Skip to content

noherczeg/node-secure

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

public

public

 
 

server

server

 
 

.editorconfig

.editorconfig

 
 

.eslintrc

.eslintrc

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.prettierrc

.prettierrc

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

gen-cert.sh

gen-cert.sh

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

Node Secure

A sample Express application with all sorts of security functionality built in.

Startup

  • npm install
  • gen-cert.sh: On windows the -subj part needs double "//"-es, but in *nix-based systems it has to be a single "/"!
  • npm start

Site should be available at https://localhost:3000

Covered topics

Development

ESLint plugins

  • plugin:node/recommended
  • plugin:security/recommended

Server level

Logging

Proper log messages with Morgan.

Default error handler

Never expose system information in responses. Utilize custom error response: server/top-level-error-handler.js

DDOS prevention

Express Rate Limit

Secret management

Never use keys/secure information in project sources. Utilize dotenv.

Do not expose referer headers

helmet.referrerPolicy()

Do not trust scripts, iframes

helmet.contentSecurityPolicy()

Prevent unnecessary Browser features

helmet.featurePolicy()

Sources

License

MIT

About

A sample Express application with all sorts of security functionality built in.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages