Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps-dev): replace standard with neostandard #266

Merged
merged 3 commits into from
Nov 29, 2024
Merged

build(deps-dev): replace standard with neostandard #266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c7fcc91
build(deps-dev): replace standard with neostandard
Fdawgs Nov 28, 2024
f164a3f
ci(ci): enable linting
Fdawgs Nov 28, 2024
8858d1c
chore: ignore eslint rule
Fdawgs Nov 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,4 @@ jobs:
uses: fastify/workflows/.github/workflows/plugins-ci.yml@v5
with:
license-check: true
lint: true
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

![CI](https://github.com/fastify/fastify-helmet/workflows/CI/badge.svg)
[![NPM version](https://img.shields.io/npm/v/@fastify/helmet)](https://www.npmjs.com/package/@fastify/helmet)
[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/)
[![neostandard javascript style](https://img.shields.io/badge/code_style-neostandard-brightgreen?style=flat)](https://github.com/neostandard/neostandard)

Important security headers for Fastify. It is a tiny wrapper around
[helmet](https://npm.im/helmet).
Expand Down
6 changes: 6 additions & 0 deletions eslint.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
'use strict'

module.exports = require('neostandard')({
ignores: require('neostandard').resolveIgnoresFromGitignore(),
ts: true
})
17 changes: 6 additions & 11 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,11 @@
"type": "commonjs",
"types": "types/index.d.ts",
"scripts": {
"coverage": "npm run unit -- --coverage-report=lcovonly",
"lint": "standard | snazzy",
"lint:fix": "standard --fix | snazzy",
"test": "npm run lint && npm run unit && npm run typescript",
"test:ci": "npm run lint && npm run coverage && npm run typescript",
"unit": "c8 --100 node --test",
"unit:report": "npm run unit -- --coverage-report=html",
"unit:verbose": "npm run unit -- -Rspec",
"typescript": "tsd"
"lint": "eslint",
"lint:fix": "eslint --fix",
"test": "npm run test:unit && npm run test:typescript",
"test:typescript": "tsd",
"test:unit": "c8 --100 node --test"
},
"repository": {
"type": "git",
Expand All @@ -41,8 +37,7 @@
"@types/node": "^22.0.0",
"c8": "^10.1.2",
"fastify": "^5.0.0",
"snazzy": "^9.0.0",
"standard": "^17.1.0",
"neostandard": "^0.11.9",
"tsd": "^0.31.0"
},
"dependencies": {
Expand Down
11 changes: 6 additions & 5 deletions types/index.d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify';
import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet';
import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify'
import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet'

declare module 'fastify' {
export interface RouteShorthandOptions<
// eslint-disable-next-line @typescript-eslint/no-unused-vars
RawServer extends RawServerBase = RawServerDefault
> extends fastifyHelmet.FastifyHelmetRouteOptions { }

Expand All @@ -19,7 +20,7 @@ declare module 'fastify' {

type FastifyHelmet = FastifyPluginAsync<fastifyHelmet.FastifyHelmetOptions> & {
contentSecurityPolicy: typeof contentSecurityPolicy;
};
}

declare namespace fastifyHelmet {

Expand All @@ -30,11 +31,11 @@ declare namespace fastifyHelmet {
export type FastifyHelmetOptions = {
enableCSPNonces?: boolean,
global?: boolean;
} & NonNullable<HelmetOptions>;
} & NonNullable<HelmetOptions>

export const fastifyHelmet: FastifyHelmet
export { fastifyHelmet as default }
}

declare function fastifyHelmet(...params: Parameters<FastifyHelmet>): ReturnType<FastifyHelmet>
declare function fastifyHelmet (...params: Parameters<FastifyHelmet>): ReturnType<FastifyHelmet>
export = fastifyHelmet
94 changes: 47 additions & 47 deletions types/index.test-d.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,19 @@
import fastify, { FastifyPluginAsync } from 'fastify';
import helmet from 'helmet';
import { expectAssignable, expectError, expectType } from 'tsd';
import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..';
import fastify, { FastifyPluginAsync } from 'fastify'
import helmet from 'helmet'
import { expectAssignable, expectError, expectType } from 'tsd'
import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..'

// Plugin registered with no options
const appOne = fastify();
appOne.register(fastifyHelmet);
const appOne = fastify()
appOne.register(fastifyHelmet)

// Plugin registered with an empty object option
const appTwo = fastify();
expectAssignable<FastifyHelmetOptions>({});
appTwo.register(fastifyHelmet, {});
const appTwo = fastify()
expectAssignable<FastifyHelmetOptions>({})
appTwo.register(fastifyHelmet, {})

// Plugin registered with all helmet middlewares disabled
const appThree = fastify();
const appThree = fastify()
const helmetOptions = {
contentSecurityPolicy: false,
dnsPrefetchControl: false,
Expand All @@ -25,12 +25,12 @@ const helmetOptions = {
permittedCrossDomainPolicies: false,
referrerPolicy: false,
xssFilter: false
};
expectAssignable<FastifyHelmetOptions>(helmetOptions);
appThree.register(fastifyHelmet, helmetOptions);
}
expectAssignable<FastifyHelmetOptions>(helmetOptions)
appThree.register(fastifyHelmet, helmetOptions)

// Plugin registered with helmet middlewares custom settings
const appFour = fastify();
const appFour = fastify()
appFour.register(fastifyHelmet, {
contentSecurityPolicy: {
directives: {
Expand Down Expand Up @@ -61,21 +61,21 @@ appFour.register(fastifyHelmet, {
// ieNoOpen: false,
// noSniff: false,
// xssFilter: false
});
})

// Plugin registered with `enableCSPNonces` option and helmet default CSP settings
const appFive = fastify();
appFive.register(fastifyHelmet, { enableCSPNonces: true });
const appFive = fastify()
appFive.register(fastifyHelmet, { enableCSPNonces: true })

appFive.get('/', function (request, reply) {
expectType<{
script: string;
style: string;
}>(reply.cspNonce);
});
}>(reply.cspNonce)
})

// Plugin registered with `enableCSPNonces` option and custom CSP settings
const appSix = fastify();
const appSix = fastify()
appSix.register(fastifyHelmet, {
enableCSPNonces: true,
contentSecurityPolicy: {
Expand All @@ -84,41 +84,41 @@ appSix.register(fastifyHelmet, {
},
reportOnly: true
}
});
})

appSix.get('/', function (request, reply) {
expectType<{
script: string;
style: string;
}>(reply.cspNonce);
});
}>(reply.cspNonce)
})

const csp = fastifyHelmet.contentSecurityPolicy;
expectType<typeof helmet.contentSecurityPolicy>(csp);
const csp = fastifyHelmet.contentSecurityPolicy
expectType<typeof helmet.contentSecurityPolicy>(csp)

// Plugin registered with `global` set to `true`
const appSeven = fastify();
appSeven.register(fastifyHelmet, { global: true });
const appSeven = fastify()
appSeven.register(fastifyHelmet, { global: true })

appSeven.get('/route-with-disabled-helmet', { helmet: false }, function (request, reply) {
expectType<typeof helmet>(reply.helmet());
});
expectType<typeof helmet>(reply.helmet())
})

expectError(
appSeven.get('/route-with-disabled-helmet', {
helmet: 'trigger a typescript error'
}, function (request, reply) {
expectType<typeof helmet>(reply.helmet());
expectType<typeof helmet>(reply.helmet())
})
);
)

// Plugin registered with `global` set to `false`
const appEight = fastify();
appEight.register(fastifyHelmet, { global: false });
const appEight = fastify()
appEight.register(fastifyHelmet, { global: false })

appEight.get('/disabled-helmet', function (request, reply) {
expectType<typeof helmet>(reply.helmet(helmetOptions));
});
expectType<typeof helmet>(reply.helmet(helmetOptions))
})

const routeHelmetOptions = {
helmet: {
Expand All @@ -141,44 +141,44 @@ const routeHelmetOptions = {
preload: true
},
permittedCrossDomainPolicies: {
permittedPolicies: 'all' as const
permittedPolicies: 'all' as const
},
referrerPolicy: {
policy: 'no-referrer' as const
}
}
};
expectAssignable<FastifyHelmetRouteOptions>(routeHelmetOptions);
}
expectAssignable<FastifyHelmetRouteOptions>(routeHelmetOptions)

appEight.get('/enabled-helmet', routeHelmetOptions, function (request, reply) {
expectType<typeof helmet>(reply.helmet());
expectType<typeof helmet>(reply.helmet())
expectType<{
script: string;
style: string;
}>(reply.cspNonce);
});
}>(reply.cspNonce)
})

appEight.get('/enable-framegard', {
helmet: { frameguard: true }
}, function (request, reply) {
expectType<typeof helmet>(reply.helmet());
expectType<typeof helmet>(reply.helmet())
expectType<{
script: string;
style: string;
}>(reply.cspNonce);
});
}>(reply.cspNonce)
})

// Plugin registered with an invalid helmet option
const appThatTriggerAnError = fastify();
const appThatTriggerAnError = fastify()
expectError(
appThatTriggerAnError.register(fastifyHelmet, {
thisOptionDoesNotExist: 'trigger a typescript error'
})
);
)

// fastify-helmet instance is using the FastifyHelmetOptions options
expectType<
FastifyPluginAsync<FastifyHelmetOptions> & {
contentSecurityPolicy: typeof helmet.contentSecurityPolicy;
}
>(fastifyHelmet);
>(fastifyHelmet)