npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

security-gateway

v1.0.0

Published

A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

unichronicunichronic

Keywords

securitygatewayproxyhoneypotdecoyattack-detection

Readme

Security Gateway

A plug-and-play security gateway that detects malicious traffic and redirects it to a decoy API. This middleware/gateway sits between your clients and your actual API to protect against various types of attacks.

Features

  • Attack Detection: Identifies SQL injection, XSS, path traversal, and command injection attempts
  • Traffic Redirection: Redirects suspicious traffic to a decoy API
  • Rate Limiting: Prevents brute force attacks
  • Honeypot Features: Adds misleading headers and response data
  • Admin Dashboard: Real-time monitoring of suspicious activities
  • Configurable: Easy configuration via environment variables or options object
  • Docker Support: Ready-to-use Docker configuration for quick deployment

Installation

npm install security-gateway

Usage

As a standalone gateway

The simplest way to use Security Gateway is as a standalone service:

// server.js
const createSecurityGateway = require('security-gateway');

const gateway = createSecurityGateway({
  server: {
    port: 3000
  },
  endpoints: {
    realApi: "http://your-real-api.com",
    decoyApi: "http://your-decoy-api.com"
  }
});

gateway.start().then(() => {
  console.log('Security Gateway is running!');
});

As Express middleware

You can also use it as middleware in an existing Express application:

const express = require('express');
const createSecurityGateway = require('security-gateway');

const app = express();
const gateway = createSecurityGateway();

// Use the gateway's app as middleware
app.use(gateway.app);

app.listen(3000, () => {
  console.log('Application with Security Gateway is running on port 3000');
});

Using Docker Compose

For a quick setup with Docker:

  1. Clone this repository
  2. Configure your environment variables in a .env file (see .env.example)
  3. Run with Docker Compose:
docker-compose up -d

Configuration

You can configure the Security Gateway using environment variables or by passing an options object.

Available Options

| Option | Environment Variable | Default | Description | |--------|---------------------|---------|-------------| | server.port | PORT | 3000 | Port for the gateway server | | server.logFormat | LOG_FORMAT | combined | Morgan log format | | endpoints.realApi | API_URL | http://localhost:8080 | URL of your real API | | endpoints.decoyApi | DECOY_URL | http://localhost:8081 | URL of the decoy API | | endpoints.adminDashboard | ADMIN_DASHBOARD_PATH | /admin/dashboard | Path to access the admin dashboard | | security.rateLimit.enabled | RATE_LIMIT_ENABLED | true | Enable/disable rate limiting | | security.rateLimit.max | RATE_LIMIT_MAX | 100 | Maximum requests per time window | | security.rateLimit.windowMs | RATE_LIMIT_WINDOW_MS | 900000 | Time window in milliseconds (15 minutes) | | security.attackPatterns.sqlInjection | DETECT_SQL_INJECTION | true | Enable SQL injection detection | | security.attackPatterns.xss | DETECT_XSS | true | Enable XSS detection | | security.attackPatterns.pathTraversal | DETECT_PATH_TRAVERSAL | true | Enable path traversal detection | | security.attackPatterns.commandInjection | DETECT_COMMAND_INJECTION | true | Enable command injection detection | | security.honeypot.addHeaders | ADD_HONEYPOT_HEADERS | true | Add fake server headers | | security.honeypot.modifyResponses | MODIFY_RESPONSES | true | Add honeypot data to responses |

Admin Dashboard

Access the admin dashboard at /admin/dashboard (or your configured path) to monitor:

  • Suspicious IP addresses
  • Attack history
  • Real-time statistics

Creating a Decoy API

The Security Gateway redirects suspicious traffic to a decoy API. You can use the included decoy-api.js file as a starting point or create your own.

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License.