Express application should use Helmet
TRY THIS RULE ID: javascript-express/missing-helmet
Language: JavaScript
Severity: Warning
Category: Security
CWE : 693
Per Express documentation :
Helmet can help protect your app from some well-known web vulnerabilities by setting HTTP headers appropriately.
This rule will check whether you’ve set app.use(helmet())
within the file that you’ve called express()
const express = require ( "express" )
const app = express ();
// no `app.use(helmet())` helmet detected in the file
app . get ( "/foo" , ( req , res ) => res . send ( "foo" ));
app . listen ( 8000 );
const express = require ( "express" )
const helmet = require ( "helmet" )
const app = express ();
app . use ( json ()); // helmet detected
app . use ( helmet ()); // helmet detected
app . get ( "/foo" , ( req , res ) => res . send ( "foo" ));
app . listen ( 8000 );
import express from "express"
import helmet from "helmet"
const app = express ();
app . use ( helmet ()); // helmet detected
app . get ( "/foo" , ( req , res ) => res . send ( "foo" ));
app . listen ( 8000 );
Seamless integrations. Try Datadog Code Security