{"_id":"hpkp","_rev":"2651929","name":"hpkp","description":"HTTP Public Key Pinning (HPKP) middleware","dist-tags":{"latest":"2.0.3"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"time":{"modified":"2022-01-25T19:46:22.000Z","created":"2015-03-05T22:28:04.064Z","2.0.3":"2022-01-25T19:41:37.880Z","2.0.2":"2021-04-13T01:29:36.201Z","2.0.1":"2020-08-08T16:06:28.199Z","2.0.0":"2016-10-28T20:16:14.467Z","1.2.0":"2016-09-30T22:49:53.420Z","1.1.0":"2016-03-02T01:03:30.141Z","1.0.0":"2015-12-18T19:05:00.687Z","0.3.0":"2015-11-26T18:34:32.847Z","0.2.0":"2015-07-09T01:08:37.122Z","0.1.0":"2015-03-05T22:28:04.064Z"},"users":{"chirag8642":true,"martinspinks":true},"author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"versions":{"2.0.3":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"https://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"2.0.3","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"pretest":"npm run lint","lint":"npm run lint:eslint && npm run lint:prettier","lint:eslint":"eslint .","lint:prettier":"prettier --check .","format":"prettier --write .","test":"mocha"},"devDependencies":{"connect":"^3.7.0","eslint":"^8.7.0","mocha":"^9.2.0","prettier":"^2.5.1","supertest":"^6.1.6"},"gitHead":"840e2ed6e7513f198e34759acedbafc1662d2a06","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@2.0.3","_nodeVersion":"17.4.0","_npmVersion":"8.3.1","dist":{"shasum":"7d94de3e268b2cbdc6a6b6d8e34cbdd5be083fa8","size":2734,"noattachment":false,"key":"/hpkp/-/hpkp-2.0.3.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-2.0.3.tgz"},"_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"directories":{},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/hpkp_2.0.3_1643139697725_0.2089746264104384"},"_hasShrinkwrap":false,"_cnpmcore_publish_time":"2022-01-25T19:41:44.594Z","publish_time":1643139697880,"_cnpm_publish_time":1643139697880},"2.0.2":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"https://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"2.0.2","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"connect":"^3.7.0","mocha":"^8.3.2","standard":"^16.0.3","supertest":"^6.1.3"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"c1cbd2c52d02eddfc9796e8b046b18a1eb51a421","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@2.0.2","_nodeVersion":"15.12.0","_npmVersion":"7.6.3","dist":{"shasum":"3739a20bf98159852f26b7be76e72abaf1c36370","size":2698,"noattachment":false,"key":"/hpkp/-/hpkp-2.0.2.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-2.0.2.tgz"},"_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"directories":{},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/hpkp_2.0.2_1618277375836_0.8972023026511287"},"_hasShrinkwrap":false,"publish_time":1618277376201,"_cnpm_publish_time":1618277376201},"2.0.1":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"https://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"2.0.1","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"connect":"^3.7.0","mocha":"^8.1.1","standard":"^14.3.4","supertest":"^4.0.2"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"75ecd05f7ee4e7f3479ec8083582af8596419682","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@2.0.1","_nodeVersion":"14.7.0","_npmVersion":"6.14.7","dist":{"shasum":"9422bc8671073e907c0557eceb101378547b0ce6","size":2723,"noattachment":false,"key":"/hpkp/-/hpkp-2.0.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-2.0.1.tgz"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/hpkp_2.0.1_1596902787947_0.958943129159344"},"_hasShrinkwrap":false,"publish_time":1596902788199,"_cnpm_publish_time":1596902788199},"2.0.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"2.0.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"connect":"^3.5.0","mocha":"^3.1.2","standard":"^8.5.0","supertest":"^2.0.1"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"100cb85425dee6acd0928160b8082bf70681b585","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@2.0.0","_shasum":"10e142264e76215a5d30c44ec43de64dee6d1672","_from":".","_npmVersion":"4.0.1","_nodeVersion":"7.0.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"10e142264e76215a5d30c44ec43de64dee6d1672","size":3548,"noattachment":false,"key":"/hpkp/-/hpkp-2.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-2.0.0.tgz"},"_npmOperationalInternal":{"host":"packages-18-east.internal.npmjs.com","tmp":"tmp/hpkp-2.0.0.tgz_1477685770588_0.13148624473251402"},"directories":{},"publish_time":1477685774467,"_cnpm_publish_time":1477685774467,"_hasShrinkwrap":false},"1.2.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"1.2.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"connect":"^3.5.0","mocha":"^3.1.0","standard":"^8.3.0","supertest":"^2.0.0"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"1a8ceb1b775d09112737b427fdba277773e4721f","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@1.2.0","_shasum":"83f2cb38b26cff21daf26e2ff4b57126921dec65","_from":".","_npmVersion":"3.10.8","_nodeVersion":"6.7.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"83f2cb38b26cff21daf26e2ff4b57126921dec65","size":3439,"noattachment":false,"key":"/hpkp/-/hpkp-1.2.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-1.2.0.tgz"},"_npmOperationalInternal":{"host":"packages-16-east.internal.npmjs.com","tmp":"tmp/hpkp-1.2.0.tgz_1475275792187_0.8759076928254217"},"directories":{},"publish_time":1475275793420,"_cnpm_publish_time":1475275793420,"_hasShrinkwrap":false},"1.1.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"1.1.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"test":"standard && mocha"},"devDependencies":{"connect":"^3.4.1","mocha":"^2.4.5","standard":"^6.0.7","supertest":"^1.2.0"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"86ea3eded9df7092d0402fb4f4807caa85669b1b","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@1.1.0","_shasum":"77bdff1f331847fb9f40839d00a45032baed4df4","_from":".","_npmVersion":"3.7.5","_nodeVersion":"5.7.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"77bdff1f331847fb9f40839d00a45032baed4df4","size":2600,"noattachment":false,"key":"/hpkp/-/hpkp-1.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-1.1.0.tgz"},"_npmOperationalInternal":{"host":"packages-11-east.internal.npmjs.com","tmp":"tmp/hpkp-1.1.0.tgz_1456880608061_0.2767970743589103"},"directories":{},"publish_time":1456880610141,"_cnpm_publish_time":1456880610141,"_hasShrinkwrap":false},"1.0.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"1.0.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"test":"standard && mocha"},"devDependencies":{"connect":"^3.4.0","mocha":"^2.3.4","standard":"^5.4.1","supertest":"^1.1.0"},"standard":{"global":["beforeEach","describe","it"]},"gitHead":"3816f99ca0667f395a6a1c21fb089fa0423434c7","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@1.0.0","_shasum":"8483e4a9aac8055b603e42b902221a078cbf55f1","_from":".","_npmVersion":"3.5.3","_nodeVersion":"5.3.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"8483e4a9aac8055b603e42b902221a078cbf55f1","size":4245,"noattachment":false,"key":"/hpkp/-/hpkp-1.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-1.0.0.tgz"},"directories":{},"publish_time":1450465500687,"_cnpm_publish_time":1450465500687,"_hasShrinkwrap":false},"0.3.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"0.3.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"test":"mocha"},"devDependencies":{"connect":"^3.3.4","mocha":"^2.1.0","supertest":"^0.15.0"},"gitHead":"3ffdc19794d5a534b0255c5c35fedb29b6ffccfb","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@0.3.0","_shasum":"bf2ce9e5e8e08a09e2d98462e38a619db3ae0536","_from":".","_npmVersion":"3.3.12","_nodeVersion":"5.1.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"bf2ce9e5e8e08a09e2d98462e38a619db3ae0536","size":4109,"noattachment":false,"key":"/hpkp/-/hpkp-0.3.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-0.3.0.tgz"},"directories":{},"publish_time":1448562872847,"_cnpm_publish_time":1448562872847,"_hasShrinkwrap":false},"0.2.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"license":"MIT","contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"},{"name":"Tom Delmas","email":"tdelmas@gmail.com","url":"https://tdelmas.ovh"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"0.2.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"test":"mocha"},"devDependencies":{"connect":"^3.3.4","mocha":"^2.1.0","supertest":"^0.15.0"},"gitHead":"414029e2499f73e084349b0d7ad77e18ed2400e7","homepage":"https://github.com/helmetjs/hpkp#readme","_id":"hpkp@0.2.0","_shasum":"bf78b799c1c860a5e945755b677a38604b09b14b","_from":".","_npmVersion":"2.12.1","_nodeVersion":"0.12.6","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"bf78b799c1c860a5e945755b677a38604b09b14b","size":3953,"noattachment":false,"key":"/hpkp/-/hpkp-0.2.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-0.2.0.tgz"},"directories":{},"publish_time":1436404117122,"_cnpm_publish_time":1436404117122,"_hasShrinkwrap":false},"0.1.0":{"name":"hpkp","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Public Key Pinning (HPKP) middleware","version":"0.1.0","keywords":["helmet","security","express","connect","public-key pinning","https","cert","certificate"],"repository":{"type":"git","url":"git://github.com/helmetjs/hpkp.git"},"bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"scripts":{"test":"mocha"},"devDependencies":{"connect":"^3.3.4","mocha":"^2.1.0","supertest":"^0.15.0"},"dependencies":{"arraywrap":"^0.1.0"},"gitHead":"c138447e995c72ca8871adacb98156c6f97ebaae","homepage":"https://github.com/helmetjs/hpkp","_id":"hpkp@0.1.0","_shasum":"b612a7bb9928e88ab10261e858291d99bb9c4fec","_from":".","_npmVersion":"2.5.1","_nodeVersion":"0.12.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"b612a7bb9928e88ab10261e858291d99bb9c4fec","size":3883,"noattachment":false,"key":"/hpkp/-/hpkp-0.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hpkp/download/hpkp-0.1.0.tgz"},"directories":{},"publish_time":1425594484064,"_cnpm_publish_time":1425594484064,"_hasShrinkwrap":false}},"readme":"# HTTP Public Key Pinning (HPKP) middleware\n\n**This header has been deprecated citing risks of misuse, and therefore is not recommeded.** This module (`hpkp`) will not receive any new feature development but will still be maintained.\n\nAdds Public Key Pinning headers to Express/Connect applications. To learn more about HPKP, check out [the spec](https://tools.ietf.org/html/rfc7469), [the article on MDN](https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning), and [this tutorial](https://timtaubert.de/blog/2014/10/http-public-key-pinning-explained/).\n\n**Be very careful when deploying this**—you can easily misuse this header and cause problems. Chrome has dropped support for HPKP citing risks of misuse.\n\nUsage:\n\n```js\nconst express = require(\"express\");\nconst hpkp = require(\"hpkp\");\n\nconst app = express();\n\nconst ninetyDaysInSeconds = 7776000;\napp.use(\n  hpkp({\n    maxAge: ninetyDaysInSeconds,\n    sha256s: [\"AbCdEf123=\", \"ZyXwVu456=\"],\n    includeSubDomains: true, // optional\n    reportUri: \"http://example.com\", // optional\n    reportOnly: false, // optional\n\n    // Set the header based on a condition.\n    // This is optional.\n    setIf(req, res) {\n      return req.secure;\n    },\n  })\n);\n```\n\nSetting `reportOnly` to `true` will change the header from `Public-Key-Pins` to `Public-Key-Pins-Report-Only`.\n\nDon't let these get out of sync with your certs! It's also recommended to test your HPKP deployment in `reportOnly` mode, or alternatively, to use a very short `maxAge` until you're confident your deployment is correct.\n","_attachments":{},"homepage":"https://github.com/helmetjs/hpkp#readme","bugs":{"url":"https://github.com/helmetjs/hpkp/issues"},"license":"MIT"}