node-express-security

A simple http/express anti bot package for node.js

Usage no npm install needed!

<script type="module">
  import nodeExpressSecurity from 'https://cdn.skypack.dev/node-express-security';
</script>

README

Express Security

Express Security is A simple http/express anti bot package

It also works with custom servers using the custom() function (More info bellow)

Setup

To setup simply type npm install node-express-security --save in a console

Then in your script add const expressSecurity = require("node-express-security")

Detecting bots

expressSecurity.http(httpRequest) - Should also works with express - Passes the user agent and ip into custom()

expressSecurity.custom(userAgent, ip(optional)) - Used for custom user agents - Returns a json containing wether the bot is a risk (isRisk), the risk (risk) and why it is a risk (riskReason)

Adding/Removing bots and ips from the list

By default there is a list of bad bots in knowrisks.js, you can modify this file or use the functions bellow

expressSecurity.excludeIps(ips[]) - Removes the given ips from the ip list

expressSecurity.excludeBots(bots[]) - Just like excludeIps() but for bots

expressSecurity.includeIps(ips[]) - Adds the given ips to the ip list

expressSecurity.includeBots(bots[]) - Just like includeIps() but for bots

expressSecurity.whitelistIps(ips[]) - Makes it so only the given ips can get through

expressSecurity.clearIps() - Reset the ip list

expressSecurity.clearBots() - Just like clearIps() but for bots