koa-helmet is a wrapper for helmet to work with koa. It provides important security headers to make your app more secure by default.
npm i koa-helmet helmet
# or:
yarn add koa-helmet helmetUsage is the same as helmet
Helmet offers 11 security middleware functions:
// This...
app.use(helmet());
// ...is equivalent to this:
app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());You can see more in the documentation.
import Koa from "koa";
import helmet from "koa-helmet";
const app = new Koa();
app.use(helmet());
app.use((ctx) => {
ctx.body = "Hello World";
});
app.listen(4000);To run the tests, simply run
npm test
- koa-helmet >=2.x (master branch) supports koa 2.x
- koa-helmet 1.x (koa-1 branch) supports koa 0.x and koa 1.x