UNPKG

express-shield-securekit

Version:

A modular security middleware toolkit for Express.js with built-in rate limiting, SQL injection protection, and XSS sanitization.

github.com/Syed-Bakhtawar-Fahim/secure-express-kit

Syed-Bakhtawar-Fahim/secure-express-kit

135 lines (95 loc) 3.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Express Shield SecureKit A modular security middleware toolkit for Express.js with built-in protection against common web attacks including SQL Injection, XSS, and request flooding. ## ✨ Features - **Rate Limiting** (in-memory & Redis) - 🛡️ **SQL Injection Detection & Blocking** - 🚫 **XSS Protection** using sanitization - 🔌 **Modular Middleware Architecture** --- ## 📦 Installation ```bash npm install express-shield-securekit ``` --- ## Usage ### Method 1: Manual Middleware Setup (Flexible but Verbose) ```bash import { expressRateLimiter, sanitizeMiddleware } from "express-shield-securekit"; const app = express(); app.use(express.json()); // Rate Limiter Middleware app.use(expressRateLimiter({ windowMs: 60 * 1000, // 1 minute window max: 5, message: "Too many requests. Please try again later." })); // Global Sanitizer Middleware (XSS + SQL Injection) app.use(sanitizeMiddleware); app.post("/test", (req, res) => { res.json({ success: true, message: "Request passed all security checks!", sanitizedBody: req.body, }); }); app.listen(3000, () => { console.log("Server running on http://localhost:3000"); }); ``` ### Method 2: Easy Integration (Recommended) ```bash const { secureMiddleware } = require("express-shield-securekit"); const app = express(); app.use(express.json()); rateLimitOptions = { windowMs: 60 * 1000, max: 5, message: "Too many requests. Please try again later." } app.use(secureMiddleware({ rateLimit: rateLimitOptions, sanitizeMiddleware: true })) app.post("/test", (req, res) => { res.json({ success: true, message: "Request passed all security checks!", sanitizedBody: req.body, }); }); app.listen(3000, () => { console.log("Server running on http://localhost:3000"); }); ``` --- ## 🧱 Middleware Provided ### expressRateLimiter(options) Simple rate limiter middleware for Express. **Options:** - `windowMs` Duration of time window in milliseconds - `max` Maximum requests allowed per IP in the time window - `message` Custom error message on rate limit exceeded **Example:** ```bash app.use(expressRateLimiter({ windowMs: 60 * 1000, // 1 minute max: 10, message: "Too many requests. Try again in a minute." })); ``` --- ### sanitizeMiddleware 1. Clean all incoming `req.body`, `req.query` and `req.params`. 2. Detect `XSS scripts using xss package` and `SQL injection patterns`. 3. Automatically blocks the request with 400 Bad Request if threats are found. If malicious input is detected. ## Future Plans (v2+) 1. Secure HTTP Headers - Add support similar to Helmet 2. CSRF Token Middleware Protection against cross-site request forgery 3. AI-based anomaly detection for malicious payloads - Block suspicious payloads with pattern learning 4. Rate Limiting for Microservices - Redis/pub-sub friendly distributed throttling ## Test ```bash npm test ``` ## Author Made with ❤️ by [Syed Bakhtawar Fahim](https://github.com/Syed-Bakhtawar-Fahim)