Securing Express

Authentication is perhaps the most important and one of the trickier topics with regard to securing a web application from the front. Certainly, there are lots of different threat vectors.

Helmet

One of the easiest things we can do to secure our Express application is to install and use the security middleware called Helmet. Helmet adds a number of security headers and policies, as well as preventing some attacks, such as clickjacking.

It does most of this under the covers, without the need for configuration on our part. For more detailed information, and to find alternative ways to congigure it.

To get started with Helmet, first install it using npm:

$ npm install helmet --save
helmet@1.1.0 node_modules/helmet
|- nocache@1.0.0

Get Mastering JavaScript Single Page Application Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.