A Node.js middleware for Express that implements Security.txt - A Method for Web Security Policies
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
__tests__
.editorconfig
.eslintignore
.gitignore
.travis.yml
LICENSE
README.md
index.js
package.json
yarn.lock

README.md

view on npm view on npm npm module downloads Build codecov Known Vulnerabilities Security Responsible Disclosure

semantic-release Greenkeeper badge Commitizen friendly

Express Security Txt

Express middleware that implements a security.txt path and policy

References:

Installation

yarn add express-security-txt

Usage

Define an options object with the proper fields that make up a valid security.txt policy, and use it as a middleware for an express app.

const securityTxt = require('express-security-txt')

const options = {
  contact: 'email@example.com',
  encryption: 'https://www.mykey.com/pgp-key.txt',
  acknowledgement: 'thank you'
}

app.use(securityTxt.setup(options))

Tests

Project tests:

yarn run test

Project linting:

yarn run lint

Contributing

Commit Guidelines

The project uses the commitizen tool for standardizing changelog style commit messages so you should follow it as so:

git add .           # add files to staging
yarn run commit      # use the wizard for the commit message