tessl/npm-koa-helmet
Security header middleware collection for Koa applications that wraps Helmet.js
91
1.04x
rubric.jsonevals/scenario-8/
{
"context": "This criteria evaluates the engineer's proficiency in using koa-helmet's selective middleware control capability, specifically the ability to enable, disable, and configure individual security middlewares through the main helmet() function using an options object.",
"type": "weighted_checklist",
"checklist": [
{
"name": "helmet() usage",
"description": "Uses the main helmet() function (not individual middleware functions like helmet.hsts()) in all three profile functions to configure security headers",
"max_score": 20
},
{
"name": "CSP disabling",
"description": "Correctly disables Content Security Policy in strict and API profiles by setting contentSecurityPolicy: false in the helmet() options",
"max_score": 15
},
{
"name": "Frameguard disabling",
"description": "Correctly disables frameguard in the API profile by setting frameguard: false in the helmet() options",
"max_score": 15
},
{
"name": "Frameguard deny configuration",
"description": "Configures frameguard with { action: 'deny' } in the strict profile within the helmet() options object",
"max_score": 15
},
{
"name": "Frameguard sameorigin configuration",
"description": "Configures frameguard with { action: 'sameorigin' } in the public profile within the helmet() options object",
"max_score": 15
},
{
"name": "HSTS 1-year configuration",
"description": "Configures hsts with { maxAge: 31536000 } in the strict profile within the helmet() options object",
"max_score": 10
},
{
"name": "HSTS 30-day configuration",
"description": "Configures hsts with { maxAge: 2592000 } in the public profile within the helmet() options object",
"max_score": 10
}
]
}Install with Tessl CLI
npx tessl i tessl/npm-koa-helmetdocs
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10