tessl/npm-koa-helmet
Security header middleware collection for Koa applications that wraps Helmet.js
91
1.04x
rubric.jsonevals/scenario-1/
{
"context": "This criteria evaluates how well the engineer uses koa-helmet's granular middleware composition capabilities to build custom security middleware stacks for different route groups, specifically testing their understanding of individual security middleware functions and per-route configuration.",
"type": "weighted_checklist",
"checklist": [
{
"name": "noSniff usage",
"description": "Uses helmet.noSniff() or helmet.xContentTypeOptions() to prevent MIME type sniffing on appropriate routes",
"max_score": 15
},
{
"name": "xssFilter usage",
"description": "Uses helmet.xssFilter() to configure XSS filter on public routes",
"max_score": 10
},
{
"name": "referrerPolicy usage",
"description": "Uses helmet.referrerPolicy() with { policy: 'no-referrer' } option on public API routes",
"max_score": 15
},
{
"name": "hsts usage",
"description": "Uses helmet.hsts() with { maxAge: 31536000, includeSubDomains: true } configuration on admin routes",
"max_score": 20
},
{
"name": "frameguard usage",
"description": "Uses helmet.frameguard() with { action: 'deny' } option on admin routes to prevent clickjacking",
"max_score": 15
},
{
"name": "contentSecurityPolicy usage",
"description": "Uses helmet.contentSecurityPolicy() with custom directives object on content routes, specifically configuring imgSrc and scriptSrc directives",
"max_score": 15
},
{
"name": "dnsPrefetchControl usage",
"description": "Uses helmet.dnsPrefetchControl() with { allow: false } option on content routes",
"max_score": 10
}
]
}Install with Tessl CLI
npx tessl i tessl/npm-koa-helmetdocs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10