express-security-txt

library 4.0.1 ·javascript

✓ verified May 27, 2026

Express middleware to serve a security.txt policy file at the standard /.well-known/security.txt or /security.txt endpoint. Current stable version 4.0.1. Released via semantic-release; adheres to the security.txt RFC draft (foudil-securitytxt-05). Key differentiators: supports repeating directives, inline comments (prefix, postfix, field-level), and array values for multiple contacts or policies. Lightweight—no external runtime dependencies; works with Express 4.x+. Safer alternatives exist (e.g., manual static file serving) if zero risk of misconfiguration is required.

Traffic · last 30 days ↓82% vs prev 7d · indexed Sat Apr 25 · updated Tue Jun 09

total hits 17

actors 6 distinct systems

last hit 4d ago human

Amazonbot

MetaBot

GPTBot

Script

Search engines

Humans

top countries 🇺🇸 United States · 🇨🇦 Canada · 🇫🇷 France · 🇩🇪 Germany

Resources

githubgithub.com/lirantal/express-security-txt ↗

packagewww.npmjs.com/package/express-security-txt ↗

API endpoints

full doc /v1/registry/express-security-txt

install /v1/registry/express-security-txt/install

compatibility /v1/registry/express-security-txt/compatibility