{"library":"nuxt-security","title":"Nuxt Security Module","description":"The Nuxt Security module is a robust solution for enhancing the security posture of Nuxt 3 applications by automatically configuring HTTP headers and server middleware according to OWASP principles. It provides features such as Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), X-XSS-Protection, Referrer-Policy, and Permissions-Policy, alongside runtime protections like request size and rate limiters, Cross-Site Scripting (XSS) validation, and Cross-Origin Resource Sharing (CORS) support. The module also offers optional features like basic authentication, allowed HTTP methods control, and CSRF protection. Currently stable at version 2.5.1, `nuxt-security` maintains a rapid release cycle, with frequent hotfixes and minor versions addressing issues, introducing new features, and keeping pace with Nuxt 3 updates. Its primary differentiator is the comprehensive, opinionated, and automatic application of common security best practices without extensive manual configuration. It focuses on server-side protections and integration with Nuxt's SSR/SSG capabilities.","language":"javascript","status":"active","last_verified":"Wed Apr 22","install":{"commands":["npm install nuxt-security"],"cli":null},"imports":["export default defineNuxtConfig({\n  modules: [\n    'nuxt-security'\n  ]\n})","import type { ModuleOptions } from 'nuxt-security'","import type { BasicAuth } from 'nuxt-security'"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"import { defineNuxtConfig } from 'nuxt';\nimport type { ModuleOptions } from 'nuxt-security';\n\nconst securityConfig: ModuleOptions = {\n  headers: {\n    contentSecurityPolicy: {\n      value: {\n        'default-src': [\"'self'\", \"https://cdn.example.com\"],\n        'script-src': [\"'self'\", \"'unsafe-inline'\", \"'unsafe-eval'\", \"https://cdn.example.com\"],\n        'style-src': [\"'self'\", \"'unsafe-inline'\", \"https://cdn.example.com\"]\n      },\n      route: '/**'\n    },\n    xXSSProtection: { value: '1; mode=block', route: '/**' },\n    noSniff: { value: true, route: '/**' }\n  },\n  rateLimiter: {\n    value: {\n      tokens: 10,\n      interval: 30000,\n      headers: true,\n      driver: {\n        name: 'lru-cache',\n        options: { max: 1000, ttl: 60000 }\n      },\n      statusCode: 429,\n      statusMessage: 'Too Many Requests'\n    },\n    route: '/api/**'\n  },\n  allowedHTTPMethods: {\n    value: ['GET', 'POST', 'PUT', 'DELETE'],\n    route: '/api/**'\n  },\n  xssValidator: {\n    value: true,\n    route: '/forms/**'\n  },\n  basicAuth: {\n    value: {\n      name: process.env.BASIC_AUTH_USERNAME ?? 'admin',\n      pass: process.env.BASIC_AUTH_PASSWORD ?? 'password',\n      enabled: true,\n      message: 'Authentication Required'\n    },\n    route: '/admin/**'\n  }\n};\n\nexport default defineNuxtConfig({\n  modules: [\n    'nuxt-security'\n  ],\n  security: securityConfig\n});","lang":"typescript","description":"This configuration enables various security features for a Nuxt application, including a strict Content Security Policy, XSS protection, rate limiting for all API routes, restricted HTTP methods, XSS validation for form submissions, and basic authentication for an '/admin' section. Remember to set `BASIC_AUTH_USERNAME` and `BASIC_AUTH_PASSWORD` environment variables for basic authentication.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}