tessl/npm-koa-helmet

Security header middleware collection for Koa applications that wraps Helmet.js

1.04x

Overview

Eval results

Files

{
  "context": "This evaluation assesses the engineer's ability to use koa-helmet's frameguard middleware to implement configurable clickjacking protection in a Koa application. The focus is on correct usage of the helmet.frameguard() function with different configuration options.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "koa-helmet import",
      "description": "Correctly imports the koa-helmet package (e.g., `const helmet = require('koa-helmet')` or `import helmet from 'koa-helmet'`)",
      "max_score": 10
    },
    {
      "name": "frameguard with DENY",
      "description": "Uses helmet.frameguard() with action set to 'deny' when FRAME_POLICY is 'strict' (e.g., `helmet.frameguard({ action: 'deny' })`)",
      "max_score": 30
    },
    {
      "name": "frameguard with SAMEORIGIN",
      "description": "Uses helmet.frameguard() with action set to 'sameorigin' when FRAME_POLICY is 'same-origin' (e.g., `helmet.frameguard({ action: 'sameorigin' })`)",
      "max_score": 30
    },
    {
      "name": "Conditional middleware application",
      "description": "Correctly applies the frameguard middleware conditionally based on the FRAME_POLICY environment variable, and does not apply it when FRAME_POLICY is 'disabled'",
      "max_score": 25
    },
    {
      "name": "Middleware registration",
      "description": "Properly registers the helmet.frameguard() middleware with the Koa app using app.use()",
      "max_score": 5
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl/npm-koa-helmet

tessl/npm-koa-helmet

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-2/

rubric.jsonevals/scenario-2/