koa-helmet/README.md

Security header middleware collection for koa

# koa-helmet

[![Version](https://img.shields.io/npm/v/koa-helmet.svg)](https://www.npmjs.com/package/koa-helmet)
[![Downloads](https://img.shields.io/npm/dm/koa-helmet.svg)](https://www.npmjs.com/package/koa-helmet)

koa-helmet is a wrapper for [helmet](https://github.com/helmetjs/helmet) to work with [koa](https://github.com/koajs/koa) (v2 and v3). It provides important security headers to make your app more secure by default.

This package has **zero** direct dependencies, with `peerDependencies` of koa and helmet.

## Installation

```sh
npm i koa-helmet helmet

# or:

bun add koa-helmet helmet
```

## Usage

Usage is the same as [helmet](https://github.com/helmetjs/helmet)

Helmet offers 11 security middleware functions:

```js
// This...
app.use(helmet());

// ...is equivalent to this:
app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());
```

You can see more in [the documentation](https://helmetjs.github.io).

## Example

```js
import Koa from "koa";
import helmet from "koa-helmet";

const app = new Koa();

app.use(helmet());

app.use((ctx) => {
  ctx.body = "Hello World";
});

app.listen(4000);
```

## Testing

To run the test and lint suite, simply run

```
npm check
```

Alternatively, you can run:

```bash
npm run test
npm run lint
npm run format:check
```

## Contributing

Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details.

## Versioning

- koa-helmet >=2.x (main branch) supports koa 2.x and 3.x
- koa-helmet 1.x ([koa-1](https://github.com/venables/koa-helmet/tree/koa-1) branch) supports koa 0.x and koa 1.x