hattip VS helmet

Let's start up a new project and install these. We will use pnpm, as it is now the best and most loved choice. Also for quick setup, we will use Vite for the client side and HatTip for our backend handler for more convenient readable stream handling.

HatTip - supports universal middleware and deployments, small & lightweight, seems promising

You'll probably like Hattip

To (optionally?) provide plugins on how a server should handle these files in a server framework like hattip

As we discussed before, Rakkas relies on HatTip for handling HTTP so we will use the @hattip/cookie package to manage cookies:

Then we should install the HatTip adapter for Cloudflare Workers. HatTip is a set of JavaScript libraries for building HTTP server applications that run on many platforms like Node.js, Cloudflare Workers, Vercel, Netlify, Deno, and more. Rakkas relies on it for serverless support.

Rakkas 0.6 is now built on HatTip, an HTTP server library that abstracts away the differences between various JavaScript runtimes building on the web standards like Request, Response, and streams. Rakkas already ran on Node, Vercel Serverless Functions, Netlify Functions, and Cloudflare Workers. HatTip integration adds support for Vercel Edge, and Netlify Edge. There's also preliminary support for Deno (including Deno Deploy). Bun support is work in progress.

HatTip[1] just added preliminary Bun support[2].

(HatTip's goal is to enable users (and library authors) to write universal server code that runs anywhere: Node.js, Edge, Deno, Bun, ...)

@Jarred: Curious to know what you think of HatTip!

[1]: https://github.com/hattipjs/hattip

helmet

By default, NuxtSecurity will set security response headers to match the values recommended by OWASP and a popular Express.js middleware called helmet.

Utilize security headers and middleware to add another layer of security to your Node.js application. Tools like Helmet.js can help you set secure HTTP headers, while middleware can assist in filtering and sanitizing user inputs.

Documentation Link: helmet

Helmet helps “sanitise” the input, which might not have come from the UI directly. Mongoose is what is known as an Object Document Modelling (ODM), which defines a structure (schema) for the stored data, making it easier to manage in Express. These additions have been omitted from our example stack purely to simplify the tutorial and focus on the fundamental tiers and interfaces.

If you can repro the issue with a minimal tsconfig, with nothing but an import statement then it's probably something the maintainers of helmet would like to see. There's also this (recent) issue I saw looking at their queue -- maybe related? https://github.com/helmetjs/helmet/issues/424 ...

// Security // https://helmetjs.github.io/ app.use(helmet())

You can learn more about each header and how to configure them in the Helmet documentation.

These days I only use middleware if it's global and has no outputs. Helmet comes to mind.