{"library":"strict-transport-security","title":"Strict-Transport-Security Middleware","type":"library","description":"The `strict-transport-security` package provides Node.js middleware designed to add the Strict-Transport-Security (HSTS) header to HTTP responses. This header enforces secure (HTTPS) connections, preventing downgrade attacks and cookie hijacking in compliant browsers, as specified by RFC6797. It is built to integrate seamlessly with Express.js and Connect-compatible frameworks, allowing developers to define global or path-specific HSTS policies. The package is currently at version 0.3.0, with its latest notable update introducing support for the `preload` option. Its development cadence suggests a mature and stable, yet likely low-maintenance, library focused on a singular security concern. Its primary differentiator is its dedicated functionality for HSTS, offering a lightweight alternative to larger security middleware suites.","language":"javascript","status":"maintenance","last_verified":"Thu Apr 23","install":{"commands":["npm install strict-transport-security"],"cli":null},"imports":["const sts = require('strict-transport-security');","app.use(sts.getSTS({'max-age':{'days': 30}}));","sts.getSTS({'max-age':{'days': 30}, 'includeSubDomains': true, 'preload': true});"],"auth":{"required":false,"env_vars":[]},"links":{"homepage":null,"github":"https://github.com/samuelerdtman/strict-transport-security","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/strict-transport-security","openapi_spec":null,"status_page":null,"smithery":null},"quickstart":{"code":"const sts = require('strict-transport-security');\nconst express = require('express');\nconst app = express();\n\nconst globalSTS = sts.getSTS({'max-age':{'days': 30}});\nconst localSTS = sts.getSTS({'max-age':{'days': 10}, 'includeSubDomains': true});\n\n// This will apply this policy to all requests\napp.use(globalSTS);\n\napp.get('/', (req, res) => {\n  res.send('Using global strict transport security policy!');\n});\n\n// This will apply the local policy just to this path, overriding the global policy\napp.get('/local', localSTS, (req, res) => {\n  res.send('Using path local strict transport security policy!');\n});\n\napp.listen(3000, () => {\n  console.log('Example app listening on port 3000!');\n});","lang":"javascript","description":"Demonstrates how to initialize and apply Strict-Transport-Security middleware globally across all requests and how to define and apply a path-specific policy that overrides the global one within an Express.js application.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}