cmake-harden

1.1.2 verified Fri May 01 auth: no javascript

A CMake module that applies compiler hardening options based on OpenSSF guidelines for C and C++ projects. Current stable version is 1.1.2, released with low cadence. It differs from other hardening approaches by being a simple, dependency-free module installable via npm, integrating seamlessly with Node.js CMake projects. It supports hardening both C and C++ targets with optional RUNTIME flags.

Common errors

error CMake Error at CMakeLists.txt:1 (find_package): By not providing "Findcmake-harden.cmake" in CMAKE_MODULE_PATH this project has asked CMake to find a package configuration file provided by "cmake-harden", but CMake did not find one. ↓

cause Missing PATHS argument or cmake-harden not installed

fix

Ensure npm install cmake-harden is run, then add PATHS node_modules/cmake-harden to find_package

error CMake Error at CMakeLists.txt:5 (harden): Unknown CMake command "harden". ↓

cause Module not included before calling harden()

fix

Add include(cmake-harden/cmake-harden.cmake) or use find_package and then include the module file

error npm WARN cmake-harden@1.1.2 requires a peer of cmake but none is installed. ↓

cause cmake is not listed as a peer dependency but npm may warn

fix

Ensure cmake is available in the system or project (not an npm issue)

Warnings

gotcha find_package must specify PATHS to node_modules when installed via npm ↓

fix Use find_package(cmake-harden REQUIRED PATHS node_modules/cmake-harden)

gotcha The module does not set CMAKE_CXX_FLAGS or CMAKE_C_FLAGS globally; it applies to specific targets ↓

fix Call harden() on each target you want to harden

gotcha The RUNTIME argument only adds runtime hardening flags (e.g., -D_FORTIFY_SOURCE=2), not compile-time ↓

fix Use harden(target CXX RUNTIME) to also add runtime flags

deprecated No deprecated features known

Install

npm install cmake-harden

yarn add cmake-harden

pnpm add cmake-harden

Imports

harden
wrong
```
find_package(cmake-harden) or include(cmake-harden) without find_package path
```
correct
```
include(cmake-harden)
harden(my_target CXX RUNTIME)
```
Requires find_package with PATHS node_modules/cmake-harden if installed via npm. The harden macro is defined after inclusion.
find_package(cmake-harden)
wrong
```
find_package(cmake-harden) without PATHS
```
correct
```
find_package(cmake-harden REQUIRED PATHS node_modules/cmake-harden)
```
The module is not installed system-wide; must specify path to node_modules.
include(cmake-harden)
wrong
```
include(cmake-harden) without full path or with find_package
```
correct
```
include(cmake-harden/cmake-harden.cmake)
```
If using include directly, the file path must be correct after find_package resolves the location.

Quickstart

Shows how to include the cmake-harden module and apply hardening to a C executable target.

find_package(cmake-harden REQUIRED PATHS node_modules/cmake-harden)
add_executable(myapp main.c)
harden(myapp C)
target_compile_options(myapp PRIVATE -Wall -Wextra)