PearlDragon

Repositories

4

Projects Packages Public Activity Starred Repositories

@slabhub/express-csp (1.1.0)

Published 2025-04-29 23:08:23 -06:00 by wnross in wnross/express-csp

Installation

Setup this registry in your project .npmrc file:

@slabhub:registry=

To install the package using npm, run the following command:

npm install @slabhub/express-csp@1.1.0

or add it to the package.json file:

"@slabhub/express-csp": "1.1.0"

For more information on the npm registry, see the documentation.

About this package

express-csp

Rapid, configurable Content Security Policy middleware for Express, powered by Helmet and simple YAML configuration.

---

Features

• Secure defaults with CSP via helmet
• Configuration in clean, readable YAML
• Easily swappable policies per environment
• Fully tested with Jest & Supertest

---

Installation

npm install helmet yaml
npm install --save-dev jest supertest

Usage

const express = require('express')
const csp = require('express-csp')
const app = express()

const policyPath = './csp-policy.yml'
app.use(csp(policyPath))

app.get('/', (req, res) => res.send('Secure by CSP!'))
app.listen(3000)

Sample Policy

default-src: ["'self'"]
script-src:
  - "'self'"
  - example.com
style-src:
  - "'self'"
  - "https:"
  - "'unsafe-inline'"
img-src:
  - "'self'"
  - "data:"
object-src: ["'none'"]
upgrade-insecure-requests: []

License

ISC License

---

Contributing

PRs welcome! For bugs or suggestions, open an issue.

Dependencies

Dependencies

ID	Version
helmet	^8.1.0
yaml	^2.7.1

Development Dependencies

ID	Version
express	^5.1.0
jest	^29.7.0
supertest	^7.1.0

Keywords

csp security middleware express

Details

npm

wnross/express-csp

2025-04-29 23:08:23 -06:00

252

William Ross

Project Site

ISC

latest

3.7 KiB

Assets (1)

express-csp-1.1.0.tgz 3.7 KiB

Versions (1) View all

1.1.0 2025-04-29

Issues