koa-helmet is a wrapper for helmet to work with koa (v2 and v3). It provides important security headers to make your app more secure by default.
This package has zero direct dependencies, with peerDependencies of koa and helmet.
npm i koa-helmet helmet
# or:
bun add koa-helmet helmetUsage is the same as helmet
Helmet offers 11 security middleware functions:
// This...
app.use(helmet());
// ...is equivalent to this:
app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.hsts());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.referrerPolicy());
app.use(helmet.xssFilter());You can see more in the documentation.
import Koa from "koa";
import helmet from "koa-helmet";
const app = new Koa();
app.use(helmet());
app.use((ctx) => {
ctx.body = "Hello World";
});
app.listen(4000);To run the test and lint suite, simply run
npm check
Alternatively, you can run:
npm run test
npm run lint
npm run format:checkPlease see CONTRIBUTING.md for details.
- koa-helmet >=2.x (main branch) supports koa 2.x and 3.x
- koa-helmet 1.x (koa-1 branch) supports koa 0.x and koa 1.x