{"id":29092424,"url":"https://github.com/zyrasoftware/websecure-ez","last_synced_at":"2025-06-28T07:06:57.379Z","repository":{"id":300836946,"uuid":"1007186781","full_name":"zyrasoftware/websecure-ez","owner":"zyrasoftware","description":"The ultimate web security configuration tool and library for Next.js applications","archived":false,"fork":false,"pushed_at":"2025-06-23T21:41:44.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-06-23T21:44:39.422Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zyrasoftware.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-23T15:39:13.000Z","updated_at":"2025-06-23T21:41:48.000Z","dependencies_parsed_at":"2025-06-23T21:44:41.167Z","dependency_job_id":"ea5735fb-6780-448f-97d4-d44c46264560","html_url":"https://github.com/zyrasoftware/websecure-ez","commit_stats":null,"previous_names":["zyrasoftware/websecure-ez"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zyrasoftware/websecure-ez","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zyrasoftware%2Fwebsecure-ez","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zyrasoftware%2Fwebsecure-ez/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zyrasoftware%2Fwebsecure-ez/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zyrasoftware%2Fwebsecure-ez/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zyrasoftware","download_url":"https://codeload.github.com/zyrasoftware/websecure-ez/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zyrasoftware%2Fwebsecure-ez/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262389494,"owners_count":23303343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-28T07:06:52.613Z","updated_at":"2025-06-28T07:06:57.370Z","avatar_url":"https://github.com/zyrasoftware.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"**The ultimate web security configuration tool and library for Next.js applications.** Protect your applications against XSS, clickjacking, CSRF, and other common web vulnerabilities with just a few lines of code.\n\n## 🎯 What is websecure-ez?\n\nwebsecure-ez is **two things in one**:\n\n1. **📚 A powerful security library** - Add comprehensive security headers to your Next.js app\n2. **🎨 A visual configuration tool** - Configure security settings through an intuitive web interface\n\n## 🚀 Quick Start\n\nwebsecure-ez is **both a library and a configuration tool**. Here are the different ways to use it:\n\n### 📦 For Library Users (Securing Your App)\n\nIf you want to **add security to your existing Next.js project**:\n\n```bash\n# Install in your project\nnpm install websecure-ez\n```\n\nCreate `middleware.ts` in your project root:\n\n```typescript\nimport { createSecureMiddleware } from 'websecure-ez';\n\nconst secureMiddleware = createSecureMiddleware();\n\nexport default secureMiddleware;\n\nexport const config = {\n  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],\n};\n```\n\n**That's it!** Your app is now secured. The websecure-ez package only adds the security library - no extra files or scripts will interfere with your project.\n\n### 🛠️ For Configuration (Setting Up Security)\n\nIf you want to **configure custom security settings**, use the CLI tools:\n\n#### 🎨 Visual Mode (Web Interface)\n\nPerfect for visual learners and comprehensive configuration:\n\n```bash\n# Use without installing (recommended)\nnpx websecure-ez visual\n\n# Or install globally first\nnpm install -g websecure-ez\nwebsecure-ez visual\n```\n\nThis opens a beautiful web interface at `http://localhost:3000` where you can:\n- ✨ Configure security settings with real-time preview\n- 📊 Get instant security analysis and scoring\n- 🎯 Choose from predefined security presets\n- 💻 See generated middleware code update live\n- 📋 Copy production-ready code to your project\n\n### ⚡ Option 2: Console Mode (Terminal Interface)\n\nPerfect for automation, CI/CD, and developers who prefer CLI:\n\n```bash\n# Install globally (recommended)\nnpm install -g websecure-ez\nwebsecure-ez console\n\n# Or run without installing\nnpx websecure-ez console\n```\n\nThis runs entirely in your terminal and allows you to:\n- 🚀 Quick setup with interactive prompts\n- 🎯 Choose security presets (Strict/Moderate/Custom)\n- ⚙️ Configure individual security features\n- 💾 Auto-generate and save `middleware.ts` file\n- 🔄 Perfect for scripting and automation\n\n### 🎨 Option 2.5: Industry Templates (CLI)\n\nPerfect for quick setup with industry-specific configurations:\n\n```bash\n# List all available templates\nwebsecure-ez templates\n\n# Generate from a specific template\nwebsecure-ez template ecommerce\nwebsecure-ez template saas\nwebsecure-ez template healthcare\n\n# Or run without installing\nnpx websecure-ez template fintech\n```\n\nAvailable templates:\n- **🛒 ecommerce** - E-commerce platforms with payment processing (Stripe, PayPal)\n- **💼 saas** - SaaS applications and web dashboards\n- **📝 blog** - Content sites, blogs, and news platforms\n- **🏥 healthcare** - HIPAA-compliant healthcare applications\n- **💰 fintech** - Banking-grade security for financial services\n- **🔌 api** - API gateways and microservices\n\nEach template includes:\n- ✅ Pre-configured security headers optimized for the industry\n- 🎯 Appropriate CSP directives for common third-party services\n- 🔒 Compliance-ready settings (HIPAA, PCI-DSS considerations)\n- ⚙️ Optional customization prompts\n\n### 📦 Option 3: Direct Library Usage\n\nFor developers who know exactly what they want:\n\n```bash\nnpm install websecure-ez\n```\n\nCreate `middleware.ts` in your project root:\n\n```typescript\nimport { createSecureMiddleware } from 'websecure-ez';\n\n// Use default secure configuration\nconst secureMiddleware = createSecureMiddleware();\n\nexport default secureMiddleware;\n\nexport const config = {\n  matcher: ['/((?!_next/static|_next/image|favicon.ico).*)'],\n};\n```\n\n## ✨ Features\n\n### 🛡️ Comprehensive Security Headers\n- **Content Security Policy (CSP)** - Prevent XSS attacks with fine-grained control\n- **HTTP Strict Transport Security (HSTS)** - Enforce HTTPS connections\n- **X-Frame-Options** - Block clickjacking attempts\n- **Permissions Policy** - Control browser feature access\n- **X-Content-Type-Options** - Prevent MIME-sniffing attacks\n- **X-XSS-Protection** - Enable browser XSS filtering\n- **Referrer Policy** - Control referrer information leakage\n- **Cross-Origin Policies** - Configure CORS and isolation policies\n\n### 🎨 Visual Configuration Interface\n- **Real-time Security Analysis** - Get instant feedback on your configuration\n- **Security Score Dashboard** - See your security posture at a glance\n- **Preset Configurations** - Choose from Strict, Balanced, or Basic security levels\n- **Live Code Generation** - See your middleware code update in real-time\n- **Dark/Light Mode** - Beautiful interface that adapts to your preference\n\n### 🔧 Developer Experience\n- **🚀 TypeScript Support** - Fully typed for better development experience\n- **📦 Zero Dependencies** - Lightweight and fast\n- **🎯 Next.js Optimized** - Built specifically for Next.js middleware\n- **📚 Comprehensive Documentation** - Clear examples and guides\n\n## 📖 Configuration Options\n\n### Security Presets\n\n**Strict Security** 🔒\n- Maximum security for production applications\n- Blocks most external resources\n- Strictest cookie and frame policies\n\n**Balanced Security** ⚖️  \n- Good security with development flexibility\n- Allows common external resources (fonts, CDNs)\n- Balanced policies for most applications\n\n**Basic Security** 🛡️\n- Essential protections only\n- Permissive for development\n- Good starting point for new projects\n\n### Custom Configuration\n\n```typescript\nimport { createSecureMiddleware } from 'websecure-ez';\n\nconst secureMiddleware = createSecureMiddleware({\n  contentSecurityPolicy: {\n    enabled: true,\n    directives: {\n      defaultSrc: [\"'self'\"],\n      scriptSrc: [\"'self'\", \"'unsafe-inline'\"],\n      styleSrc: [\"'self'\", \"'unsafe-inline'\", \"https://fonts.googleapis.com\"],\n      fontSrc: [\"'self'\", \"https://fonts.gstatic.com\"],\n      imgSrc: [\"'self'\", \"data:\", \"https:\"],\n      connectSrc: [\"'self'\"],\n      upgradeInsecureRequests: true,\n    },\n    reportOnly: false, // Set to true for testing\n  },\n  hsts: {\n    enabled: true,\n    maxAge: 31536000, // 1 year\n    includeSubDomains: true,\n    preload: true,\n  },\n  xFrameOptions: {\n    enabled: true,\n    option: 'DENY', // or 'SAMEORIGIN'\n  },\n  permissionsPolicy: {\n    enabled: true,\n    features: {\n      camera: \"'none'\",\n      microphone: \"'none'\",\n      geolocation: \"'none'\",\n      payment: \"'none'\",\n    },\n  },\n  secureCookies: {\n    enabled: true,\n    httpOnly: true,\n    secure: true,\n    sameSite: 'Strict',\n  },\n});\n\nexport default secureMiddleware;\n```\n\n## 🔧 Utility Functions\n\n### Input Sanitization\n\n```typescript\nimport { sanitizeInput } from 'websecure-ez';\n\nconst userInput = '\u003cscript\u003ealert(\"xss\")\u003c/script\u003e';\nconst safeInput = sanitizeInput(userInput);\n// Output: '\u0026lt;script\u0026gt;alert(\u0026quot;xss\u0026quot;)\u0026lt;/script\u0026gt;'\n```\n\n### Secure Cookie Defaults\n\n```typescript\nimport { applyCookieDefaults } from 'websecure-ez';\n\nconst cookieOptions = applyCookieDefaults({\n  maxAge: 3600,\n  path: '/',\n});\n\n// Use with your cookie library\nresponse.cookies.set('session', token, cookieOptions);\n```\n\n### Nonce Generation\n\n```typescript\nimport { generateNonce } from 'websecure-ez';\n\nconst nonce = generateNonce();\n// Use in your CSP directive: script-src 'nonce-{nonce}'\n```\n\n## 🎯 Command Reference\n\n### Global Installation Commands\n\n```bash\n# Install globally for easy access\nnpm install -g websecure-ez\n\n# Visual mode (web interface)\nwebsecure-ez visual\nwebsecure-ez          # Default to visual mode\n\n# Console mode (terminal interface)  \nwebsecure-ez console\nwebsecure-ez generate # Alias for console mode\n\n# Template commands\nwebsecure-ez templates              # List all templates\nwebsecure-ez template \u003cname\u003e        # Generate from template\nwebsecure-ez template ecommerce     # E-commerce template\nwebsecure-ez template saas          # SaaS template\nwebsecure-ez template healthcare    # Healthcare template\n\n# Help\nwebsecure-ez help\n```\n\n### NPX Commands (No Installation)\n\n```bash\n# Visual mode\nnpx websecure-ez visual\n\n# Template generation\nnpx websecure-ez templates\nnpx websecure-ez template ecommerce\nnpx websecure-ez        # Default to visual mode\n\n# Console mode\nnpx websecure-ez console\nnpx websecure-ez generate\n\n# Help\nnpx websecure-ez help\n```\n\n### Development Commands (Source Code)\n\n```bash\n# If you cloned the repository\nnpm run dev      # Visual interface\nnpm run console  # Console mode\nnpm run visual   # Visual interface (alias)\nnpm run help     # Show help\n```\n\n## 🎯 Understanding the Modes\n\n### When to Use Visual Mode 🎨\n- **Learning**: First time setting up security\n- **Exploration**: Want to see all available options\n- **Analysis**: Need real-time security scoring\n- **Comparison**: Testing different configurations\n\n### When to Use Console Mode ⚡\n- **Automation**: CI/CD pipelines and scripts\n- **Speed**: Quick setup for new projects\n- **Headless**: Server environments without GUI\n- **Integration**: Part of larger toolchains\n\n## 🚨 Important Notes\n\n- **Configuration Tool vs Library**: The `npm run dev` command starts the configuration interface. To use the library in your project, install it as a dependency.\n- **Testing**: Always test your configuration in development before deploying to production.\n- **CSP Strictness**: Some CSP directives may break functionality if too restrictive - use report-only mode initially.\n- **HTTPS Required**: HSTS headers only work on HTTPS connections.\n- **Browser Compatibility**: Some headers may not be supported in older browsers.\n\n## 🤝 Contributing\n\nWe welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.\n\n## 📄 License\n\nMIT License - see the [LICENSE](LICENSE) file for details.\n\n## 🌟 Support\n\n- ⭐ Star this repo if you find it helpful\n- 🐛 Report bugs in [Issues](https://github.com/zyrasoftware/websecure-ez/issues)\n- 💡 Request features in [Discussions](https://github.com/zyrasoftware/websecure-ez/discussions)\n- 📚 Read the [Documentation](https://websecure-ez.dev)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n  \u003cstrong\u003eBuilt with ❤️ for secure web development\u003c/strong\u003e\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzyrasoftware%2Fwebsecure-ez","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzyrasoftware%2Fwebsecure-ez","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzyrasoftware%2Fwebsecure-ez/lists"}