diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2ad780d..4df1f04 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,3 +20,4 @@ jobs: uses: fastify/workflows/.github/workflows/plugins-ci.yml@v5 with: license-check: true + lint: true \ No newline at end of file diff --git a/README.md b/README.md index 2cc5665..2094d9f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ ![CI](https://github.com/fastify/fastify-helmet/workflows/CI/badge.svg) [![NPM version](https://img.shields.io/npm/v/@fastify/helmet)](https://www.npmjs.com/package/@fastify/helmet) -[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](http://standardjs.com/) +[![neostandard javascript style](https://img.shields.io/badge/code_style-neostandard-brightgreen?style=flat)](https://github.com/neostandard/neostandard) Important security headers for Fastify. It is a tiny wrapper around [helmet](https://npm.im/helmet). diff --git a/eslint.config.js b/eslint.config.js new file mode 100644 index 0000000..89fd678 --- /dev/null +++ b/eslint.config.js @@ -0,0 +1,6 @@ +'use strict' + +module.exports = require('neostandard')({ + ignores: require('neostandard').resolveIgnoresFromGitignore(), + ts: true +}) diff --git a/package.json b/package.json index 8aeadc2..215fb40 100644 --- a/package.json +++ b/package.json @@ -6,15 +6,11 @@ "type": "commonjs", "types": "types/index.d.ts", "scripts": { - "coverage": "npm run unit -- --coverage-report=lcovonly", - "lint": "standard | snazzy", - "lint:fix": "standard --fix | snazzy", - "test": "npm run lint && npm run unit && npm run typescript", - "test:ci": "npm run lint && npm run coverage && npm run typescript", - "unit": "c8 --100 node --test", - "unit:report": "npm run unit -- --coverage-report=html", - "unit:verbose": "npm run unit -- -Rspec", - "typescript": "tsd" + "lint": "eslint", + "lint:fix": "eslint --fix", + "test": "npm run test:unit && npm run test:typescript", + "test:typescript": "tsd", + "test:unit": "c8 --100 node --test" }, "repository": { "type": "git", @@ -58,8 +54,7 @@ "@types/node": "^22.0.0", "c8": "^10.1.2", "fastify": "^5.0.0", - "snazzy": "^9.0.0", - "standard": "^17.1.0", + "neostandard": "^0.11.9", "tsd": "^0.31.0" }, "dependencies": { diff --git a/types/index.d.ts b/types/index.d.ts index 0be05e8..2920830 100644 --- a/types/index.d.ts +++ b/types/index.d.ts @@ -1,8 +1,9 @@ -import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify'; -import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet'; +import { FastifyPluginAsync, RawServerBase, RawServerDefault } from 'fastify' +import helmet, { contentSecurityPolicy, HelmetOptions } from 'helmet' declare module 'fastify' { export interface RouteShorthandOptions< + // eslint-disable-next-line @typescript-eslint/no-unused-vars RawServer extends RawServerBase = RawServerDefault > extends fastifyHelmet.FastifyHelmetRouteOptions { } @@ -19,7 +20,7 @@ declare module 'fastify' { type FastifyHelmet = FastifyPluginAsync & { contentSecurityPolicy: typeof contentSecurityPolicy; -}; +} declare namespace fastifyHelmet { @@ -30,11 +31,11 @@ declare namespace fastifyHelmet { export type FastifyHelmetOptions = { enableCSPNonces?: boolean, global?: boolean; - } & NonNullable; + } & NonNullable export const fastifyHelmet: FastifyHelmet export { fastifyHelmet as default } } -declare function fastifyHelmet(...params: Parameters): ReturnType +declare function fastifyHelmet (...params: Parameters): ReturnType export = fastifyHelmet diff --git a/types/index.test-d.ts b/types/index.test-d.ts index 46a49ad..6bd6218 100644 --- a/types/index.test-d.ts +++ b/types/index.test-d.ts @@ -1,19 +1,19 @@ -import fastify, { FastifyPluginAsync } from 'fastify'; -import helmet from 'helmet'; -import { expectAssignable, expectError, expectType } from 'tsd'; -import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..'; +import fastify, { FastifyPluginAsync } from 'fastify' +import helmet from 'helmet' +import { expectAssignable, expectError, expectType } from 'tsd' +import fastifyHelmet, { FastifyHelmetOptions, FastifyHelmetRouteOptions } from '..' // Plugin registered with no options -const appOne = fastify(); -appOne.register(fastifyHelmet); +const appOne = fastify() +appOne.register(fastifyHelmet) // Plugin registered with an empty object option -const appTwo = fastify(); -expectAssignable({}); -appTwo.register(fastifyHelmet, {}); +const appTwo = fastify() +expectAssignable({}) +appTwo.register(fastifyHelmet, {}) // Plugin registered with all helmet middlewares disabled -const appThree = fastify(); +const appThree = fastify() const helmetOptions = { contentSecurityPolicy: false, dnsPrefetchControl: false, @@ -25,12 +25,12 @@ const helmetOptions = { permittedCrossDomainPolicies: false, referrerPolicy: false, xssFilter: false -}; -expectAssignable(helmetOptions); -appThree.register(fastifyHelmet, helmetOptions); +} +expectAssignable(helmetOptions) +appThree.register(fastifyHelmet, helmetOptions) // Plugin registered with helmet middlewares custom settings -const appFour = fastify(); +const appFour = fastify() appFour.register(fastifyHelmet, { contentSecurityPolicy: { directives: { @@ -61,21 +61,21 @@ appFour.register(fastifyHelmet, { // ieNoOpen: false, // noSniff: false, // xssFilter: false -}); +}) // Plugin registered with `enableCSPNonces` option and helmet default CSP settings -const appFive = fastify(); -appFive.register(fastifyHelmet, { enableCSPNonces: true }); +const appFive = fastify() +appFive.register(fastifyHelmet, { enableCSPNonces: true }) appFive.get('/', function (request, reply) { expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) // Plugin registered with `enableCSPNonces` option and custom CSP settings -const appSix = fastify(); +const appSix = fastify() appSix.register(fastifyHelmet, { enableCSPNonces: true, contentSecurityPolicy: { @@ -84,41 +84,41 @@ appSix.register(fastifyHelmet, { }, reportOnly: true } -}); +}) appSix.get('/', function (request, reply) { expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) -const csp = fastifyHelmet.contentSecurityPolicy; -expectType(csp); +const csp = fastifyHelmet.contentSecurityPolicy +expectType(csp) // Plugin registered with `global` set to `true` -const appSeven = fastify(); -appSeven.register(fastifyHelmet, { global: true }); +const appSeven = fastify() +appSeven.register(fastifyHelmet, { global: true }) appSeven.get('/route-with-disabled-helmet', { helmet: false }, function (request, reply) { - expectType(reply.helmet()); -}); + expectType(reply.helmet()) +}) expectError( appSeven.get('/route-with-disabled-helmet', { helmet: 'trigger a typescript error' }, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) }) -); +) // Plugin registered with `global` set to `false` -const appEight = fastify(); -appEight.register(fastifyHelmet, { global: false }); +const appEight = fastify() +appEight.register(fastifyHelmet, { global: false }) appEight.get('/disabled-helmet', function (request, reply) { - expectType(reply.helmet(helmetOptions)); -}); + expectType(reply.helmet(helmetOptions)) +}) const routeHelmetOptions = { helmet: { @@ -141,44 +141,44 @@ const routeHelmetOptions = { preload: true }, permittedCrossDomainPolicies: { - permittedPolicies: 'all' as const + permittedPolicies: 'all' as const }, referrerPolicy: { policy: 'no-referrer' as const } } -}; -expectAssignable(routeHelmetOptions); +} +expectAssignable(routeHelmetOptions) appEight.get('/enabled-helmet', routeHelmetOptions, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) appEight.get('/enable-framegard', { helmet: { frameguard: true } }, function (request, reply) { - expectType(reply.helmet()); + expectType(reply.helmet()) expectType<{ script: string; style: string; - }>(reply.cspNonce); -}); + }>(reply.cspNonce) +}) // Plugin registered with an invalid helmet option -const appThatTriggerAnError = fastify(); +const appThatTriggerAnError = fastify() expectError( appThatTriggerAnError.register(fastifyHelmet, { thisOptionDoesNotExist: 'trigger a typescript error' }) -); +) // fastify-helmet instance is using the FastifyHelmetOptions options expectType< FastifyPluginAsync & { contentSecurityPolicy: typeof helmet.contentSecurityPolicy; } ->(fastifyHelmet); +>(fastifyHelmet)