helmet VS json-server

Helmet is an npm package that includes middleware to handle and filter out malicious request headers (exploiting XSS vulnerabilities or clickjacking, for example). You can utilize Helmet's default configuration or customize it based on your needs following the instructions provided here.

helmet

By default, NuxtSecurity will set security response headers to match the values recommended by OWASP and a popular Express.js middleware called helmet.

Utilize security headers and middleware to add another layer of security to your Node.js application. Tools like Helmet.js can help you set secure HTTP headers, while middleware can assist in filtering and sanitizing user inputs.

Documentation Link: helmet

Helmet helps “sanitise” the input, which might not have come from the UI directly. Mongoose is what is known as an Object Document Modelling (ODM), which defines a structure (schema) for the stored data, making it easier to manage in Express. These additions have been omitted from our example stack purely to simplify the tutorial and focus on the fundamental tiers and interfaces.

If you can repro the issue with a minimal tsconfig, with nothing but an import statement then it's probably something the maintainers of helmet would like to see. There's also this (recent) issue I saw looking at their queue -- maybe related? https://github.com/helmetjs/helmet/issues/424 ...

// Security // https://helmetjs.github.io/ app.use(helmet())

You can learn more about each header and how to configure them in the Helmet documentation.

These days I only use middleware if it's global and has no outputs. Helmet comes to mind.

JSON Server

Our backend will be little more than a two-way translation layer between the database and the user interface (UI). Later in this post we will identify other responsibilities of a backend but our implementation will be kept simple to demonstrate the fundamental machinery and concepts. It is worth noting the backend comes in two parts, web server and application server. Both json-server and Express are able to facilitate these roles from the same URL. This is very useful for our tutorial because we do not have to configure the server to manage Cross-Origin Resource Sharing (CORS). It is quite typical for production systems to separate these server roles for all sorts of good reasons but for now it would just create an additional complication.

JSON-Server creates fake REST API with a minimum amount of configuration, it provides a simple way to create mock RESTful APIs and easily define the required endpoints, allows easy definition of the data schema in a JSON file and can serve as a reference for each figure in the project.

I thought about usingJson Server (hosting the repo with the words on Github to begin with), Googlesheets, or maybe Firestore (i would prefer not to use it ,to avoid extra costs just in case it gets a reasonable amount of users). It isnt a big app so i just want a simple solution for storing the words and fetching them.

There is https://github.com/typicode/json-server that is really useful for that matter

JSON server https://github.com/typicode/json-server