tessl/npm-koa-helmet

Security header middleware collection for Koa applications that wraps Helmet.js

1.04x

Overview

Eval results

Files

{
  "context": "This criteria evaluates how well the engineer uses koa-helmet's HSTS (HTTP Strict Transport Security) functionality to implement route-specific HTTPS enforcement policies in a Koa application.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "HSTS middleware usage",
      "description": "Uses helmet.hsts() or helmet() function to enable HSTS security headers",
      "max_score": 20
    },
    {
      "name": "maxAge configuration",
      "description": "Correctly configures maxAge option with appropriate values in seconds (90 days = 7776000, 1 year = 31536000, 30 days = 2592000)",
      "max_score": 25
    },
    {
      "name": "includeSubDomains option",
      "description": "Properly sets includeSubDomains option to true for all policies",
      "max_score": 15
    },
    {
      "name": "preload configuration",
      "description": "Correctly uses the preload option, enabling it for admin routes and not setting it (or setting to false) for other routes",
      "max_score": 15
    },
    {
      "name": "Route-specific policies",
      "description": "Implements different HSTS configurations for different route paths (/admin, /dev, and default routes) using conditional middleware or path-based application",
      "max_score": 25
    }
  ]
}

Install with Tessl CLI

npx tessl i tessl/npm-koa-helmet

tessl/npm-koa-helmet

rubric.json.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-7/

rubric.jsonevals/scenario-7/