https://github.com/noherczeg/node-secure
A sample Express application with all sorts of security functionality built in.
https://github.com/noherczeg/node-secure
Last synced: 3 months ago
JSON representation
A sample Express application with all sorts of security functionality built in.
- Host: GitHub
- URL: https://github.com/noherczeg/node-secure
- Owner: noherczeg
- License: mit
- Created: 2019-10-13T23:32:38.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2022-12-11T09:17:27.000Z (over 2 years ago)
- Last Synced: 2025-02-01T16:48:47.403Z (5 months ago)
- Language: HTML
- Size: 82 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Node Secure
A sample Express application with all sorts of security functionality built in.
## Startup
- `npm install`
- `gen-cert.sh`: On windows the `-subj` part needs double "//"-es, but in *nix-based systems it has
to be a single "/"!
- `npm start`
> Site should be available at [https://localhost:3000](https://localhost:3000)
## Covered topics
### Development
#### ESLint plugins
- plugin:node/recommended
- plugin:security/recommended
### Server level
#### Logging
Proper log messages with Morgan.
#### Default error handler
Never expose system information in responses. Utilize custom error response:
[server/top-level-error-handler.js](server/top-level-error-handler.js)
#### DDOS prevention
Express Rate Limit
#### Secret management
Never use keys/secure information in project sources. Utilize dotenv.
#### Do not expose referer headers
`helmet.referrerPolicy()`
#### Do not trust scripts, iframes
`helmet.contentSecurityPolicy()`
#### Prevent unnecessary Browser features
`helmet.featurePolicy()`
## Sources
- https://git.io/security
- https://github.com/goldbergyoni/nodebestpractices
- https://helmetjs.github.io
## License
MIT