{"id":21997640,"url":"https://github.com/dansmaculotte/nuxt-security","last_synced_at":"2025-08-22T08:31:16.753Z","repository":{"id":38132167,"uuid":"236707130","full_name":"dansmaculotte/nuxt-security","owner":"dansmaculotte","description":"Module for Nuxt.js to configure security headers and more","archived":false,"fork":false,"pushed_at":"2024-12-11T13:13:58.000Z","size":4172,"stargazers_count":57,"open_issues_count":3,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-12-11T14:22:56.837Z","etag":null,"topics":["content-security-policy","csp","feature-policy","hsts","nuxt","nuxt-module","referrer-policy","security-txt","strict-transport-security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dansmaculotte.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-28T10:15:30.000Z","updated_at":"2024-12-11T13:13:55.000Z","dependencies_parsed_at":"2023-02-04T06:15:24.661Z","dependency_job_id":"dab6311a-7e4a-44a8-943e-256121556112","html_url":"https://github.com/dansmaculotte/nuxt-security","commit_stats":{"total_commits":74,"total_committers":6,"mean_commits":"12.333333333333334","dds":0.527027027027027,"last_synced_commit":"64db7831faec117a584692e1e7d609e6ffa5c0a2"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dansmaculotte%2Fnuxt-security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dansmaculotte%2Fnuxt-security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dansmaculotte%2Fnuxt-security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dansmaculotte%2Fnuxt-security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dansmaculotte","download_url":"https://codeload.github.com/dansmaculotte/nuxt-security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230575851,"owners_count":18247484,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["content-security-policy","csp","feature-policy","hsts","nuxt","nuxt-module","referrer-policy","security-txt","strict-transport-security"],"created_at":"2024-11-29T22:17:31.911Z","updated_at":"2024-12-20T11:06:03.711Z","avatar_url":"https://github.com/dansmaculotte.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"**IMPORTANT**: I will not support this module anymore.\n\n@dansmaculotte/nuxt-security\n\n[![npm version][npm-version-src]][npm-version-href]\n[![npm downloads][npm-downloads-src]][npm-downloads-href]\n[![License][license-src]][license-href]\n\n\u003e Module for Nuxt.js 2  to configure security headers and more\n\n## Compatibility with Nuxt releases\n\nThis module as been developed for Nuxt 2. If you are looking for an equivalent\ncompatible with Nuxt 3, please have a look to\n[https://www.npmjs.com/package/nuxt-security](https://www.npmjs.com/package/nuxt-security).\n\n\n## Features\n\nThis module allows you to configure various security headers such as CSP, HSTS or even generate security.txt file.\nHere is a list of availables features :\n\n- Strict-Transport-Security header\n- Content-Security-Policy header\n- X-Frame-Options header\n- X-Xss-Protection\n- X-Content-Type-Options header\n- Referrer-Policy header\n- Permissions-Policy header (previously Feature-Policy)\n- security.txt file generation\n\n### ToDo\n\n- [ ] Sign security.txt with OpenPGP\n- [ ] Headers as meta tags for SPA\n- [ ] Public-Key-Pins\n\n[📖 **Release Notes**](./CHANGELOG.md)\n\n## Setup\n\n1. Add `@dansmaculotte/nuxt-security` dependency to your project\n\n```bash\nyarn add @dansmaculotte/nuxt-security # or npm install @dansmaculotte/nuxt-security\n```\n\n2. Add `@dansmaculotte/nuxt-security` to the `modules` section of `nuxt.config.js`\n\n```js\n{\n  modules: [\n    // Simple usage\n    '@dansmaculotte/nuxt-security',\n\n    // With options\n    [\n      '@dansmaculotte/nuxt-security',\n      {\n        /* module options */\n      }\n    ]\n  ],\n\n  // Top level options\n  security: {}\n}\n```\n\n## Options\n\n### `dev`\n\n- Default: `process.env.SECURITY_DEV || false`\n\nEnable module in development mode\n\n### `hsts`\n\n- Default: `null`\n\nThis option rely on [helmet hsts](https://helmetjs.github.io/docs/hsts/) package.\n\nExample:\n\n```js\nhsts: {\n  maxAge: 15552000,\n  includeSubDomains: true,\n  preload: true\n},\n```\n\n### `csp`\n\n- Default: `null`\n\nThis option rely on [helmet csp](https://helmetjs.github.io/docs/csp/) package.\n\nExample:\n\n```js\ncsp: {\n  directives: {\n    defaultSrc: [\"'self'\"],\n    scriptSrc: [\"'self'\"],\n    objectSrc: [\"'self'\"],\n  },\n  reportOnly: false,\n},\n```\n\n### `referrer`\n\n- Default: `null`\n\nThis option rely on [helmet referrer policy](https://helmetjs.github.io/docs/referrer-policy/) package.\n\nExample:\n\n```js\nreferrer: 'same-origin',\n```\n\n### `permissions`\n\n- Default: `null`\n\nThis option rely on [permissions policy](https://github.com/pedro-gbf/permissions-policy) package.\n\nExample:\n\n```js\npermissions: {\n  notifications: ['none']\n},\n```\n\n**Note:** this come in replacement for `feature` option as Feature-Policy\nheader [is deprecated](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy).\nPrevious `features` option is still supported for now but displays a warning\nand use Permissions-Policy header instead.\n\n### `securityFile`\n\n- Default: `null`\n\nThis option allows you to generate a `security.txt` described by [securitytxt.org](https://securitytxt.org/).\n\nWhen generating for SPA applications, the file will appear in the `dist/.well-known` folder.\n\nFor universal applications, the file is accessible at this path: `/.well-known/security.txt`.\n\nExample:\n\n```js\nsecurityFile: {\n  contacts: [\n    'mailto:security@example.com',\n    'https://example.com/security'\n  ],\n  // or contacts: 'mailto:security@example.com'\n  canonical: 'https://example.com/.well-know/security.txt',\n  preferredLanguages: ['fr', 'en'],\n  // or preferredLanguages: 'fr',\n  encryptions: ['https://example.com/pgp-key.txt'],\n  // or encryptions: 'https://example.com/pgp-key.txt',\n  acknowledgments: ['https://example.com/hall-of-fame.html'],\n  // or acknowledgments: 'https://example.com/hall-of-fame.html',\n  policies: ['https://example.com/policy.html'],\n  // or policies: 'https://example.com/policy.html',\n  hirings: ['https://example.com/jobs.html']\n  // or hirings: 'https://example.com/jobs.html'\n},\n```\n\n### `additionalHeaders`\n\n- Default: `false`\n\nIf `true` it adds additional headers :\n\n- `X-Frame-Options: SAMEORIGIN` - [documentation](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-frame-options)\n- `X-Xss-Protection: 1; mode=block` - [documentation](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-xss-protection)\n- `X-Content-Type-Options: nosniff` - [documentation](https://scotthelme.co.uk/hardening-your-http-response-headers/#x-content-type-options)\n\n## Development\n\n1. Clone this repository\n2. Install dependencies using `yarn install` or `npm install`\n3. Start development server using `npm run dev`\n\n## License\n\n[MIT License](./LICENSE.md)\n\nCopyright (c) Dans Ma Culotte \u003ctech@dansmaculotte.fr\u003e\n\n\u003c!-- Badges --\u003e\n\n[npm-version-src]: https://img.shields.io/npm/v/@dansmaculotte/nuxt-security/latest.svg?style=flat-square\n[npm-version-href]: https://npmjs.com/package/@dansmaculotte/nuxt-security\n[npm-downloads-src]: https://img.shields.io/npm/dt/@dansmaculotte/nuxt-security.svg?style=flat-square\n[npm-downloads-href]: https://npmjs.com/package/@dansmaculotte/nuxt-security\n[license-src]: https://img.shields.io/npm/l/@dansmaculotte/nuxt-security.svg?style=flat-square\n[license-href]: https://npmjs.com/package/@dansmaculotte/nuxt-security\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdansmaculotte%2Fnuxt-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdansmaculotte%2Fnuxt-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdansmaculotte%2Fnuxt-security/lists"}