{"library":"egg-security","type":"library","category":null,"description":"The `@eggjs/security` (formerly `egg-security`) package is a robust security plugin specifically designed for the Egg.js framework. It provides comprehensive protection against common web vulnerabilities, including Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), Server-Side Request Forgery (SSRF), SQL injection, and more. The current stable version is 4.0.1 (under the `@eggjs/security` namespace), with the 3.x branch (`egg-security`) also receiving maintenance updates, with `3.8.0` being the latest for that line. The project maintains an active release cadence, frequently publishing minor and patch versions to introduce new features, improve existing protections, and address bug fixes. A significant update to version 4.0.0 migrated the codebase to TypeScript and dropped support for Node.js versions older than 18.19.0. Its key differentiator lies in its deep integration with the Egg.js ecosystem, offering out-of-the-box security measures that are easily configurable within the framework's convention-over-configuration paradigm, simplifying the implementation of robust security practices for developers building Egg.js applications.","language":"javascript","status":"active","version":"3.7.0","tags":["javascript","egg","eggPlugin","egg-plugin","security"],"last_verified":"Wed May 27","install":[{"cmd":"npm install egg-security","imports":["// config/plugin.ts\nexport default {\n  security: {\n    enable: true,\n    package: '@eggjs/security'\n  }\n};","// config/config.default.ts\nimport { EggAppConfig } from 'egg';\n\nexport default (appInfo: EggAppInfo) => {\n  const config = {} as Partial<EggAppConfig>;\n  config.security = {\n    csrf: {\n      enable: true,\n      headerName: 'x-csrf-token',\n    },\n    xframe: {\n      enable: true,\n      value: 'SAMEORIGIN',\n    },\n  };\n  return config;\n};","// app/controller/home.ts\nimport { Controller } from 'egg';\n\nclass HomeController extends Controller {\n  public async showForm() {\n    const { ctx } = this;\n    ctx.body = `\n      <html>\n        <body>\n          <form method=\"POST\" action=\"/submit\">\n            <input type=\"hidden\" name=\"_csrf\" value=\"${ctx.csrf}\" />\n            <input type=\"text\" name=\"data\" />\n            <button type=\"submit\">Submit</button>\n          </form>\n        </body>\n      </html>\n    `;\n  }\n}"]},{"cmd":"yarn add egg-security","imports":[]},{"cmd":"pnpm add egg-security","imports":[]}],"homepage":null,"github":"https://github.com/eggjs/egg-security","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/egg-security","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/egg-security/compatibility"}}