{"id":17211,"library":"elysia-helmet","title":"Elysia Helmet","description":"Elysia Helmet is a security plugin for the Elysia web framework, designed to protect applications by setting various HTTP response headers. It functions as a direct port of the well-known `helmet` middleware from the Express ecosystem, adapting its battle-tested security configurations to the modern Elysia runtime. The current stable version is 3.1.0. Given its nature as a framework-specific plugin, its release cadence is closely aligned with updates to the Elysia framework itself and the upstream `helmet` project, ensuring continuous compatibility and incorporating the latest web security best practices. Its primary differentiator is providing a familiar and comprehensive suite of HTTP security headers specifically integrated for Elysia, enabling developers to easily apply crucial security measures without manual header management.","status":"active","version":"3.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/tobias-kaerst-software/elysia-helmet","tags":["javascript","elysia","helmet","typescript"],"install":[{"cmd":"npm install elysia-helmet","lang":"bash","label":"npm"},{"cmd":"yarn add elysia-helmet","lang":"bash","label":"yarn"},{"cmd":"pnpm add elysia-helmet","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core framework dependency for the plugin to function.","package":"elysia","optional":false}],"imports":[{"note":"Elysia-Helmet is designed for ESM, preferring named imports. CommonJS require is not the idiomatic way to use this plugin.","wrong":"const helmet = require('elysia-helmet').helmet;","symbol":"helmet","correct":"import { helmet } from 'elysia-helmet';"},{"note":"The 'helmet' function is a named export, not a default export. Using a default import will result in an undefined value.","wrong":"import helmet from 'elysia-helmet';","symbol":"helmet","correct":"import { helmet } from 'elysia-helmet';"},{"note":"Import types explicitly for type-checking when configuring the plugin. Not needed for runtime.","symbol":"HelmetOptions","correct":"import type { HelmetOptions } from 'elysia-helmet';"}],"quickstart":{"code":"import { Elysia } from 'elysia';\nimport { helmet } from 'elysia-helmet';\n\nconst app = new Elysia()\n  .use(helmet({\n    contentSecurityPolicy: {\n      directives: {\n        defaultSrc: [\"'self'\"],\n        scriptSrc: [\"'self'\", \"'unsafe-inline'\"],\n        imgSrc: [\"'self'\", 'data:'],\n      },\n    },\n    xContentTypeOptions: true,\n    xFrameOptions: { action: 'deny' },\n  }))\n  .get('/', () => 'Hello Elysia with Helmet!')\n  .listen(3000);\n\nconsole.log(`Server is running at ${app.server?.hostname}:${app.server?.port}`);","lang":"typescript","description":"Demonstrates how to install and integrate elysia-helmet into an Elysia application with basic security header configurations, including Content Security Policy, X-Content-Type-Options, and X-Frame-Options."},"warnings":[{"fix":"Ensure your project's Elysia dependency is updated to version 1.2.0 or higher: `bun add elysia@latest`.","message":"elysia-helmet has a peer dependency on 'elysia' version '>= 1.2.0'. Using an older version of Elysia may lead to runtime errors or unexpected behavior.","severity":"breaking","affected_versions":"<1.2.0"},{"fix":"Consult the elysia-helmet GitHub repository and examples for the most accurate usage and configuration details within the Elysia framework.","message":"While a port of the original 'helmet' for Express, elysia-helmet may not have 100% identical feature parity or configuration options. Always refer to the elysia-helmet documentation or source code for specific Elysia-context configurations.","severity":"gotcha","affected_versions":">=3.0.0"},{"fix":"Thoroughly test your application with configured security headers in various browsers. Start with a more permissive CSP and gradually tighten directives while monitoring browser console errors.","message":"Misconfiguring security headers, especially Content Security Policy (CSP), can inadvertently block legitimate content or scripts, leading to broken website functionality or user experience issues.","severity":"gotcha","affected_versions":">=3.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Install the package: `bun add elysia-helmet` (or `npm install elysia-helmet`, `yarn add elysia-helmet`). Verify the import statement: `import { helmet } from 'elysia-helmet';`","cause":"The 'elysia-helmet' package has not been installed, or the import path is incorrect, or TypeScript is not configured to resolve modules correctly.","error":"Cannot find module 'elysia-helmet' or its corresponding type declarations."},{"fix":"Ensure you are importing `Elysia` from 'elysia' correctly and that your Elysia version meets the 'elysia-helmet' peer dependency (`>= 1.2.0`). Update Elysia if necessary: `bun add elysia@latest`.","cause":"This error typically indicates that the Elysia instance is not correctly initialized or the Elysia framework version is too old to support the plugin's API.","error":"TypeError: app.use is not a function (or similar Elysia method not found)"},{"fix":"Check the `elysia-helmet` source code or the upstream `helmet` documentation for the correct structure of configuration options. Ensure you are using the correct version of `elysia-helmet` that supports the desired options.","cause":"The type definition for `HelmetOptions` might not include the property, or the property is nested differently than expected, or a specific `helmet` middleware is not enabled by default.","error":"Property 'contentSecurityPolicy' does not exist on type 'HelmetOptions'."}],"ecosystem":"npm","meta_description":null}