Express application should use Helmet

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: typescript-express/missing-helmet

Language: TypeScript

Severity: Warning

Category: Security

Description

Per Express documentation:

Helmet can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately.

This rule will check whether you’ve set app.use(helmet()) within the file that you’ve called express()

Non-Compliant Code Examples

import express, { Express, Request, Response } from 'express';

const app: Express = express();

// no `app.use(helmet())` helmet detected in the file

app.get("/foo", (req: Request, res: Response) => res.send("foo"));

app.listen(8000);

Compliant Code Examples

import express, { Express, Request, Response } from 'express';
import helmet from "helmet";

const app: Express = express();

app.use(helmet()); // helmet detected

app.get("/foo", (req: Request, res: Response) => res.send("foo"));

app.listen(8000);
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis