Security Module for Nuxt based on OWASP Top 10 and Helmet



npm versionnpm downloadsGithub Actions CICodecovLicense

OWASP Top 10 module that adds a few security improvements in form of a customizable server middlewares to your Nuxt application. All middlewares can be modified or disabled if needed. They can also be configured to work only on certain routes. By default all middlewares are configured to work globally.


  • Nuxt 3 ready
  • Same Security headers set as by popular Express.js middleware helmet
  • Hidden 'X-Powered-By' header
  • Request Size Limiter
  • Rate Limiter
  • XSS Validator for both GET and POST requests
  • CORS Handler similar to popular Express.js middleware
  • Allowed HTTP Methods Restricter
  • Basic Auth support
  • TypeScript support

📖  Read the documentation


Open in StackBlitz


yarn add nuxt-security # yarnnpm i nuxt-security # npm


The only thing you need to do to use the module in the default configuration is to register the module in the modules array in nuxt.config.ts:

// nuxt.config.js{  modules: [    "nuxt-security",  ],  security: {} // optional}

The module will configure for you several response headers with the values recommended by Helmet as well as custom middlewares for rate and request limiting, xss validation, and CORS handling. More to come soon!

If you wish to modify them you can do so from the configuration:

// nuxt.config.js{  modules: [    "nuxt-security",  ],  security: {    requestSizeLimiter: {      value: {        maxRequestSizeInBytes: 3000000,        maxUploadFileRequestInBytes: 9000000,      },      route: '/upload-file'    }  }}

For all available configuration options check out the docs


  • Run yarn dev:prepare to generate type stubs.
  • Use yarn dev to start playground in development mode.


MIT License