Apply Helmet to Express apps | Critiq Docs

#Metadata

Rule ID: ts.security.express-missing-helmet
Severity: medium
Confidence: 0.82
Languages: javascript, typescript
Presets: security, strict
Stability: stable
Applies to: file
Tags: express, headers, rules-catalog, security

#Why it matters

Helmet packages several response-header protections that are easy to miss or drift when managed ad hoc.

#Remediation

Apply `helmet()` or an equivalent set of header protections near application startup.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.express-missing-helmet.rule.yaml.

Back to registry Open rule in repository