security

Security Module for Nuxt based on OWASP Top 10 and Helmet

nuxt-security

nuxt-security

npm versionnpm downloadsGithub Actions CICodecovLicense

OWASP Top 10 module that adds a few security improvements in form of a customizable server middlewares to your Nuxt application. All middlewares can be modified or disabled if needed. They can also be configured to work only on certain routes. By default all middlewares are configured to work globally.

Features

  • Nuxt 3 ready
  • Same Security headers set as by popular Express.js middleware helmet
  • Hidden 'X-Powered-By' header
  • Request Size Limiter
  • Rate Limiter
  • XSS Validator for both GET and POST requests
  • CORS Handler similar to popular Express.js middleware
  • Allowed HTTP Methods Restricter
  • Basic Auth support
  • TypeScript support

📖  Read the documentation

Preview

Open in StackBlitz

Setup

yarn add nuxt-security # yarnnpm i nuxt-security # npm

Usage

The only thing you need to do to use the module in the default configuration is to register the module in the modules array in nuxt.config.ts:

// nuxt.config.js{  modules: [    "nuxt-security",  ],  security: {} // optional}

The module will configure for you several response headers with the values recommended by Helmet as well as custom middlewares for rate and request limiting, xss validation, and CORS handling. More to come soon!

If you wish to modify them you can do so from the configuration:

// nuxt.config.js{  modules: [    "nuxt-security",  ],  security: {    requestSizeLimiter: {      value: {        maxRequestSizeInBytes: 3000000,        maxUploadFileRequestInBytes: 9000000,      },      route: '/upload-file'    }  }}

For all available configuration options check out the docs

Development

  • Run yarn dev:prepare to generate type stubs.
  • Use yarn dev to start playground in development mode.

License

MIT License