{"library":"helmet-csp","type":"library","category":null,"description":"Content Security Policy middleware for Express and Node.js. Version 4.0.0 requires Node >=18 and ships TypeScript definitions. It sets the Content-Security-Policy header using a directives object with support for camelCase or kebab-case keys, dynamic values via functions, and a default policy that can be overridden or disabled. Unlike generic CSP libraries, it integrates directly with the Helmet ecosystem and provides sensible defaults to prevent common vulnerabilities like XSS, though it performs minimal validation on the policy itself.","language":"javascript","status":"active","version":"4.0.0","tags":["javascript","express","security","content-security-policy","csp","xss","typescript"],"last_verified":"Wed May 27","install":[{"cmd":"npm install helmet-csp","imports":["const csp = require('helmet-csp')","const { contentSecurityPolicy } = require('helmet-csp')","const { getDefaultDirectives } = require('helmet-csp')"]},{"cmd":"yarn add helmet-csp","imports":[]},{"cmd":"pnpm add helmet-csp","imports":[]}],"homepage":"https://helmetjs.github.io","github":"https://github.com/helmetjs/helmet","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/helmet-csp","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/helmet-csp/compatibility"}}