{"id":13425917,"url":"https://github.com/lirantal/express-security-txt","last_synced_at":"2025-05-05T23:42:27.676Z","repository":{"id":44709162,"uuid":"106471669","full_name":"lirantal/express-security-txt","owner":"lirantal","description":"A Node.js middleware for Express that implements Security.txt - A Method for Web Security Policies","archived":false,"fork":false,"pushed_at":"2022-01-29T16:30:03.000Z","size":488,"stargazers_count":18,"open_issues_count":6,"forks_count":3,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-31T00:51:11.481Z","etag":null,"topics":["express","hacktoberfest","nodejs","security"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lirantal.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2017-10-10T21:09:10.000Z","updated_at":"2023-06-16T16:59:25.000Z","dependencies_parsed_at":"2022-09-13T15:40:32.300Z","dependency_job_id":null,"html_url":"https://github.com/lirantal/express-security-txt","commit_stats":null,"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fexpress-security-txt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fexpress-security-txt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fexpress-security-txt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lirantal%2Fexpress-security-txt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lirantal","download_url":"https://codeload.github.com/lirantal/express-security-txt/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252596320,"owners_count":21773842,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["express","hacktoberfest","nodejs","security"],"created_at":"2024-07-31T00:01:22.000Z","updated_at":"2025-05-05T23:42:27.653Z","avatar_url":"https://github.com/lirantal.png","language":"JavaScript","funding_links":[],"categories":["JavaScript","Projects by main language"],"sub_categories":["Old Projects"],"readme":"[![view on npm](http://img.shields.io/npm/v/express-security-txt.svg)](https://www.npmjs.org/package/express-security-txt)\n[![view on npm](http://img.shields.io/npm/l/express-security-txt.svg)](https://www.npmjs.org/package/express-security-txt)\n[![npm module downloads](http://img.shields.io/npm/dt/express-security-txt.svg)](https://www.npmjs.org/package/express-security-txt)\n[![Build Status](https://github.com/lirantal/express-security-txt/workflows/CI/badge.svg)](https://github.com/lirantal/express-security-txt/actions?workflow=main)\n[![codecov](https://codecov.io/gh/lirantal/express-security-txt/branch/master/graph/badge.svg)](https://codecov.io/gh/lirantal/express-security-txt)\n[![Known Vulnerabilities](https://snyk.io/test/github/lirantal/express-security-txt/badge.svg)](https://snyk.io/test/github/lirantal/express-security-txt)\n[![Security Responsible Disclosure](https://img.shields.io/badge/Security-Responsible%20Disclosure-yellow.svg)](https://github.com/nodejs/security-wg/blob/master/processes/responsible_disclosure_template.md)\n\n[![express-security-txt](https://snyk.io/advisor/npm-package/express-security-txt/badge.svg)](https://snyk.io/advisor/npm-package/express-security-txt)\n\n# Express Security Txt\n\nExpress middleware that implements a security.txt path and policy. Allows the repeating of a directive, as well as the insertion of comments.\n\nReferences:\n* [security.txt RFC](https://tools.ietf.org/html/draft-foudil-securitytxt-05)\n* [security.txt project on github](https://github.com/securitytxt/security-txt)\n\n## Installation\n\n```bash\nyarn add express-security-txt\n```\n\n## Usage\n\nDefine an options object with the keys that make up a valid [security.txt](https://tools.ietf.org/html/draft-foudil-securitytxt-05) file. All the keys are in camelCase.\n\n```javascript\nconst securityTxt = require('express-security-txt')\n\nconst options = {\n  contact: 'https://example.com/security/',\n  preferredLanguages: 'en'\n}\n\napp.use(securityTxt.setup(options))\n```\n\n### Passing multiple values\n\nSome directives allow you to specify multiple values. This package allows you to do this by passing an array:\n\n```javascript\nconst options = {\n  contact: ['mailto:security@example.com', 'https://example.com/security/']\n}\n```\n\n### Adding comments\n\nComments can be included in the generated file. The `#` at the beggining of each line of a comment is automatically inserted by the package.\n\nComments at the start and end of a file can be added by using the `_prefixComment` and `_postfixComment` keys, like so:\n\n```javascript\nconst options = {\n  _prefixComment: 'This comment will appear at the beggining of the security.txt file',\n  contact: 'mailto:security@example.com',\n  _postfixComment: 'This comment will appear at the end of the security.txt file'\n}\n```\n\nNOTE: You may include the newline character (`\\n`), and the package will automatically insert the `#` symbol at the beggining of each line.\n\nMultiline comments can also be added by specifying an array, where each element is a line of the comment.\n\n\u003chr\u003e\n\nComments just before a directive can be added by creating an object of the form `{ comment: '...', value: '...' }`, where the value associated with the `value` key is the value of the field; and the `comment` is the comment to appear directly before the field.\n\nFor example,\n\n```javascript\nconst options = {\n  contact: 'https://example.com/security/',\n  acknowledgments: {\n    comment: 'This comment will appear just above the Acknowledgments field',\n    value: 'https://example.com/hall_of_fame'\n  }\n}\n```\n\nWould become\n\n```\nContact: https://example.com/security/\n# This comment will appear just above the Acknowledgments field\nAcknowledgments: https://example.com/hall_of_fame\n```\n\n\u003chr\u003e\n\nIf a field allows multiple values, you can leave a comment on each one like so:\n\n```javascript\nconst options = {\n  contact: [\n    { comment: 'You can rarely reach me by email', value: 'mailto:security@example.com' },\n    { comment: 'Try this online form instead?', value: 'https://example.com/security/' }\n  ]\n}\n```\n\n## Tests\n\nProject tests:\n\n```bash\nyarn run test\n```\n\nProject linting:\n\n```bash\nyarn run lint\n```\n\n## Contributing\n\n### Commit Guidelines\n\nThe project uses the commitizen tool for standardizing changelog style commit\nmessages so you should follow it as so:\n\n```bash\ngit add .           # add files to staging\nyarn run commit      # use the wizard for the commit message\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fexpress-security-txt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flirantal%2Fexpress-security-txt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flirantal%2Fexpress-security-txt/lists"}