HTTP Public Key Pinning (HPKP) middleware
JSON →The `hpkp` package provides HTTP Public Key Pinning (HPKP) middleware for Express and Connect applications. It facilitates adding the `Public-Key-Pins` or `Public-Key-Pins-Report-Only` headers to web responses, which allows sites to declare cryptographic identities for web servers. However, HPKP as a security standard has been widely deprecated by browser vendors, including Chrome, due to significant risks of misuse and the potential for self-inflicted denial-of-service by rendering a website permanently inaccessible to legitimate users. The package is currently at version 3.0.0 and is explicitly in maintenance mode, indicating it will not receive new feature development but will be maintained for critical bug fixes. Developers are strongly advised against implementing HPKP in new projects and should consider alternatives like Certificate Transparency and Expect-CT headers.
Traffic · last 30 days ↓67% vs prev 7d
top countries 🇺🇸 United States · 🇨🇦 Canada · 🇫🇮 Finland · 🇪🇸 Spain · 🇩🇪 Germany