{"_id":"hsts","_rev":"1754175","name":"hsts","description":"HTTP Strict Transport Security middleware.","dist-tags":{"latest":"2.2.0"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"time":{"modified":"2021-11-29T01:35:15.000Z","created":"2014-10-28T14:18:30.827Z","2.2.0":"2019-03-10T17:31:37.991Z","2.1.0":"2017-07-21T20:17:51.938Z","2.0.0":"2016-10-28T20:31:31.634Z","1.0.0":"2015-12-18T20:56:18.309Z","0.2.0":"2015-09-22T19:09:18.621Z","0.1.3":"2015-06-02T21:52:26.016Z","0.1.2":"2015-04-22T00:22:50.648Z","0.1.1":"2015-03-23T15:53:28.188Z","0.1.0":"2014-10-28T14:18:30.827Z"},"users":{"vbv":true,"max_devjs":true,"martinspinks":true,"rocket0191":true,"astesio":true},"author":{"name":"Adam Baldwin","email":"adam@npmjs.com","url":"https://evilpacket.net"},"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"versions":{"2.2.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"adam@npmjs.com","url":"https://evilpacket.net"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"https://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"2.2.0","license":"MIT","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"homepage":"https://helmetjs.github.io/docs/hsts/","bugs":{"url":"https://github.com/helmetjs/hsts/issues","email":"me@evanhahn.com"},"engines":{"node":">=4.0.0"},"scripts":{"pretest":"standard --fix","test":"mocha"},"devDependencies":{"connect":"^3.6.6","mocha":"^6.0.2","standard":"^12.0.1","supertest":"^4.0.0"},"standard":{"globals":["describe","beforeEach","it"]},"dependencies":{"depd":"2.0.0"},"gitHead":"d6305164306dbaad45006c9f4e4267fe9cdb30cb","_id":"hsts@2.2.0","_nodeVersion":"11.10.1","_npmVersion":"6.7.0","dist":{"shasum":"09119d42f7a8587035d027dda4522366fe75d964","size":3213,"noattachment":false,"key":"/hsts/-/hsts-2.2.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-2.2.0.tgz"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/hsts_2.2.0_1552239097566_0.2629698030356704"},"_hasShrinkwrap":false,"publish_time":1552239097991,"_cnpm_publish_time":1552239097991},"2.1.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"https://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"2.1.0","license":"MIT","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"connect":"^3.6.2","mocha":"^3.4.2","standard":"^10.0.2","supertest":"^3.0.0"},"standard":{"globals":["describe","beforeEach","it"]},"gitHead":"e182acea8833e2714572d6f897a7fd0cf924b1a1","homepage":"https://github.com/helmetjs/hsts#readme","_id":"hsts@2.1.0","_npmVersion":"5.3.0","_nodeVersion":"8.2.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"dist":{"shasum":"cbd6c918a2385fee1dd5680bfb2b3a194c0121cc","size":3712,"noattachment":false,"key":"/hsts/-/hsts-2.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-2.1.0.tgz"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/hsts-2.1.0.tgz_1500668271867_0.2635917938314378"},"directories":{},"publish_time":1500668271938,"_hasShrinkwrap":false,"_cnpm_publish_time":1500668271938},"2.0.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"2.0.0","license":"MIT","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"pretest":"standard","test":"mocha"},"devDependencies":{"mocha":"^3.1.2","sinon":"^1.17.6","standard":"^8.5.0"},"dependencies":{"core-util-is":"1.0.2"},"standard":{"globals":["describe","beforeEach","it"]},"gitHead":"8143a36eecf2d16b0b85915b51546da57c6af3cd","homepage":"https://github.com/helmetjs/hsts#readme","_id":"hsts@2.0.0","_shasum":"a52234c6070decf214b2b6b70bb144d07e4776c7","_from":".","_npmVersion":"4.0.1","_nodeVersion":"7.0.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"a52234c6070decf214b2b6b70bb144d07e4776c7","size":3748,"noattachment":false,"key":"/hsts/-/hsts-2.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-2.0.0.tgz"},"_npmOperationalInternal":{"host":"packages-18-east.internal.npmjs.com","tmp":"tmp/hsts-2.0.0.tgz_1477686688850_0.04222502280026674"},"directories":{},"publish_time":1477686691634,"_cnpm_publish_time":1477686691634,"_hasShrinkwrap":false},"1.0.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"1.0.0","license":"MIT","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"standard && mocha"},"devDependencies":{"mocha":"^2.3.4","sinon":"^1.17.2","standard":"^5.4.1"},"dependencies":{"core-util-is":"1.0.2"},"standard":{"globals":["describe","beforeEach","it"]},"gitHead":"913959a09ec65514128d007107ec822caf827eb4","homepage":"https://github.com/helmetjs/hsts#readme","_id":"hsts@1.0.0","_shasum":"98e1039ef7aba554057b6b0e32584c0b1143a414","_from":".","_npmVersion":"3.5.3","_nodeVersion":"5.3.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"98e1039ef7aba554057b6b0e32584c0b1143a414","size":4674,"noattachment":false,"key":"/hsts/-/hsts-1.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-1.0.0.tgz"},"directories":{},"publish_time":1450472178309,"_cnpm_publish_time":1450472178309,"_hasShrinkwrap":false},"0.2.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"0.2.0","license":"MIT","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"mocha"},"devDependencies":{"mocha":"^2.2.1","sinon":"^1.14.1"},"dependencies":{"core-util-is":"1.0.1"},"gitHead":"45884806d7fa19ef4eb95c47e33289cbba5b7000","homepage":"https://github.com/helmetjs/hsts#readme","_id":"hsts@0.2.0","_shasum":"8dbc4957783cecfad4243bdf846aecc375836bc5","_from":".","_npmVersion":"2.14.3","_nodeVersion":"4.1.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"dist":{"shasum":"8dbc4957783cecfad4243bdf846aecc375836bc5","size":3764,"noattachment":false,"key":"/hsts/-/hsts-0.2.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-0.2.0.tgz"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"directories":{},"publish_time":1442948958621,"_cnpm_publish_time":1442948958621,"_hasShrinkwrap":false},"0.1.3":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"0.1.3","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"mocha"},"devDependencies":{"mocha":"^2.2.1","sinon":"^1.14.1"},"dependencies":{"core-util-is":"1.0.1"},"gitHead":"d9deb6a59940f1d4dc42168e7bf721f23e96931f","homepage":"https://github.com/helmetjs/hsts#readme","_id":"hsts@0.1.3","_shasum":"be84997e93d58898b6251e14cbb6eac159834bfd","_from":".","_npmVersion":"2.11.0","_nodeVersion":"0.12.4","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"be84997e93d58898b6251e14cbb6eac159834bfd","size":4573,"noattachment":false,"key":"/hsts/-/hsts-0.1.3.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-0.1.3.tgz"},"directories":{},"publish_time":1433281946016,"_cnpm_publish_time":1433281946016,"_hasShrinkwrap":false},"0.1.2":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"0.1.2","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"mocha"},"devDependencies":{"mocha":"^2.2.1","sinon":"^1.14.1"},"dependencies":{"core-util-is":"1.0.1"},"gitHead":"295b2780145bec2d288a68b1c6e523d136fc5311","homepage":"https://github.com/helmetjs/hsts","_id":"hsts@0.1.2","_shasum":"56e3422703f64264b106aeb6817496dcf71ba4fa","_from":".","_npmVersion":"2.7.4","_nodeVersion":"0.12.2","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"56e3422703f64264b106aeb6817496dcf71ba4fa","size":4563,"noattachment":false,"key":"/hsts/-/hsts-0.1.2.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-0.1.2.tgz"},"directories":{},"publish_time":1429662170648,"_cnpm_publish_time":1429662170648,"_hasShrinkwrap":false},"0.1.1":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"0.1.1","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"mocha"},"devDependencies":{"mocha":"^2.2.1","sinon":"^1.14.1"},"dependencies":{"lodash":"3.5.0"},"gitHead":"b57770e51c54fa3bedb8cd97abb3372006c0a5da","homepage":"https://github.com/helmetjs/hsts","_id":"hsts@0.1.1","_shasum":"b7d7e374893d040efc7781e8505f3f6a4b007f8d","_from":".","_npmVersion":"2.5.1","_nodeVersion":"0.12.0","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"b7d7e374893d040efc7781e8505f3f6a4b007f8d","size":4536,"noattachment":false,"key":"/hsts/-/hsts-0.1.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-0.1.1.tgz"},"directories":{},"publish_time":1427126008188,"_cnpm_publish_time":1427126008188,"_hasShrinkwrap":false},"0.1.0":{"name":"hsts","author":{"name":"Adam Baldwin","email":"baldwin@andyet.net","url":"http://andyet.net/team/baldwin"},"contributors":[{"name":"Evan Hahn","email":"me@evanhahn.com","url":"http://evanhahn.com"}],"description":"HTTP Strict Transport Security middleware.","version":"0.1.0","keywords":["helmet","security","express","connect","hsts","https"],"repository":{"type":"git","url":"git://github.com/helmetjs/hsts.git"},"bugs":{"url":"https://github.com/helmetjs/hsts/issues"},"scripts":{"test":"mocha"},"devDependencies":{"mocha":"^2.0.1","sinon":"^1.11.1"},"dependencies":{"underscore":"1.7.0"},"gitHead":"5ef8c20a86706ba8c52e514ec522cc1865bc9502","homepage":"https://github.com/helmetjs/hsts","_id":"hsts@0.1.0","_shasum":"0869ab8886767ec7fa7a107cb311554babbf700a","_from":".","_npmVersion":"1.4.28","_npmUser":{"name":"evanhahn","email":"me@evanhahn.com"},"maintainers":[{"name":"evanhahn","email":"me@evanhahn.com"}],"dist":{"shasum":"0869ab8886767ec7fa7a107cb311554babbf700a","size":3599,"noattachment":false,"key":"/hsts/-/hsts-0.1.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/hsts/download/hsts-0.1.0.tgz"},"directories":{},"publish_time":1414505910827,"_cnpm_publish_time":1414505910827,"_hasShrinkwrap":false}},"readme":"HTTP Strict Transport Security middleware\n========================================\n[![Build Status](https://travis-ci.org/helmetjs/hsts.svg?branch=master)](https://travis-ci.org/helmetjs/hsts)\n[![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)\n\nThis middleware adds the `Strict-Transport-Security` header to the response. This tells browsers, \"hey, only use HTTPS for the next period of time\". ([See the spec](http://tools.ietf.org/html/rfc6797) for more.) Note that the header won't tell users on HTTP to *switch* to HTTPS, it will just tell HTTPS users to stick around. You can enforce HTTPS with the [express-enforces-ssl](https://github.com/aredo/express-enforces-ssl) module.\n\nThis will set the Strict Transport Security header, telling browsers to visit by HTTPS for the next 180 days:\n\n```javascript\nconst hsts = require('hsts')\n\napp.use(hsts({\n  maxAge: 15552000  // 180 days in seconds\n}))\n// Strict-Transport-Security: max-age: 15552000; includeSubDomains\n```\n\nNote that the max age must be in seconds. *This was different in previous versions of this module!*\n\nThe `includeSubDomains` directive is present by default. If this header is set on *example.com*, supported browsers will also use HTTPS on *my-subdomain.example.com*. You can disable this:\n\n```javascript\napp.use(hsts({\n  maxAge: 15552000,\n  includeSubDomains: false\n}))\n```\n\nSome browsers let you submit your site's HSTS to be baked into the browser. You can add `preload` to the header with the following code. You can check your eligibility and submit your site at [hstspreload.org](https://hstspreload.org/).\n\n```javascript\napp.use(hsts({\n  maxAge: 31536000,        // Must be at least 1 year to be approved\n  includeSubDomains: true, // Must be enabled to be approved\n  preload: true\n}))\n```\n\nThis header will always be set because [the header is ignored in insecure HTTP](https://tools.ietf.org/html/rfc6797#section-8.1). You may wish to set it conditionally:\n\n```javascript\nconst hstsMiddleware = hsts({\n  maxAge: 1234000\n})\n\napp.use((req, res, next) => {\n  if (req.secure) {\n    hstsMiddleware(req, res, next)\n  } else {\n    next()\n  }\n})\n```\n\nThis header is [somewhat well-supported by browsers](https://caniuse.com/#feat=stricttransportsecurity).\n","_attachments":{},"homepage":"https://helmetjs.github.io/docs/hsts/","bugs":{"url":"https://github.com/helmetjs/hsts/issues","email":"me@evanhahn.com"},"license":"MIT"}