDA:10,(anonymous_3)
|
|
14
15
|
FNDA:10,(anonymous_4)
|
|
16
|
+
FNDA:18,(anonymous_5)
|
|
15
17
|
DA:3,1
|
|
16
18
|
DA:4,1
|
|
17
19
|
DA:6,1
|
|
18
20
|
DA:7,1
|
|
19
21
|
DA:9,1
|
|
20
22
|
DA:10,1
|
|
21
|
-
DA:
|
|
23
|
+
DA:12,1
|
|
22
24
|
DA:13,1
|
|
23
|
-
DA:
|
|
24
|
-
DA:17,
|
|
25
|
-
DA:18,
|
|
26
|
-
DA:19,10
|
|
25
|
+
DA:16,1
|
|
26
|
+
DA:17,16
|
|
27
|
+
DA:18,10
|
|
27
28
|
DA:20,10
|
|
28
|
-
DA:
|
|
29
|
-
DA:
|
|
30
|
-
DA:
|
|
29
|
+
DA:21,10
|
|
30
|
+
DA:24,16
|
|
31
|
+
DA:25,18
|
|
31
32
|
DA:29,1
|
|
32
|
-
LF:
|
|
33
|
-
LH:
|
|
33
|
+
LF:16
|
|
34
|
+
LH:16
|
|
34
35
|
BRF:0
|
|
35
36
|
BRH:0
|
|
36
37
|
end_of_record
|
package/koa-helmet.d.ts
ADDED
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
// Type definitions for koa-helmet 6.0
|
|
2
|
+
// Project: https://github.com/venables/koa-helmet#readme
|
|
3
|
+
// Definitions by: Nick Simmons <https://github.com/nsimmons>
|
|
4
|
+
// Jan Dolezel <https://github.com/dolezel>
|
|
5
|
+
// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
|
|
6
|
+
// TypeScript Version: 2.3
|
|
7
|
+
|
|
8
|
+
import helmet = require('helmet');
|
|
9
|
+
import { Middleware, Context } from 'koa';
|
|
10
|
+
|
|
11
|
+
type HelmetOptions = Required<Parameters<typeof helmet>>[0];
|
|
12
|
+
|
|
13
|
+
declare namespace koaHelmet {
|
|
14
|
+
type KoaHelmetContentSecurityPolicyDirectiveFunction = (ctx: Context) => string;
|
|
15
|
+
|
|
16
|
+
type KoaHelmetCspDirectiveValue = string | KoaHelmetContentSecurityPolicyDirectiveFunction;
|
|
17
|
+
|
|
18
|
+
interface KoaHelmetContentSecurityPolicyDirectives {
|
|
19
|
+
baseUri?: KoaHelmetCspDirectiveValue[];
|
|
20
|
+
childSrc?: KoaHelmetCspDirectiveValue[];
|
|
21
|
+
connectSrc?: KoaHelmetCspDirectiveValue[];
|
|
22
|
+
defaultSrc?: KoaHelmetCspDirectiveValue[];
|
|
23
|
+
fontSrc?: KoaHelmetCspDirectiveValue[];
|
|
24
|
+
formAction?: KoaHelmetCspDirectiveValue[];
|
|
25
|
+
frameAncestors?: KoaHelmetCspDirectiveValue[];
|
|
26
|
+
frameSrc?: KoaHelmetCspDirectiveValue[];
|
|
27
|
+
imgSrc?: KoaHelmetCspDirectiveValue[];
|
|
28
|
+
mediaSrc?: KoaHelmetCspDirectiveValue[];
|
|
29
|
+
objectSrc?: KoaHelmetCspDirectiveValue[];
|
|
30
|
+
pluginTypes?: KoaHelmetCspDirectiveValue[];
|
|
31
|
+
prefetchSrc?: KoaHelmetCspDirectiveValue[];
|
|
32
|
+
reportTo?: string;
|
|
33
|
+
reportUri?: string;
|
|
34
|
+
sandbox?: KoaHelmetCspDirectiveValue[];
|
|
35
|
+
scriptSrc?: KoaHelmetCspDirectiveValue[];
|
|
36
|
+
scriptSrcAttr?: KoahelmetCspDirectiveValue[];
|
|
37
|
+
scriptSrcElem?: KoaHelmetCspDirectiveValue[];
|
|
38
|
+
styleSrc?: KoaHelmetCspDirectiveValue[];
|
|
39
|
+
styleSrcAttr?: KoaHelmetCspDirectiveValue[];
|
|
40
|
+
styleSrcElem?: KoaHelmetCspDirectiveValue[];
|
|
41
|
+
workerSrc?: KoaHelmetCspDirectiveValue[];
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
interface KoaHelmetContentSecurityPolicyConfiguration {
|
|
45
|
+
reportOnly?: boolean;
|
|
46
|
+
useDefaults?: boolean;
|
|
47
|
+
directives?: KoaHelmetContentSecurityPolicyDirectives;
|
|
48
|
+
}
|
|
49
|
+
|
|
50
|
+
interface KoaHelmet {
|
|
51
|
+
(options?: HelmetOptions): Middleware;
|
|
52
|
+
contentSecurityPolicy(options?: KoaHelmetContentSecurityPolicyConfiguration): Middleware;
|
|
53
|
+
dnsPrefetchControl(options?: HelmetOptions['dnsPrefetchControl']): Middleware;
|
|
54
|
+
expectCt(options?: HelmetOptions['expectCt']): Middleware;
|
|
55
|
+
frameguard(options?: HelmetOptions['frameguard']): Middleware;
|
|
56
|
+
hidePoweredBy(options?: HelmetOptions['hidePoweredBy']): Middleware;
|
|
57
|
+
hsts(options?: HelmetOptions['hsts']): Middleware;
|
|
58
|
+
ieNoOpen(options?: HelmetOptions['ieNoOpen']): Middleware;
|
|
59
|
+
noSniff(options?: HelmetOptions['noSniff']): Middleware;
|
|
60
|
+
permittedCrossDomainPolicies(options?: HelmetOptions['permittedCrossDomainPolicies']): Middleware;
|
|
61
|
+
referrerPolicy(options?: HelmetOptions['referrerPolicy']): Middleware;
|
|
62
|
+
xssFilter(options?: HelmetOptions['xssFilter']): Middleware;
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
declare const koaHelmet: koaHelmet.KoaHelmet;
|
|
67
|
+
export = koaHelmet;
|
package/lib/koa-helmet.js
CHANGED
|
@@ -7,7 +7,6 @@ const koaHelmet = function () {
|
|
|
7
7
|
const helmetPromise = promisify(helmet.apply(null, arguments));
|
|
8
8
|
|
|
9
9
|
const middleware = (ctx, next) => {
|
|
10
|
-
ctx.req.secure = ctx.request.secure;
|
|
11
10
|
return helmetPromise(ctx.req, ctx.res).then(next);
|
|
12
11
|
};
|
|
13
12
|
middleware._name = 'helmet';
|
|
@@ -16,14 +15,15 @@ const koaHelmet = function () {
|
|
|
16
15
|
|
|
17
16
|
Object.keys(helmet).forEach(function (helmetMethod) {
|
|
18
17
|
koaHelmet[helmetMethod] = function () {
|
|
19
|
-
const
|
|
20
|
-
const methodPromise = promisify(method.apply(null, arguments));
|
|
18
|
+
const methodPromise = promisify(helmet[helmetMethod].apply(null, arguments));
|
|
21
19
|
|
|
22
20
|
return (ctx, next) => {
|
|
23
|
-
ctx.req.secure = ctx.request.secure;
|
|
24
21
|
return methodPromise(ctx.req, ctx.res).then(next);
|
|
25
22
|
};
|
|
26
23
|
};
|
|
24
|
+
Object.keys(helmet[helmetMethod]).forEach((methodExports) => {
|
|
25
|
+
koaHelmet[helmetMethod][methodExports] = helmet[helmetMethod][methodExports];
|
|
26
|
+
});
|
|
27
27
|
});
|
|
28
28
|
|
|
29
29
|
module.exports = koaHelmet;
|
package/package.json
CHANGED
|
@@ -3,8 +3,9 @@
|
|
|
3
3
|
"author": "Matt Venables <mattvenables@gmail.com>",
|
|
4
4
|
"description": "Security header middleware collection for koa",
|
|
5
5
|
"license": "MIT",
|
|
6
|
-
"version": "
|
|
6
|
+
"version": "7.0.0",
|
|
7
7
|
"main": "lib/koa-helmet.js",
|
|
8
|
+
"typings": "./koa-helmet.d.ts",
|
|
8
9
|
"scripts": {
|
|
9
10
|
"format": "eslint lib test --fix",
|
|
10
11
|
"lint": "eslint lib test",
|
|
@@ -23,10 +24,10 @@
|
|
|
23
24
|
"url": "https://github.com/venables/koa-helmet"
|
|
24
25
|
},
|
|
25
26
|
"engines": {
|
|
26
|
-
"node": ">=
|
|
27
|
+
"node": ">= 14.0.0"
|
|
27
28
|
},
|
|
28
29
|
"dependencies": {
|
|
29
|
-
"helmet": "^
|
|
30
|
+
"helmet": "^6.0.1"
|
|
30
31
|
},
|
|
31
32
|
"devDependencies": {
|
|
32
33
|
"ava": "^3.13.0",
|