woodland 20.2.3 → 20.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +40 -12
  2. package/dist/cli.cjs +1 -1
  3. package/dist/woodland.cjs +1 -1
  4. package/dist/woodland.js +1 -1
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -25,6 +25,35 @@
25
25
  - **📊 Production Logging**: Common Log Format with customizable levels
26
26
  - **🚀 Modern Architecture**: ES6+ modules optimized for Node.js 17+
27
27
 
28
+ ## 🔒 Security & OWASP Compliance
29
+
30
+ Woodland follows a **security-first design philosophy** with strong adherence to OWASP guidelines:
31
+
32
+ - **✅ Injection Prevention**: Comprehensive input validation, HTML escaping, and path traversal protection
33
+ - **✅ Secure Defaults**: CORS disabled by default, autoindex disabled, secure error handling
34
+ - **✅ Access Control**: Strict file access controls and allowlist-based CORS validation
35
+ - **✅ XSS Protection**: All user input properly escaped, security headers included
36
+ - **🛡️ Security Headers**: `X-Content-Type-Options: nosniff` set automatically, [`helmet`](https://helmetjs.github.io/) recommended for comprehensive headers
37
+ - **⚡ Rate Limiting**: Built for middleware compatibility - use [`express-rate-limit`](https://github.com/express-rate-limit/express-rate-limit) or similar
38
+ - **🔍 Comprehensive Testing**: 100+ dedicated security tests covering attack vectors and edge cases
39
+
40
+ **OWASP Top 10 Coverage**: Excellent protection against injection attacks, broken access control, security misconfigurations, and cross-site scripting. See [Technical Documentation](https://github.com/avoidwork/woodland/blob/master/docs/TECHNICAL_DOCUMENTATION.md#owasp-security-assessment) for complete assessment.
41
+
42
+ **💡 Quick Security Setup**: Add essential security middleware for production deployment:
43
+ ```javascript
44
+ import helmet from 'helmet';
45
+ import rateLimit from 'express-rate-limit';
46
+
47
+ // Security headers
48
+ app.use(helmet());
49
+
50
+ // Rate limiting
51
+ app.use(rateLimit({
52
+ windowMs: 15 * 60 * 1000, // 15 minutes
53
+ max: 100 // limit each IP to 100 requests per windowMs
54
+ }));
55
+ ```
56
+
28
57
  ## 💡 Why Choose Woodland?
29
58
 
30
59
  **Stop accepting framework overhead.** Most HTTP frameworks slow you down in exchange for convenience. Woodland breaks that trade-off.
@@ -893,18 +922,17 @@ npm test
893
922
  ### Test Results
894
923
 
895
924
  ```
896
- 416 passing (5s)
897
- 1 pending
898
-
899
- --------------|---------|----------|---------|---------|------------------------
900
- File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
901
- --------------|---------|----------|---------|---------|------------------------
902
- All files | 100 | 97.1 | 100 | 100 |
903
- cli.js | 100 | 100 | 100 | 100 |
904
- constants.js | 100 | 100 | 100 | 100 |
905
- utility.js | 100 | 99.26 | 100 | 100 | 197
906
- woodland.js | 100 | 95.38 | 100 | 100 | 193,356,461,474,524,642,761
907
- --------------|---------|----------|---------|---------|------------------------
925
+ 386 passing (6s)
926
+
927
+ --------------|---------|----------|---------|---------|-------------------
928
+ File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s
929
+ --------------|---------|----------|---------|---------|-------------------
930
+ All files | 100 | 100 | 100 | 100 |
931
+ cli.js | 100 | 100 | 100 | 100 |
932
+ constants.js | 100 | 100 | 100 | 100 |
933
+ utility.js | 100 | 100 | 100 | 100 |
934
+ woodland.js | 100 | 100 | 100 | 100 |
935
+ --------------|---------|----------|---------|---------|-------------------
908
936
  ```
909
937
 
910
938
  ### Test Categories
package/dist/cli.cjs CHANGED
@@ -4,7 +4,7 @@
4
4
  *
5
5
  * @copyright 2025 Jason Mulligan <jason.mulligan@avoidwork.com>
6
6
  * @license BSD-3-Clause
7
- * @version 20.2.3
7
+ * @version 20.2.5
8
8
  */
9
9
  'use strict';
10
10
 
package/dist/woodland.cjs CHANGED
@@ -3,7 +3,7 @@
3
3
  *
4
4
  * @copyright 2025 Jason Mulligan <jason.mulligan@avoidwork.com>
5
5
  * @license BSD-3-Clause
6
- * @version 20.2.3
6
+ * @version 20.2.5
7
7
  */
8
8
  'use strict';
9
9
 
package/dist/woodland.js CHANGED
@@ -3,7 +3,7 @@
3
3
  *
4
4
  * @copyright 2025 Jason Mulligan <jason.mulligan@avoidwork.com>
5
5
  * @license BSD-3-Clause
6
- * @version 20.2.3
6
+ * @version 20.2.5
7
7
  */
8
8
  import {STATUS_CODES,METHODS}from'node:http';import {join,extname,resolve}from'node:path';import {EventEmitter}from'node:events';import {stat,readdir}from'node:fs/promises';import {readFileSync,createReadStream}from'node:fs';import {etag}from'tiny-etag';import {precise}from'precise';import {lru}from'tiny-lru';import {createRequire}from'node:module';import {fileURLToPath,URL}from'node:url';import {coerce}from'tiny-coerce';import mimeDb from'mime-db';const __dirname$1 = fileURLToPath(new URL(".", import.meta.url));
9
9
  const require = createRequire(import.meta.url);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "woodland",
3
- "version": "20.2.3",
3
+ "version": "20.2.5",
4
4
  "description": "High-performance HTTP framework",
5
5
  "type": "module",
6
6
  "types": "types/woodland.d.ts",