From c7fcc91c42e1b25845ecde2d0ca27564b34cadb3 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 28 Nov 2024 14:50:52 +0000 Subject: [PATCH 1/3] build(deps-dev): replace standard with neostandard --- README.md | 2 +- eslint.config.js | 6 +++ package.json | 17 +++----- types/index.d.ts | 10 ++--- types/index.test-d.ts | 94 +++++++++++++++++++++---------------------- 5 files changed, 65 insertions(+), 64 deletions(-) create mode 100644 eslint.config.js diff --git a/README.md b/README.md index a8ce684..0f8124c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![CI](https://github.com/fastify/fastify-helmet/workflows/CI/badge.svg) [![NPM version](https://img.shields.io/npm/v/@fastify/helmet)](https://www.npmjs.com/package/@fastify/helmet) -[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/) +[![neostandard javascript style](https://img.shields.io/badge/code_style-neostandard-brightgreen?style=flat)](https://github.com/neostandard/neostandard) Important security headers for Fastify. It is a tiny wrapper around [helmet](https://npm.im/helmet). diff --git a/eslint.config.js b/eslint.config.js new file mode 100644 index 0000000..89fd678 --- /dev/null +++ b/eslint.config.js @@ -0,0 +1,6 @@ +'use strict' + +module.exports = require('neostandard')({ + ignores: require('neostandard').resolveIgnoresFromGitignore(), + ts: true +}) diff --git a/package.json b/package.json index 7a91fbe..6dbfe41 100644 --- a/package.json +++ b/package.json @@ -6,15 +6,11 @@ "type": "commonjs", "types": "types/index.d.ts", "scripts": { - "coverage": "npm run unit -- --coverage-report=lcovonly", - "lint": "standard | snazzy", - "lint:fix": "standard --fix | snazzy", - "test": "npm run lint && npm run unit && npm run typescript", - "test:ci": "npm run lint && npm run coverage && npm run typescript", - "unit": "c8 --100 node --test", - "unit:report": "npm run unit -- --coverage-report=html", - "unit:verbose": "npm run unit -- -Rspec", - "typescript": "tsd" + "lint": "eslint", + "lint:fix": "eslint --fix", + "test": "npm run test:unit && npm run test:typescript", + "test:typescript": "tsd", + "test:unit": "c8 --100 node --test" }, "repository": { "type": "git", @@ -41,8 +37,7 @@ "@types/node": "^22.0.0", "c8": "^10.1.2", "fastify": "^5.0.0", - "snazzy": "^9.0.0", - "standard": "^17.1.0", + "neostandard": "^0.11.9", "tsd": "^0.31.0" }, "dependencies": { diff --git a/types/index.d.ts b/types/index.d.ts index 0be05e8..a7fa4bf 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -1,5 +1,5 @@ -import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify'; -import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet'; +import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify' +import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet' declare module 'fastify' { export interface RouteShorthandOptions< @@ -19,7 +19,7 @@ declare module 'fastify' { type FastifyHelmet = FastifyPluginAsync & { contentSecurityPolicy: typeof contentSecurityPolicy; -}; +} declare namespace fastifyHelmet { @@ -30,11 +30,11 @@ declare namespace fastifyHelmet { export type FastifyHelmetOptions = { enableCSPNonces?: boolean, global?: boolean; - } & NonNullable; + } & NonNullable export const fastifyHelmet: FastifyHelmet export { fastifyHelmet as default } } -declare function fastifyHelmet(...params: Parameters): ReturnType +declare function fastifyHelmet (...params: Parameters): ReturnType export = fastifyHelmet diff --git a/types/index.test-d.ts b/types/index.test-d.ts index 46a49ad..6bd6218 100644 --- a/types/index.test-d.ts +++ b/types/index.test-d.ts @@ -1,19 +1,19 @@ -import fastify, { FastifyPluginAsync } from 'fastify'; -import helmet from 'helmet'; -import { expectAssignable, expectError, expectType } from 'tsd'; -import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..'; +import fastify, { FastifyPluginAsync } from 'fastify' +import helmet from 'helmet' +import { expectAssignable, expectError, expectType } from 'tsd' +import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..' // Plugin registered with no options -const appOne = fastify(); -appOne.register(fastifyHelmet); +const appOne = fastify() +appOne.register(fastifyHelmet) // Plugin registered with an empty object option -const appTwo = fastify(); -expectAssignable({}); -appTwo.register(fastifyHelmet, {}); +const appTwo = fastify() +expectAssignable({}) +appTwo.register(fastifyHelmet, {}) // Plugin registered with all helmet middlewares disabled -const appThree = fastify(); +const appThree = fastify() const helmetOptions = { contentSecurityPolicy: false, dnsPrefetchControl: false, @@ -25,12 +25,12 @@ const helmetOptions = { permittedCrossDomainPolicies: false, referrerPolicy: false, xssFilter: false -}; -expectAssignable(helmetOptions); -appThree.register(fastifyHelmet, helmetOptions); +} +expectAssignable(helmetOptions) +appThree.register(fastifyHelmet, helmetOptions) // Plugin registered with helmet middlewares custom settings -const appFour = fastify(); +const appFour = fastify() appFour.register(fastifyHelmet, { contentSecurityPolicy: { directives: { @@ -61,21 +61,21 @@ appFour.register(fastifyHelmet, { // ieNoOpen: false, // noSniff: false, // xssFilter: false -}); +}) // Plugin registered with `enableCSPNonces` option and helmet default CSP settings -const appFive = fastify(); -appFive.register(fastifyHelmet, { enableCSPNonces: true }); +const appFive = fastify() +appFive.register(fastifyHelmet, { enableCSPNonces: true }) appFive.get('/', function (request, reply) { expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) // Plugin registered with `enableCSPNonces` option and custom CSP settings -const appSix = fastify(); +const appSix = fastify() appSix.register(fastifyHelmet, { enableCSPNonces: true, contentSecurityPolicy: { @@ -84,41 +84,41 @@ appSix.register(fastifyHelmet, { }, reportOnly: true } -}); +}) appSix.get('/', function (request, reply) { expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) -const csp = fastifyHelmet.contentSecurityPolicy; -expectType(csp); +const csp = fastifyHelmet.contentSecurityPolicy +expectType(csp) // Plugin registered with `global` set to `true` -const appSeven = fastify(); -appSeven.register(fastifyHelmet, { global: true }); +const appSeven = fastify() +appSeven.register(fastifyHelmet, { global: true }) appSeven.get('/route-with-disabled-helmet', { helmet: false }, function (request, reply) { - expectType(reply.helmet()); -}); + expectType(reply.helmet()) +}) expectError( appSeven.get('/route-with-disabled-helmet', { helmet: 'trigger a typescript error' }, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) }) -); +) // Plugin registered with `global` set to `false` -const appEight = fastify(); -appEight.register(fastifyHelmet, { global: false }); +const appEight = fastify() +appEight.register(fastifyHelmet, { global: false }) appEight.get('/disabled-helmet', function (request, reply) { - expectType(reply.helmet(helmetOptions)); -}); + expectType(reply.helmet(helmetOptions)) +}) const routeHelmetOptions = { helmet: { @@ -141,44 +141,44 @@ const routeHelmetOptions = { preload: true }, permittedCrossDomainPolicies: { - permittedPolicies: 'all' as const + permittedPolicies: 'all' as const }, referrerPolicy: { policy: 'no-referrer' as const } } -}; -expectAssignable(routeHelmetOptions); +} +expectAssignable(routeHelmetOptions) appEight.get('/enabled-helmet', routeHelmetOptions, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) appEight.get('/enable-framegard', { helmet: { frameguard: true } }, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) // Plugin registered with an invalid helmet option -const appThatTriggerAnError = fastify(); +const appThatTriggerAnError = fastify() expectError( appThatTriggerAnError.register(fastifyHelmet, { thisOptionDoesNotExist: 'trigger a typescript error' }) -); +) // fastify-helmet instance is using the FastifyHelmetOptions options expectType< FastifyPluginAsync & { contentSecurityPolicy: typeof helmet.contentSecurityPolicy; } ->(fastifyHelmet); +>(fastifyHelmet) From f164a3f1c867f53dd3f7812cd230afa907701009 Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Thu, 28 Nov 2024 14:55:28 +0000 Subject: [PATCH 2/3] ci(ci): enable linting --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ad780d..4df1f04 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,3 +20,4 @@ jobs: uses: fastify/workflows/.github/workflows/plugins-ci.yml@v5 with: license-check: true + lint: true \ No newline at end of file From 8858d1cc6cee79b322a21e01210b26e01c30afca Mon Sep 17 00:00:00 2001 From: Frazer Smith Date: Fri, 29 Nov 2024 09:07:56 +0000 Subject: [PATCH 3/3] chore: ignore eslint rule --- types/index.d.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/types/index.d.ts b/types/index.d.ts index a7fa4bf..2920830 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -3,6 +3,7 @@ import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet' declare module 'fastify' { export interface RouteShorthandOptions< + // eslint-disable-next-line @typescript-eslint/no-unused-vars RawServer extends RawServerBase = RawServerDefault > extends fastifyHelmet.FastifyHelmetRouteOptions { }