@sharkmine/rasp

Runtime Application Self-Protection middleware for Express apps — powered by SharkMine.

Install

npm install @sharkmine/rasp

Usage

Add this before any routes in your server file:

const express = require('express');
const { sharkmineRasp } = require('@sharkmine/rasp');

const app = express();
app.use(express.json()); // body parser must come first

// SharkMine RASP — paste your agentId and secret from the dashboard
app.use(sharkmineRasp({
  agentId: 'rasp_xxxxxxxx_xxxxxx',
  secret:  'your-webhook-secret',
}));

// Your routes below
app.get('/', (req, res) => res.send('Hello world'));
app.listen(3000);

What it detects

| Check | What it catches | |---|---| | sqli | SQL injection — UNION, SELECT, stacked queries, boolean/time-based blind | | xss | Cross-site scripting — <script>, event handlers, javascript:, encoded variants | | path | Path traversal — ../, null bytes, /etc/passwd probes | | lfi | Local file inclusion — php://input, filter wrappers | | bot | Malicious scanners — sqlmap, nikto, nuclei, headless browsers, missing UA | | brute | Brute force — >30 requests/min from same IP | | api | API abuse — non-standard methods, oversized bodies, template injection, XXE |

Modes

Set in your SharkMine dashboard:

• Block — returns 403 Forbidden and logs the event
• Monitor — logs the event, lets the request through
• Challenge — logs the event, lets the request through (challenge page coming soon)

Optional: accurate geo-IP

Install geoip-lite for country detection in your event logs:

npm install geoip-lite

Without it, the middleware still works — country will just show as null.

Notes

• Zero latency impact — events are sent fire-and-forget, never blocking your request
• No cold start — agent config is cached in-process and refreshed every 60 seconds
• No crashes — all ingest errors are swallowed; your app keeps running regardless
• Node 18+ required (uses native fetch and AbortSignal.timeout)