UNPKG

@seckav/security-sdk

Version:

Lightweight API Security SDK for Enterprises - One-click protection with rate limiting, threat detection, security analytics, and real-time monitoring for Express.js and Next.js applications

275 lines (211 loc) 7.55 kB
# SecKav Security SDK v3.0.0 **Lightweight API Security for Enterprises** - One-click protection for your APIs [![npm version](https://badge.fury.io/js/%40seckav%2Fsecurity-sdk.svg)](https://badge.fury.io/js/%40seckav%2Fsecurity-sdk) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) [![TypeScript](https://img.shields.io/badge/TypeScript-Ready-blue.svg)](https://www.typescriptlang.org/) ## 🚀 Quick Start Protect your APIs in under 2 minutes with just one line of code: ```bash npm install @seckav/security-sdk ``` ```javascript const express = require('express'); const { createSecKavMiddleware } = require('@seckav/security-sdk'); const app = express(); // One-line API security app.use(createSecKavMiddleware({ apiKey: 'your_api_key', organizationId: 'your_org_id' })); // Your APIs are now protected! app.get('/api/users', (req, res) => { res.json({ users: [] }); }); app.listen(3000); ``` ## 🛡️ What It Protects Against - **DDoS Attacks** - Intelligent rate limiting with burst control - **SQL Injection** - Real-time malicious payload detection - **XSS Attacks** - Cross-site scripting prevention - **Brute Force** - IP-based attack mitigation - **Suspicious Activity** - Behavioral threat detection - **Geo-based Threats** - Country-level blocking - **Bot Attacks** - User-agent filtering ## 🏢 Perfect For - **Startups** - Get enterprise-grade security from day one - **MSMEs** - Affordable protection that scales with you - **Enterprises** - Lightweight security that doesn't slow you down - **Developers** - Security that's actually developer-friendly ## 🌟 Key Features ### ⚡ Lightning Fast Setup - **One-line integration** - No complex configuration - **Framework agnostic** - Works with Express.js, Next.js, and more - **Zero dependencies** - Minimal impact on your bundle size - **TypeScript ready** - Full type support included ### 🔒 Enterprise-Grade Security - **Real-time threat detection** - Stop attacks as they happen - **Adaptive rate limiting** - Smart throttling that learns - **Security analytics** - Detailed insights and reporting - **Fail-open architecture** - Never breaks your application ### 📊 Built-in Analytics - **Request monitoring** - Track API usage patterns - **Security events** - Real-time threat notifications - **Performance metrics** - Response time analysis - **Geographic insights** - See where requests come from ## 📖 Frameworks Supported ### Express.js ```javascript const express = require('express'); const { createSecKavMiddleware } = require('@seckav/security-sdk'); const app = express(); app.use(createSecKavMiddleware({ apiKey: 'your_api_key', organizationId: 'your_org_id' })); ``` ### Next.js ```javascript // middleware.js import { createSecKavNextMiddleware } from '@seckav/security-sdk'; export default createSecKavNextMiddleware({ apiKey: 'your_api_key', organizationId: 'your_org_id' }); export const config = { matcher: '/api/:path*' }; ``` ### TypeScript ```typescript import { createSecKavMiddleware, SecKavConfig } from '@seckav/security-sdk'; const config: SecKavConfig = { apiKey: 'your_api_key', organizationId: 'your_org_id', features: { rateLimit: true, security: true, analytics: true } }; app.use(createSecKavMiddleware(config)); ``` ## ⚙️ Configuration Options ```javascript const config = { // Required apiKey: 'your_api_key', organizationId: 'your_org_id', // Optional apiUrl: 'https://api.seckav.com', // Custom API endpoint timeout: 5000, // Request timeout (ms) debug: false, // Enable debug logging // Features features: { rateLimit: true, // Enable rate limiting security: true, // Enable threat detection analytics: true, // Enable usage analytics encryption: false, // Enable E2E encryption misconfigurationScanning: false // Enable config scanning }, // Error handling onError: (error) => { console.log('Security error:', error); } }; ``` ## 🔧 Advanced Usage ### Custom Rate Limiting ```javascript const sdk = new SecKavSDK({ apiKey: 'your_api_key', organizationId: 'your_org_id' }); // Check rate limit manually const result = await sdk.checkRateLimit('/api/endpoint', 'GET', 'client-id'); if (!result.allowed) { return res.status(429).json({ error: 'Rate limited' }); } ``` ### Security Settings ```javascript const securitySettings = await sdk.getSecuritySettings('your_jwt_token'); console.log('Current security configuration:', securitySettings); ``` ### Analytics Data ```javascript // Get SDK information const info = sdk.getInfo(); console.log('Enabled features:', info.enabledFeatures); console.log('SDK version:', info.version); ``` ## 🚨 Error Handling The SDK uses a **fail-open** architecture - if there's an error, your API continues to work: ```javascript app.use(createSecKavMiddleware({ apiKey: 'your_api_key', organizationId: 'your_org_id', onError: (error) => { // Log errors but don't break the application console.error('SecKav error:', error.message); // Optional: Send to your monitoring service monitoring.reportError(error); } })); ``` ## 📈 Getting Started ### 1. Sign Up Visit [seckav.com](https://seckav.com) to create your account ### 2. Create Organization Set up your organization and get your API key ### 3. Install SDK ```bash npm install @seckav/security-sdk ``` ### 4. Integrate Add one line of code to protect your APIs ### 5. Monitor View real-time security analytics in your dashboard ## 🔍 Monitoring & Analytics Once integrated, you'll get access to: - **Real-time Security Dashboard** - Live threat monitoring - **API Usage Analytics** - Request patterns and trends - **Security Event Logs** - Detailed attack information - **Performance Metrics** - Response time and throughput - **Geographic Insights** - Request origin mapping - **Threat Intelligence** - Attack pattern analysis ## 🛠️ Development ### Local Development ```javascript app.use(createSecKavMiddleware({ apiKey: 'sk_test_your_test_key', organizationId: 'org_test_your_org', debug: true // Enable detailed logging })); ``` ### Production ```javascript app.use(createSecKavMiddleware({ apiKey: process.env.SECKAV_API_KEY, organizationId: process.env.SECKAV_ORG_ID, debug: false })); ``` ## 🤝 Support - **Documentation**: [docs.seckav.com](https://docs.seckav.com) - **Support Email**: support@seckav.com - **GitHub Issues**: [github.com/seckav/security-sdk/issues](https://github.com/seckav/security-sdk/issues) - **Community**: [community.seckav.com](https://community.seckav.com) ## 📜 License MIT License - see [LICENSE](LICENSE) file for details. ## 🚀 Why SecKav? > **"Security shouldn't be an afterthought"** Most companies implement security after they've been attacked. SecKav lets you build security into your application from day one with: -**Zero Configuration** - Works out of the box -**Enterprise Grade** - Used by companies worldwide -**Developer Friendly** - Security that doesn't slow you down -**Affordable** - Pricing that scales with your business -**Reliable** - 99.9% uptime SLA -**Global** - Edge locations worldwide --- **Protect your APIs today. Start with SecKav.** [Get Started →](https://seckav.com) | [View Docs →](https://docs.seckav.com) | [See Pricing →](https://seckav.com/pricing)