Gathering detailed insights and metrics for @dansmaculotte/nuxt-security
Gathering detailed insights and metrics for @dansmaculotte/nuxt-security
Module for Nuxt.js to configure security headers and more
Installations
npm install @dansmaculotte/nuxt-securityDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.13.2
NPM Version
8.19.2
Languages
2
JavaScript
Vue
JavaScript (99.03%)
Vue (0.97%)
Developer
dansmaculotte
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
57 Stars
129 Commits
8 Forks
2 Watchers
1 Branches
3 Contributors
Updated on Dec 13, 2024
Maintainers
3
Package Meta Information
Latest Version
0.0.6
Package Id
@dansmaculotte/nuxt-security@0.0.6
Unpacked Size
13.35 kB
Size
4.74 kB
File Count
8
NPM Version
8.19.2
Node Version
16.13.2
Published on
Oct 17, 2022
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
@dansmaculotte/nuxt-security
Module for Nuxt.js 2 to configure security headers and more
Compatibility with Nuxt releases
This module as been developed for Nuxt 2. If you are looking for an equivalent compatible with Nuxt 3, please have a look to https://www.npmjs.com/package/nuxt-security.
Features
This module allows you to configure various security headers such as CSP, HSTS or even generate security.txt file. Here is a list of availables features :
- Strict-Transport-Security header
- Content-Security-Policy header
- X-Frame-Options header
- X-Xss-Protection
- X-Content-Type-Options header
- Referrer-Policy header
- Permissions-Policy header (previously Feature-Policy)
- security.txt file generation
ToDo
- Sign security.txt with OpenPGP
- Headers as meta tags for SPA
- Public-Key-Pins
Setup
- Add
@dansmaculotte/nuxt-securitydependency to your project
1yarn add @dansmaculotte/nuxt-security # or npm install @dansmaculotte/nuxt-security
- Add
@dansmaculotte/nuxt-securityto themodulessection ofnuxt.config.js
1{ 2 modules: [ 3 // Simple usage 4 '@dansmaculotte/nuxt-security', 5 6 // With options 7 [ 8 '@dansmaculotte/nuxt-security', 9 { 10 /* module options */ 11 } 12 ] 13 ], 14 15 // Top level options 16 security: {} 17}
Options
dev
- Default:
process.env.SECURITY_DEV || false
Enable module in development mode
hsts
- Default:
null
This option rely on helmet hsts package.
Example:
1hsts: { 2 maxAge: 15552000, 3 includeSubDomains: true, 4 preload: true 5},
csp
- Default:
null
This option rely on helmet csp package.
Example:
1csp: { 2 directives: { 3 defaultSrc: ["'self'"], 4 scriptSrc: ["'self'"], 5 objectSrc: ["'self'"], 6 }, 7 reportOnly: false, 8},
referrer
- Default:
null
This option rely on helmet referrer policy package.
Example:
1referrer: 'same-origin',
permissions
- Default:
null
This option rely on permissions policy package.
Example:
1permissions: { 2 notifications: ['none'] 3},
Note: this come in replacement for feature option as Feature-Policy
header is deprecated.
Previous features option is still supported for now but displays a warning
and use Permissions-Policy header instead.
securityFile
- Default:
null
This option allows you to generate a security.txt described by securitytxt.org.
When generating for SPA applications, the file will appear in the dist/.well-known folder.
For universal applications, the file is accessible at this path: /.well-known/security.txt.
Example:
1securityFile: { 2 contacts: [ 3 'mailto:security@example.com', 4 'https://example.com/security' 5 ], 6 // or contacts: 'mailto:security@example.com' 7 canonical: 'https://example.com/.well-know/security.txt', 8 preferredLanguages: ['fr', 'en'], 9 // or preferredLanguages: 'fr', 10 encryptions: ['https://example.com/pgp-key.txt'], 11 // or encryptions: 'https://example.com/pgp-key.txt', 12 acknowledgments: ['https://example.com/hall-of-fame.html'], 13 // or acknowledgments: 'https://example.com/hall-of-fame.html', 14 policies: ['https://example.com/policy.html'], 15 // or policies: 'https://example.com/policy.html', 16 hirings: ['https://example.com/jobs.html'] 17 // or hirings: 'https://example.com/jobs.html' 18},
additionalHeaders
- Default:
false
If true it adds additional headers :
X-Frame-Options: SAMEORIGIN- documentationX-Xss-Protection: 1; mode=block- documentationX-Content-Type-Options: nosniff- documentation
Development
- Clone this repository
- Install dependencies using
yarn installornpm install - Start development server using
npm run dev
License
Copyright (c) Dans Ma Culotte tech@dansmaculotte.fr
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
project is archived
Details
- Warn: Repository is archived.
Reason
Found 0/1 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
28 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-vjh7-7g9h-fjfh
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
- Warn: Project is vulnerable to: GHSA-8g77-54rh-46hx
- Warn: Project is vulnerable to: GHSA-h7cp-r72f-jxh6
- Warn: Project is vulnerable to: GHSA-v62p-rq8g-8h59
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
- Warn: Project is vulnerable to: GHSA-5j4c-8p2g-v4jx
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-76p3-8jx3-jpfq
- Warn: Project is vulnerable to: GHSA-3rfm-jhwj-7488
- Warn: Project is vulnerable to: GHSA-hhq3-ff78-jv3g
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
Score
1.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More