DEV Community

Cover image for Js Node (Helmet.js)
Dimitris Chitas
Dimitris Chitas

Posted on • Updated on

Js Node (Helmet.js)

#node #javascript #helmet #depedencies

Hello there guys!

As the days going through and summer is near a lot of you, have done with projects,couple of 'em created in node/express.js environment and probably you think this is
the time to force some extra functionalities ,with some external
libraries-packages. :D :D

Today, i will focus in one dependency, is called Helmet.js exist also an open repo
on gitghub,check here helmet-repo which helping us provide some
additions in our express server,those parameters are focused on the security of your app.

You can use npm or yarn i will head with npm so simple we can install it npm install helmet --save and save it globally.

So if you already have an express server running,you can just
simple require the helmet, see bellow :

const express = require("express");
const helmet = require("helmet");

const app = express();

app.use(helmet());

// ...
Enter fullscreen mode Exit fullscreen mode

What is helmet?

Helmet is a function used as middleware and is wrapping 11 smaller middleware's,sets HTTP Headers,origin validations and some other stuff to avoid multiple attacks on your website-webapp.

So the above app.use(helmet()); is equivalent to this

app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());
Enter fullscreen mode Exit fullscreen mode

All setting headers to your content, to your loading balances and predifined actions to verify the actions of the clients verifying like this who is who,is a sugar to your application not the core of your security build.

Let's see two examples
1.

  helmet({
    referrerPolicy: { policy: "no-referrer" },
  })
);
//Set custom options for referrer policy
Enter fullscreen mode Exit fullscreen mode

2.

// Sets "X-XSS-Protection: 0"
// Disables browsers buggy cross-site scripting filter by setting //the X-XSS-Protection header to 0


app.use(helmet.xssFilter());
Enter fullscreen mode Exit fullscreen mode 
// Sets "X-Content-Type-Options: nosniff"
//Sets the X-Content-Type-Options header to nosniff. This mitigates //MIME type sniffing which can cause security vulnerabilities
app.use(helmet.noSniff());
Enter fullscreen mode Exit fullscreen mode

That's all we have for today for more information check the documentation on github link.

Have a nice workday guys, in case for further explanation do not hesitate to contact me or find me in github or linkedin.
GitHub : https://github.com/feco2019
Linkedin : https://www.linkedin.com/in/dimitris-chitas-930285191/

Top comments (0)

Read next

snyk_sec profile image

The mysterious supply chain concern of string-width-cjs npm package

SnykSec -

kaja_uvais_a8691e947dd399 profile image

Image with text overlay using HTML and CSS

Kaja Uvais -

stephen568hub profile image

10 Best Live Streaming SDKs in 2024

Stephen568hub -

bell87 profile image

Vue + Tailwind and Dynamic Classes

Andrew Bell -