got-ssrf

    1.2.0 • Public • Published

    Welcome to got-ssrf 👋

    CircleCI Version Downloads

    Protect Got requests from SSRF

    🏠 Homepage

    Why does this matter?

    SSRF is the evil sibling to CSRF that essentially allows RCE against your backends: https://portswigger.net/web-security/ssrf.

    This module automatically rejects all suchs requests so you can safely use got without even thinking about it.

    Install

    npm i got-ssrf

    Usage

    Note that this package is ESM-only; see https://gist.github.com/sindresorhus/a39789f98801d908bbc7ff3ecc99d99c for what to do if you're using CJS (i.e. require()).

    import { gotSsrf } from 'got-ssrf'
    
    await gotSsrf(url) // automatically filters requests for safety

    If you have any other plugins you want to "mix" got-ssrf with, see https://github.com/sindresorhus/got/blob/main/documentation/examples/advanced-creation.js for how to do so. Example:

    import got from 'got'
    import { gotSsrf } from 'got-ssrf'
    import { gotInstance } from 'some-other-got-plugin'
    
    const merged = got.extend(gotSsrf, gotInstance)

    Run tests

    npm test

    Author

    👤 Jane Jeon me@janejeon.dev

    🤝 Contributing

    Contributions, issues and feature requests are welcome!
    Feel free to check issues page.

    Show your support

    Give a ⭐️ if this project helped you!

    📝 License

    Copyright © 2021 Jane Jeon me@janejeon.dev.
    This project is LGPL-3.0 licensed.

    Install

    npm i got-ssrf

    DownloadsWeekly Downloads

    17

    Version

    1.2.0

    License

    LGPL-3.0

    Unpacked Size

    15.4 kB

    Total Files

    8

    Last publish

    Collaborators

    • janejeon