npmpackage.info

Gathering detailed insights and metrics for guardly

guardly - 1.0.15 | npmpackage.info

guardly

Guardly is a JavaScript/TypeScript library that provides a suite of security helper methods designed to enhance the security of web applications.

1.0.15

NOASSERTION

JavaScript

1.31 kB

2,005

Installations

npm install guardly

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

18.17.0

NPM Version

9.6.7 Score

69.9

Supply Chain

98.7

Quality

83.5

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

0

Closed

0

Issues

Open

0

Total

0

Closed

0

Releases

Unable to fetch releases

Languages

JavaScript

TypeScript

JavaScript (59.5%)

TypeScript (40.5%)

Developer

garethslinn

Download Statistics

Total Downloads

2,005

Last Day

Last Week

Last Month

Last Year

2,005

GitHub Statistics

NOASSERTION License

10 Commits

1 Watchers

1 Branches

1 Contributors

Updated on Jul 11, 2024

Bundle Size

2.89 kB

Minified

1.31 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

1.0.15

Package Id

guardly@1.0.15

Unpacked Size

538.48 kB

Size

513.29 kB

File Count

NPM Version

9.6.7

Node Version

18.17.0

Published on

Jul 11, 2024

Total Downloads

Cumulative downloads

Total Downloads

2,005

Last Day

Compared to previous day

Last Week

-84.6%

Compared to previous week

Last Month

-46.4%

Compared to previous month

Last Year

2,005

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

jest uglify-js typescript

Guardly

Guardly is a JavaScript/TypeScript library that provides a suite of security helper methods designed to enhance the security of web applications. It includes methods for preventing common web vulnerabilities such as XSS, CSRF, SQL Injection, LDAP Injection, HTTP Parameter Pollution, and more.

Features

XSS Prevention: Escape and sanitise HTML input.
CSRF Prevention: Generate and set CSRF tokens.
HTTPS Enforcement: Ensure HTTPS protocol usage.
SSL/TLS Validation: Validate SSL/TLS configurations.
CSP Setting: Set Content-Security-Policy meta tags.
Command Injection Prevention: Validate allowed commands.
SQL Injection Prevention: Escape SQL special characters.
LDAP Injection Prevention: Escape LDAP special characters.
HTTP Verb Tampering Prevention: Validate HTTP methods.
Header Injection Prevention: sanitise headers.
XML Injection Prevention: sanitise XML input.
SRI for CDN: Add Subresource Integrity (SRI) to CDN scripts.
HTTP Parameter Pollution Prevention: sanitise URL parameters.
Input Validation: Validate and sanitise user inputs.

Installation

Install Guardly via npm:

1npm install guardly

Run

See the RUNBOOK file for details.

Usage

Import the library into your project:

1const {
2    validateCommand,
3    generateCSRFToken,
4    escapeHTML,
5    escapeSQL,
6    enforceHTTPS,
7    validateSSLCertificate,
8    addSRItoCDNScript,
9    setCSP,
10    isValidInput,
11    sanitiseInput,
12    escapeLDAP,
13    sanitiseParameters,
14    validateHTTPMethod,
15    sanitiseHeader,
16    sanitiseXML,
17    setCSRFToken,
18    sanitiseHTML
19} = require('guardly');

Examples

XSS Prevention

1const input = '<div>Test & "escape"</div>';
2const escapedOutput = escapeHTML(input); // '&lt;div&gt;Test &amp; &quot;escape&quot;&lt;/div&gt;'
3
4const htmlInput = '<script>alert("XSS")</script><div>Safe</div>';
5const sanitisedOutput = sanitiseHTML(htmlInput); // '<div>Safe</div>'

CSRF Prevention

1const token = generateCSRFToken();
2console.log(token); // Outputs a 24 character token
3
4document.body.innerHTML = '<form id="form"><input type="hidden" name="_csrf" value=""></form>';
5const form = document.getElementById('form');
6setCSRFToken(form); // Sets the CSRF token in the form and in the cookie

HTTPS Enforcement

1enforceHTTPS(); // Redirects to HTTPS if the current protocol is HTTP

SSL/TLS Validation

1const url = 'https://example.com';
2validateSSLCertificate(url); // Validates SSL/TLS configuration for the provided URL

CSP Setting

1setCSP({
2    'default-src': "'self'",
3    'script-src': "'self' https://trusted.cdn.com",
4    'style-src': "'self' https://trusted.styles.com",
5    'img-src': "'self' https://trusted.images.com"
6});
7// Sets a Content-Security-Policy meta tag

Command Injection Prevention

1const allowedCommands = ["ls", "ping", "whoami"];
2const command = "ls -la";
3const isValid = validateCommand(command, allowedCommands); // true

SQL Injection Prevention

1const userInput = "' OR '1'='1";
2const escapedInput = escapeSQL(userInput); // "\\' OR \\'1\\'=\\'1"

LDAP Injection Prevention

1const ldapInput = 'admin*()\\|';
2const escapedLDAPInput = escapeLDAP(ldapInput); // 'admin\\2a\\28\\29\\5c\\7c'

HTTP Verb Tampering Prevention

1const allowedMethods = ["GET", "POST", "PUT", "DELETE"];
2const method = "POST";
3const isMethodValid = validateHTTPMethod(method, allowedMethods); // true

Header Injection Prevention

1const header = "Content-Type: text/html\r\nContent-Length: 0";
2const sanitisedHeader = sanitiseHeader(header); // 'Content-Type: text/htmlContent-Length: 0'

XML Injection Prevention

1const xmlInput = '<user><name>John & Doe</name></user>';
2const sanitisedXML = sanitiseXML(xmlInput); // '&lt;user&gt;&lt;name&gt;John &amp; Doe&lt;/name&gt;&lt;/user&gt;'

SRI for CDN

1addSRItoCDNScript('https://cdn.example.com/library.js', 'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/ux5J3t3PEaNYCpAnG5P1FZCOm/S6Sni');
2// Adds a script tag with SRI attributes to the document head

HTTP Parameter Pollution Prevention

1const params = new URLSearchParams("id=123&id=456");
2const sanitisedParams = sanitiseParameters(params);
3console.log(sanitisedParams.toString()); // 'id=123'

Input Validation

1const userInput = '<script>alert("XSS")</script>Hello';
2const sanitised = sanitiseInput(userInput);
3console.log(sanitised); // '&lt;script&gt;alert("XSS")&lt;/script&gt;Hello'
4
5const safeInput = 'Hello, World!';
6const unsafeInput = '<script>alert("XSS")</script>';
7console.log(isValidInput(safeInput)); // true
8console.log(isValidInput(unsafeInput)); // false

Running Tests

To run the tests for Guardly, use the following command:

1npm test

License

This project is licensed under the MIT License - see the LICENSE file for details.

guardly

No vulnerabilities found.

No security vulnerabilities found.