_____ _ _ _____ _____ _____ _____ _
/ ____| | | | /\ | __ \| __ \| __ \ /\ |_ _| |
| | __| | | | / \ | |__) | | | | |__) | / \ | | | |
| | |_ | | | | / /\ \ | _ /| | | | _ / / /\ \ | | | |
| |__| | |__| |/ ____ \| | \ \| |__| | | \ \/ ____ \ _| |_| |____
\_____|\____//_/ \_\_| \_\_____/|_| \_\_/ \_\_____|______|
Your intelligent security co-pilot for Node.js applications
Think of GuardRail.js as your personal security guard, working 24/7 to protect your Node.js applications from vulnerabilities, attacks, and common security oversights. Just as a physical guardrail prevents vehicles from going off course, GuardRail.js keeps your application safely on track.
- SQL Injection Shield - Advanced protection against database attacks
- XSS Guardian - Comprehensive Cross-Site Scripting prevention
- CSRF Barrier - Robust Cross-Site Request Forgery protection
- CI/CD Integration - Seamless GitHub Actions workflow
- Dependency Scanning - Real-time vulnerability checking
- Security Reports - Detailed, actionable insights
- Easy Setup - Get started in minutes
- Clear Documentation - Comprehensive guides and examples
- Active Community - Regular updates and support
# Install GuardRail.js
npm install guardrail-js
# Initialize security pipeline
npx guardrail init
# Run security checks
npm run security:scanconst guardrail = require('guardrail-js');
// Initialize protection
guardrail.init({
app: expressApp,
level: 'strict',
reporting: true
});
// Run security scan
const results = await guardrail.scan();guardrail-js/
├── .github/ # GitHub specific configurations
│ ├── workflows/ # GitHub Actions workflows
│ │ └── security.yml # Main security pipeline
│ └── dependabot.yml # Dependency update configuration
│
├── config/
│ └── security.js
│
├── security-tests/ # Security testing suite
│ ├── sql-injection.js # SQL injection prevention tests
│ └── xss.js # XSS prevention tests
│
├── scripts/ # Utility scripts
│ └── generate-security-report.js # Security report generator
│
├── reports/ # Generated reports directory
│ └── security-report.md # Latest security scan report
│
├── src/ # Source code
│ ├── middleware.js
│ ├── headers.js
│ ├── monitoring.js
│ └── index.js # Main entry point
│
├── .eslintrc-security.json # Security-focused ESLint rules
├── package.json # Project dependencies and scripts
└── README.md # Project documentation
Runtime: Node.js ≥ 18
Testing: Jest + Supertest
Security: Helmet, Express-rate-limit
CI/CD: GitHub Actions
Reporting: Custom markdown generator
Static Analysis: ESLint + security plugins
$ npm run security:report
🛡️ GuardRail.js Security Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
✅ Dependencies: All Clear
✅ Security Tests: 24/24 Passed
✅ Code Analysis: No VulnerabilitiesWe believe in the power of community! Here's how you can contribute:
- 🍴 Fork the repository
- 🌿 Create your feature branch (
git checkout -b feature/AmazingFeature) - 💾 Commit your changes (
git commit -m 'Add some AmazingFeature') - 📤 Push to the branch (
git push origin feature/AmazingFeature) - 🎁 Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
MEHDI BAFDIL
- GitHub: @mehdibafdil
- Email: mehdibafdil@gmail.com
- Medium: Mehdi BAFDIL
Contributions, issues, and feature requests are welcome! Feel free to check the issues page.
Give a ⭐️ if this project helped you!
Make sure to properly configure your machine learning model and vectorizer files before deployment.