@seckav/security-sdk
Version:
Lightweight API Security SDK for Enterprises - One-click protection with rate limiting, threat detection, security analytics, and real-time monitoring for Express.js and Next.js applications
275 lines (211 loc) • 7.55 kB
Markdown
# SecKav Security SDK v3.0.0
**Lightweight API Security for Enterprises** - One-click protection for your APIs
[](https://badge.fury.io/js/%40seckav%2Fsecurity-sdk)
[](https://opensource.org/licenses/MIT)
[](https://www.typescriptlang.org/)
## 🚀 Quick Start
Protect your APIs in under 2 minutes with just one line of code:
```bash
npm install @seckav/security-sdk
```
```javascript
const express = require('express');
const { createSecKavMiddleware } = require('@seckav/security-sdk');
const app = express();
// One-line API security
app.use(createSecKavMiddleware({
apiKey: 'your_api_key',
organizationId: 'your_org_id'
}));
// Your APIs are now protected!
app.get('/api/users', (req, res) => {
res.json({ users: [] });
});
app.listen(3000);
```
## 🛡️ What It Protects Against
- **DDoS Attacks** - Intelligent rate limiting with burst control
- **SQL Injection** - Real-time malicious payload detection
- **XSS Attacks** - Cross-site scripting prevention
- **Brute Force** - IP-based attack mitigation
- **Suspicious Activity** - Behavioral threat detection
- **Geo-based Threats** - Country-level blocking
- **Bot Attacks** - User-agent filtering
## 🏢 Perfect For
- **Startups** - Get enterprise-grade security from day one
- **MSMEs** - Affordable protection that scales with you
- **Enterprises** - Lightweight security that doesn't slow you down
- **Developers** - Security that's actually developer-friendly
## 🌟 Key Features
### ⚡ Lightning Fast Setup
- **One-line integration** - No complex configuration
- **Framework agnostic** - Works with Express.js, Next.js, and more
- **Zero dependencies** - Minimal impact on your bundle size
- **TypeScript ready** - Full type support included
### 🔒 Enterprise-Grade Security
- **Real-time threat detection** - Stop attacks as they happen
- **Adaptive rate limiting** - Smart throttling that learns
- **Security analytics** - Detailed insights and reporting
- **Fail-open architecture** - Never breaks your application
### 📊 Built-in Analytics
- **Request monitoring** - Track API usage patterns
- **Security events** - Real-time threat notifications
- **Performance metrics** - Response time analysis
- **Geographic insights** - See where requests come from
## 📖 Frameworks Supported
### Express.js
```javascript
const express = require('express');
const { createSecKavMiddleware } = require('@seckav/security-sdk');
const app = express();
app.use(createSecKavMiddleware({
apiKey: 'your_api_key',
organizationId: 'your_org_id'
}));
```
### Next.js
```javascript
// middleware.js
import { createSecKavNextMiddleware } from '@seckav/security-sdk';
export default createSecKavNextMiddleware({
apiKey: 'your_api_key',
organizationId: 'your_org_id'
});
export const config = {
matcher: '/api/:path*'
};
```
### TypeScript
```typescript
import { createSecKavMiddleware, SecKavConfig } from '@seckav/security-sdk';
const config: SecKavConfig = {
apiKey: 'your_api_key',
organizationId: 'your_org_id',
features: {
rateLimit: true,
security: true,
analytics: true
}
};
app.use(createSecKavMiddleware(config));
```
## ⚙️ Configuration Options
```javascript
const config = {
// Required
apiKey: 'your_api_key',
organizationId: 'your_org_id',
// Optional
apiUrl: 'https://api.seckav.com', // Custom API endpoint
timeout: 5000, // Request timeout (ms)
debug: false, // Enable debug logging
// Features
features: {
rateLimit: true, // Enable rate limiting
security: true, // Enable threat detection
analytics: true, // Enable usage analytics
encryption: false, // Enable E2E encryption
misconfigurationScanning: false // Enable config scanning
},
// Error handling
onError: (error) => {
console.log('Security error:', error);
}
};
```
## 🔧 Advanced Usage
### Custom Rate Limiting
```javascript
const sdk = new SecKavSDK({
apiKey: 'your_api_key',
organizationId: 'your_org_id'
});
// Check rate limit manually
const result = await sdk.checkRateLimit('/api/endpoint', 'GET', 'client-id');
if (!result.allowed) {
return res.status(429).json({ error: 'Rate limited' });
}
```
### Security Settings
```javascript
const securitySettings = await sdk.getSecuritySettings('your_jwt_token');
console.log('Current security configuration:', securitySettings);
```
### Analytics Data
```javascript
// Get SDK information
const info = sdk.getInfo();
console.log('Enabled features:', info.enabledFeatures);
console.log('SDK version:', info.version);
```
## 🚨 Error Handling
The SDK uses a **fail-open** architecture - if there's an error, your API continues to work:
```javascript
app.use(createSecKavMiddleware({
apiKey: 'your_api_key',
organizationId: 'your_org_id',
onError: (error) => {
// Log errors but don't break the application
console.error('SecKav error:', error.message);
// Optional: Send to your monitoring service
monitoring.reportError(error);
}
}));
```
## 📈 Getting Started
### 1. Sign Up
Visit [seckav.com](https://seckav.com) to create your account
### 2. Create Organization
Set up your organization and get your API key
### 3. Install SDK
```bash
npm install @seckav/security-sdk
```
### 4. Integrate
Add one line of code to protect your APIs
### 5. Monitor
View real-time security analytics in your dashboard
## 🔍 Monitoring & Analytics
Once integrated, you'll get access to:
- **Real-time Security Dashboard** - Live threat monitoring
- **API Usage Analytics** - Request patterns and trends
- **Security Event Logs** - Detailed attack information
- **Performance Metrics** - Response time and throughput
- **Geographic Insights** - Request origin mapping
- **Threat Intelligence** - Attack pattern analysis
## 🛠️ Development
### Local Development
```javascript
app.use(createSecKavMiddleware({
apiKey: 'sk_test_your_test_key',
organizationId: 'org_test_your_org',
debug: true // Enable detailed logging
}));
```
### Production
```javascript
app.use(createSecKavMiddleware({
apiKey: process.env.SECKAV_API_KEY,
organizationId: process.env.SECKAV_ORG_ID,
debug: false
}));
```
## 🤝 Support
- **Documentation**: [docs.seckav.com](https://docs.seckav.com)
- **Support Email**: support@seckav.com
- **GitHub Issues**: [github.com/seckav/security-sdk/issues](https://github.com/seckav/security-sdk/issues)
- **Community**: [community.seckav.com](https://community.seckav.com)
## 📜 License
MIT License - see [LICENSE](LICENSE) file for details.
## 🚀 Why SecKav?
> **"Security shouldn't be an afterthought"**
Most companies implement security after they've been attacked. SecKav lets you build security into your application from day one with:
- ✅ **Zero Configuration** - Works out of the box
- ✅ **Enterprise Grade** - Used by companies worldwide
- ✅ **Developer Friendly** - Security that doesn't slow you down
- ✅ **Affordable** - Pricing that scales with your business
- ✅ **Reliable** - 99.9% uptime SLA
- ✅ **Global** - Edge locations worldwide
---
**Protect your APIs today. Start with SecKav.**
[Get Started →](https://seckav.com) | [View Docs →](https://docs.seckav.com) | [See Pricing →](https://seckav.com/pricing)