npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

tl-enterprise-security-suite

v2.1.6

Published

Enterprise-grade security module for frontend and backend applications with comprehensive protection against XSS, CSRF, SQL injection, and other security vulnerabilities

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

soumyadeep__5soumyadeep__5

Keywords

securityxss-protectioncsrf-protectionsql-injection-preventionhelmetsanitizationcryptographyjwtauthenticationauthorizationnestjsreactenterpriseproduction-readyowaspsecurity-headersrate-limitingaudit-logging

Readme

TL Shared Security

Enterprise-grade security module for frontend and backend applications with comprehensive protection against XSS, CSRF, SQL injection, and other security vulnerabilities.

Features

  • XSS Protection: Advanced XSS sanitization for both frontend and backend
  • CSRF Protection: Modern CSRF protection with secure token handling
  • SQL Injection Prevention: Input validation and sanitization guards
  • Rate Limiting: Configurable rate limiting middleware
  • Security Headers: Comprehensive security headers management
  • Cryptography: Secure encryption, hashing, and JWT handling
  • Session Security: Secure session management with configurable options
  • Security Monitoring: Real-time security event monitoring and alerting
  • Secrets Management: Secure secrets storage and rotation
  • Content Security Policy: Configurable CSP with nonce support

Installation

npm install tl-shared-security

Quick Start

Backend (NestJS)

import { SecurityModule } from 'tl-shared-security/backend';

@Module({
  imports: [
    SecurityModule.forRoot({
      enableHelmet: true,
      enableXssSanitization: true,
      enableCsrf: true,
      enableRateLimiter: true,
      enableSecurityMonitoring: true,
    }),
  ],
})
export class AppModule {}

Frontend

import { xssSanitizer, securityHeaders, cspConfig } from 'tl-shared-security/frontend';

// Sanitize user input
const cleanInput = xssSanitizer.sanitize(userInput);

// Apply security headers
securityHeaders.applyToDocument();

// Configure CSP
cspConfig.applyToDocument();

Cryptography

import { cryptoService, jwtService } from 'tl-shared-security/crypto';

// Hash password
const hashedPassword = cryptoService.hashPassword('password123');

// Generate JWT
const token = jwtService.sign({ userId: '123' }, 'secret');

// Encrypt data
const encrypted = cryptoService.encrypt('sensitive data', 'password');

Backend Components

Security Module

The main security module provides comprehensive protection:

SecurityModule.forRoot({
  enableHelmet: true,                    // Security headers
  enableXssSanitization: true,          // XSS protection
  enableCsrf: true,                     // CSRF protection
  enableRateLimiter: true,              // Rate limiting
  enableSecurityMonitoring: true,       // Security monitoring
  enableSessionSecurity: true,          // Session management
  enableSecretsManager: true,           // Secrets management
  enableSecurityHealth: true,           // Health endpoints
  rateLimiterOptions: {
    windowMs: 15 * 60 * 1000,          // 15 minutes
    max: 100,                          // 100 requests per window
  },
})

Guards and Interceptors

import { 
  SqlInjectionGuard, 
  SanitizeInterceptor,
  AuditLogInterceptor 
} from 'tl-shared-security/backend';

@Controller('api')
@UseGuards(SqlInjectionGuard)
@UseInterceptors(SanitizeInterceptor, AuditLogInterceptor)
export class ApiController {}

Security Monitoring

import { SecurityMonitoringService } from 'tl-shared-security/backend';

@Injectable()
export class MyService {
  constructor(private securityMonitoring: SecurityMonitoringService) {}

  logSecurityEvent() {
    this.securityMonitoring.logSecurityEvent({
      type: 'suspicious_activity',
      severity: 'high',
      ipAddress: '192.168.1.1',
      userAgent: 'Mozilla/5.0...',
      endpoint: '/api/sensitive',
      details: { reason: 'Multiple failed attempts' }
    });
  }
}

Frontend Components

XSS Sanitization

import { XssSanitizer, sanitizeInput } from 'tl-shared-security/frontend';

// Using default sanitizer
const clean = sanitizeInput('<script>alert("xss")</script>Hello');

// Custom sanitizer
const customSanitizer = new XssSanitizer({
  whiteList: {
    b: [],
    i: [],
    p: ['class'],
  }
});

const result = customSanitizer.sanitize(userInput);

Content Security Policy

import { CspConfig } from 'tl-shared-security/frontend';

const csp = new CspConfig({
  directives: {
    defaultSrc: ["'self'"],
    scriptSrc: ["'self'", "'nonce-abc123'"],
    styleSrc: ["'self'", "'unsafe-inline'"],
  }
});

// Apply to document
csp.applyToDocument();

// Get headers for server-side
const headers = csp.getHeaders();

Security Headers

import { SecurityHeaders } from 'tl-shared-security/frontend';

const headers = new SecurityHeaders({
  xssProtection: true,
  contentTypeOptions: true,
  frameOptions: 'deny',
  strictTransportSecurity: {
    maxAge: 31536000,
    includeSubDomains: true,
  }
});

headers.applyToDocument();

Cryptography

Password Hashing

import { cryptoService } from 'tl-shared-security/crypto';

// Hash password (recommended - uses bcrypt)
const hash = cryptoService.hashPassword('password123');

// Verify password
const isValid = cryptoService.verifyPassword('password123', hash);

// Async versions
const hashAsync = await cryptoService.hashPasswordAsync('password123');
const isValidAsync = await cryptoService.verifyPasswordAsync('password123', hashAsync);

Encryption

import { cryptoService } from 'tl-shared-security/crypto';

// Encrypt data
const encrypted = cryptoService.encrypt('sensitive data', 'password');

// Decrypt data
const decrypted = cryptoService.decrypt(encrypted, 'password');

// Generate secure tokens
const token = cryptoService.generateToken(32);
const uuid = cryptoService.generateUUID();

JWT Handling

import { jwtService } from 'tl-shared-security/crypto';

// Sign JWT
const token = jwtService.sign(
  { userId: '123', role: 'admin' },
  'secret',
  { expiresIn: 3600 }
);

// Verify JWT
try {
  const payload = jwtService.verify(token, 'secret');
  console.log(payload.userId);
} catch (error) {
  console.error('Invalid token');
}

// Decode without verification
const { header, payload } = jwtService.decode(token);

Configuration

Environment Variables

# Secrets Manager
SECRETS_MASTER_KEY=your-master-key-here

# Session Security
SESSION_MAX_AGE=3600000
SESSION_STRICT_IP=true

# General
NODE_ENV=production

Security Best Practices

  1. Always validate input on both client and server side
  2. Use HTTPS in production environments
  3. Set strong CSP policies to prevent XSS attacks
  4. Implement rate limiting to prevent abuse
  5. Monitor security events and set up alerts
  6. Rotate secrets regularly using the secrets manager
  7. Use secure session configuration with appropriate timeouts

API Reference

Backend Exports

  • SecurityModule - Main security module
  • SecurityConfigService - Configuration service
  • SecurityMonitoringService - Security event monitoring
  • SessionSecurityService - Session management
  • SecretsManagerService - Secrets management
  • SqlInjectionGuard - SQL injection protection
  • SanitizeInterceptor - Input sanitization
  • AuditLogInterceptor - Request logging
  • RateLimiterMiddleware - Rate limiting
  • LoggerMiddleware - Request logging
  • CorsMiddleware - CORS handling

Frontend Exports

  • XssSanitizer - XSS sanitization class
  • sanitizeInput - Quick sanitization function
  • CspConfig - Content Security Policy
  • SecurityHeaders - Security headers management
  • SecureStorage - Secure local storage
  • SecurityScanner - Security vulnerability scanner

Crypto Exports

  • CryptoService - Main cryptography service
  • JwtService - JWT handling
  • PasswordPolicyService - Password validation
  • cryptoService - Default crypto instance
  • jwtService - Default JWT instance

License

MIT

Contributing

Please read our contributing guidelines and submit pull requests to help improve this package.

Security

If you discover a security vulnerability, please send an email to [email protected] instead of using the issue tracker.