tessl/npm-koa-helmet

Security header middleware collection for Koa applications that wraps Helmet.js

1.04x

Overview

Eval results

Files

{
  "context": "This criteria evaluates how well the engineer uses koa-helmet to disable legacy XSS filters in a Koa application. The focus is on correct usage of the xssFilter middleware and proper integration with Koa's middleware system.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "Import koa-helmet",
      "description": "The solution imports or requires the koa-helmet package (e.g., `const helmet = require('koa-helmet')` or `import helmet from 'koa-helmet'`).",
      "max_score": 15
    },
    {
      "name": "Use xssFilter middleware",
      "description": "The solution uses helmet.xssFilter() to create the XSS filter control middleware.",
      "max_score": 40
    },
    {
      "name": "Apply middleware to Koa",
      "description": "The solution properly applies the xssFilter middleware to the Koa application using app.use() so it affects all routes.",
      "max_score": 25
    },
    {
      "name": "Correct middleware placement",
      "description": "The xssFilter middleware is applied before route definitions to ensure it processes all requests.",
      "max_score": 10
    },
    {
      "name": "Header verification",
      "description": "The solution results in the X-XSS-Protection header being set to '0' in HTTP responses, which is the correct value to disable legacy XSS filters.",
      "max_score": 10
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl/npm-koa-helmet

tessl/npm-koa-helmet

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-4/

rubric.jsonevals/scenario-4/