JSJ 311: Securing Express Apps with Helmet.js with Evan Hahn

JavaScript Jabber


  • Charles Max Wood

Special Guests: Evan Hahn

In this episode, the JavaScript Jabber panelists discuss securing Express apps with Helmet.js with Evan Hahn. Evan is a developer at Airtable, which is a company that builds spreadsheet applications that are powerful enough that you can make applications with. He has also worked at Braintree, which does payment processing for companies. They talk about what Helmet.js is, when you would want to use it, and why it can help secure your Express apps. They also touch on when you wouldn’t want to use Helmet and the biggest thing that it saves you from in your code.

In particular, we dive pretty deep on:

  • Evan intro
  • JavaScript
  • What is Helmet.js?
  • Node and Express
  • Why would you use the approach of Middleware?
  • Helmet is not the only solution
  • Http headers
  • Current maintainer of Helmet.js
  • npm
  • Has added a lot to the project, but is not the original creator
  • Outbound HTTP response headers
  • Helmet doesn’t fully secure your app but it does help secure it
  • How does using Helmet work?
  • Are there instances when you wouldn’t want to use Helmet?
  • No cash middleware
  • Where do you set the configuration options?
  • Top level Helmet module
  • 12 modules
  • What is the biggest thing that Helmet saves you from?
  • Content security policy code
  • And much, much more!





Audio Player