{"id":19522180,"url":"https://github.com/captaincodeman/svelte-kit-bot-block","last_synced_at":"2025-04-26T09:32:06.018Z","repository":{"id":65694086,"uuid":"597550110","full_name":"CaptainCodeman/svelte-kit-bot-block","owner":"CaptainCodeman","description":"Block annoying bot and script-kiddie requests to your SvelteKit app","archived":false,"fork":false,"pushed_at":"2024-04-29T20:22:49.000Z","size":105,"stargazers_count":31,"open_issues_count":1,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-04T10:33:55.282Z","etag":null,"topics":["block","bot","http","svelte-kit"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CaptainCodeman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-04T22:01:00.000Z","updated_at":"2024-12-29T14:47:33.000Z","dependencies_parsed_at":"2024-11-11T00:37:35.361Z","dependency_job_id":"df036a35-1bb7-4469-9030-5b52e3a1ae3d","html_url":"https://github.com/CaptainCodeman/svelte-kit-bot-block","commit_stats":{"total_commits":3,"total_committers":1,"mean_commits":3.0,"dds":0.0,"last_synced_commit":"81bb6ee9a18d5992e5c8de75d5104c586a81a714"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fsvelte-kit-bot-block","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fsvelte-kit-bot-block/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fsvelte-kit-bot-block/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CaptainCodeman%2Fsvelte-kit-bot-block/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CaptainCodeman","download_url":"https://codeload.github.com/CaptainCodeman/svelte-kit-bot-block/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250967230,"owners_count":21515563,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["block","bot","http","svelte-kit"],"created_at":"2024-11-11T00:37:33.224Z","updated_at":"2025-04-26T09:32:05.732Z","avatar_url":"https://github.com/CaptainCodeman.png","language":"TypeScript","readme":"# svelte-kit-bot-block\n\nPut any server on the internet and you should expect it to be hit with endless spam requests, usually a mix of rogue bots and script kiddies, probing for vulnerabilities.\n\nInstead of allowing these to be processed by your app, which may involve database lookups, it's better to reject them as soon as possible. Ideally, you'd do this at the network or load balancing layer, but if you're using SvelteKit and want a cheap-as-chips solution, you can add a [Server Hook](svelte-kit-bot-block) to handle them before your app has to.\n\nYou don't even want your app rendering a nicely formatted error response - these are _not_ legitimate requests, say goodbye to them using as few resources as possible. A simple HTTP response is all that they deserve.\n\n## Usage\n\nInstall using your package manager of choice:\n\n    pnpm i svelte-kit-bot-block\n\nImport into your `hooks.server.ts` file:\n\n```ts\nimport { createHandler } from 'svelte-kit-bot-block'\n\nexport const handle = createHandler()\n```\n\nIf you already have existing hooks you'll likely want to use the [sequence helper](https://kit.svelte.dev/docs/modules#sveltejs-kit-hooks-sequence) to chain them. This hook should be at or close to the start of the chain.\n\nYou can pass a configuration option object to `createHandler`. Any option you set will replace the default for that setting.\n\n- **log** (boolean) whether to log blocked (or would-be-blocked) requests\n- **block** (boolean) whether to actually block requests (vs just warn, to test the settings)\n- **ip_access** (boolean) whether to block IP Address only requests (that don't use your domain name)\n- **hostnames** array of `RegExp`'s to check against the hostname of the request\n- **pathnames** array of `RegExp`'s to check against the pathname of the request\n- **user_agents** array of `RegExp`'s to check against the user-agent of the request\n- **allow_robots** (boolean) whether to allow robots.txt access even if user-egent blocked. This can be useful to allow properly behaved user-agents to be told to stop indexing via robots.txt\n\nRequests that fail the pathname check will be rejected with a 404 response\nRequests that fail all other checks will be rejected with a 410 response\n\nI suggest running first with `{ log: true, block: false }` to see what traffic _would_ be blocked without actually blocking anything. Once you are happy that legitimate traffic wouldn't be impacted, you can enable the `block` option and at a future date, set `log` to false to remove as much noise from your logs as possible.\n\n### Default Config\n\nThe default settings are shown below. You can import these as `defaultOptions` to add to the existing entries instead of replacing them, e.g.:\n\n```ts\nimport { createHandler, defaultOptions } from 'svelte-kit-bot-block'\n\nexport const handle = createHandler({\n\tdomains: [...defaultOptions.domains, /^some\\.other\\.annoying\\.domain\\.com$/],\n})\n```\n\n```ts\n// whether to log action\nlog: true,\n\n// whether to block on failure (vs just warn, for testing)\nblock: false,\n\n// block direct ip access (no hostname provided)\nip_access: true,\n\n// block matching hostnames\nhostnames: [\n  // nuisance requests on GCP\n  /\\.appspot\\.com$/,\n\n  // pretty confident we're not google\n  /\\.google.com$/,\n],\n\n// block matching pathnames\npathnames: [\n  // block unused file extensions\n  /\\.(env|git|ssh|php|rss|yml|yaml|asp|cgi|map|aspx|ashx)$/,\n\n  // git content\n  /\\.git\\/\\w+$/,\n\n  // block wordpress (Windows Live Writer)\n  /\\/wlwmanifest\\.xml$/,\n],\n\n// block matching user-agents\nuser_agents: [\n  // from https://community.cloudflare.com/t/top-50-user-agents-to-block/222594\n  /(360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg)/\n],\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptaincodeman%2Fsvelte-kit-bot-block","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcaptaincodeman%2Fsvelte-kit-bot-block","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcaptaincodeman%2Fsvelte-kit-bot-block/lists"}