{"library":"fetch-metadata","type":"library","category":null,"description":"The `fetch-metadata` package provides Node.js middleware designed for Express and Connect applications to enforce browser Fetch metadata request headers, such as `Sec-Fetch-Site`, `Sec-Fetch-Mode`, and `Sec-Fetch-Dest`. This middleware plays a crucial role in enhancing application security by helping to prevent common web vulnerabilities like Cross-Site Request Forgery (CSRF), Cross-Site Script Inclusion (XSSI), and information leakage attacks, as part of a defense-in-depth strategy. Currently at stable version 1.0.0, it offers a highly configurable API allowing developers to define granular policies for request origins, navigation types, and specific allowed paths. While a specific release cadence isn't published, its initial stable release suggests a focus on reliability for security-critical applications. Its key differentiator lies in its specific focus on these modern browser security headers, providing a ready-to-use solution for integrating these protections into existing Node.js web servers.","language":"javascript","status":"active","version":"1.0.0","tags":["javascript","node.js","middleware","express","connect","fetch","metadata","request","security","typescript"],"last_verified":"Wed May 27","install":[{"cmd":"npm install fetch-metadata","imports":["import fetchMetadata from 'fetch-metadata'","import type { FetchMetadataOptions } from 'fetch-metadata'"]},{"cmd":"yarn add fetch-metadata","imports":[]},{"cmd":"pnpm add fetch-metadata","imports":[]}],"homepage":null,"github":"https://github.com/jperasmus/fetch-metadata","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/fetch-metadata","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/fetch-metadata/compatibility"}}