Gathering detailed insights and metrics for guardly
Gathering detailed insights and metrics for guardly
Guardly is a JavaScript/TypeScript library that provides a suite of security helper methods designed to enhance the security of web applications.
Installations
npm install guardlyDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.17.0
NPM Version
9.6.7
Score
70
Supply Chain
98.7
Quality
83.5
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Contributors
1
Unable to fetch Contributors
Languages
2
JavaScript
TypeScript
JavaScript (59.5%)
TypeScript (40.5%)
Developer
garethslinn
Download Statistics
Total Downloads
1,701
Last Day
1
Last Week
16
Last Month
45
Last Year
1,701
GitHub Statistics
10 Commits
1 Watching
1 Branches
1 Contributors
Maintainers
1
Package Meta Information
Latest Version
1.0.15
Package Id
guardly@1.0.15
Unpacked Size
538.48 kB
Size
513.29 kB
File Count
16
NPM Version
9.6.7
Node Version
18.17.0
Publised On
11 Jul 2024
Total Downloads
Cumulative downloads
Total Downloads
1,701
Last day
-50%
1
Compared to previous day
Last week
77.8%
16
Compared to previous week
Last month
-52.6%
45
Compared to previous month
Last year
0%
1,701
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
Versions
Guardly
Guardly is a JavaScript/TypeScript library that provides a suite of security helper methods designed to enhance the security of web applications. It includes methods for preventing common web vulnerabilities such as XSS, CSRF, SQL Injection, LDAP Injection, HTTP Parameter Pollution, and more.
Features
- XSS Prevention: Escape and sanitise HTML input.
- CSRF Prevention: Generate and set CSRF tokens.
- HTTPS Enforcement: Ensure HTTPS protocol usage.
- SSL/TLS Validation: Validate SSL/TLS configurations.
- CSP Setting: Set Content-Security-Policy meta tags.
- Command Injection Prevention: Validate allowed commands.
- SQL Injection Prevention: Escape SQL special characters.
- LDAP Injection Prevention: Escape LDAP special characters.
- HTTP Verb Tampering Prevention: Validate HTTP methods.
- Header Injection Prevention: sanitise headers.
- XML Injection Prevention: sanitise XML input.
- SRI for CDN: Add Subresource Integrity (SRI) to CDN scripts.
- HTTP Parameter Pollution Prevention: sanitise URL parameters.
- Input Validation: Validate and sanitise user inputs.
Installation
Install Guardly via npm:
1npm install guardly
Run
See the RUNBOOK file for details.
Usage
Import the library into your project:
1const { 2 validateCommand, 3 generateCSRFToken, 4 escapeHTML, 5 escapeSQL, 6 enforceHTTPS, 7 validateSSLCertificate, 8 addSRItoCDNScript, 9 setCSP, 10 isValidInput, 11 sanitiseInput, 12 escapeLDAP, 13 sanitiseParameters, 14 validateHTTPMethod, 15 sanitiseHeader, 16 sanitiseXML, 17 setCSRFToken, 18 sanitiseHTML 19} = require('guardly');
Examples
XSS Prevention
1const input = '<div>Test & "escape"</div>'; 2const escapedOutput = escapeHTML(input); // '<div>Test & "escape"</div>' 3 4const htmlInput = '<script>alert("XSS")</script><div>Safe</div>'; 5const sanitisedOutput = sanitiseHTML(htmlInput); // '<div>Safe</div>'
CSRF Prevention
1const token = generateCSRFToken(); 2console.log(token); // Outputs a 24 character token 3 4document.body.innerHTML = '<form id="form"><input type="hidden" name="_csrf" value=""></form>'; 5const form = document.getElementById('form'); 6setCSRFToken(form); // Sets the CSRF token in the form and in the cookie
HTTPS Enforcement
1enforceHTTPS(); // Redirects to HTTPS if the current protocol is HTTP
SSL/TLS Validation
1const url = 'https://example.com'; 2validateSSLCertificate(url); // Validates SSL/TLS configuration for the provided URL
CSP Setting
1setCSP({ 2 'default-src': "'self'", 3 'script-src': "'self' https://trusted.cdn.com", 4 'style-src': "'self' https://trusted.styles.com", 5 'img-src': "'self' https://trusted.images.com" 6}); 7// Sets a Content-Security-Policy meta tag
Command Injection Prevention
1const allowedCommands = ["ls", "ping", "whoami"]; 2const command = "ls -la"; 3const isValid = validateCommand(command, allowedCommands); // true
SQL Injection Prevention
1const userInput = "' OR '1'='1"; 2const escapedInput = escapeSQL(userInput); // "\\' OR \\'1\\'=\\'1"
LDAP Injection Prevention
1const ldapInput = 'admin*()\\|'; 2const escapedLDAPInput = escapeLDAP(ldapInput); // 'admin\\2a\\28\\29\\5c\\7c'
HTTP Verb Tampering Prevention
1const allowedMethods = ["GET", "POST", "PUT", "DELETE"]; 2const method = "POST"; 3const isMethodValid = validateHTTPMethod(method, allowedMethods); // true
Header Injection Prevention
1const header = "Content-Type: text/html\r\nContent-Length: 0"; 2const sanitisedHeader = sanitiseHeader(header); // 'Content-Type: text/htmlContent-Length: 0'
XML Injection Prevention
1const xmlInput = '<user><name>John & Doe</name></user>'; 2const sanitisedXML = sanitiseXML(xmlInput); // '<user><name>John & Doe</name></user>'
SRI for CDN
1addSRItoCDNScript('https://cdn.example.com/library.js', 'sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/ux5J3t3PEaNYCpAnG5P1FZCOm/S6Sni'); 2// Adds a script tag with SRI attributes to the document head
HTTP Parameter Pollution Prevention
1const params = new URLSearchParams("id=123&id=456"); 2const sanitisedParams = sanitiseParameters(params); 3console.log(sanitisedParams.toString()); // 'id=123'
Input Validation
1const userInput = '<script>alert("XSS")</script>Hello'; 2const sanitised = sanitiseInput(userInput); 3console.log(sanitised); // '<script>alert("XSS")</script>Hello' 4 5const safeInput = 'Hello, World!'; 6const unsafeInput = '<script>alert("XSS")</script>'; 7console.log(isValidInput(safeInput)); // true 8console.log(isValidInput(unsafeInput)); // false
Running Tests
To run the tests for Guardly, use the following command:
1npm test
License
This project is licensed under the MIT License - see the LICENSE file for details.
guardly
No vulnerabilities found.
No security vulnerabilities found.