Logo

Security Guide

XyPriss includes comprehensive security features to protect your application from common vulnerabilities. This guide covers basic configuration, security levels, and best practices.

Basic Security Configuration

Enable core security features globally in your server options:

typescript
import { createServer } from "xypriss";

const server = createServer({
    security: {
        enabled: true,
        csrf: true,
        rateLimit: {
            max: 100,
            windowMs: 15 * 60 * 1000, // 100 requests per 15 minutes
        },
    },
});

Security Levels

XyPriss offers three pre-defined security levels to quickly configure your application's defensive posture.

Basic

  • Essential security headers
  • Basic CORS protection
  • Request logging

Enhanced

  • All basic features
  • CSRF protection
  • Rate limiting
  • Input sanitization
  • XSS protection

Maximum

  • All enhanced features
  • Strict CSP policies
  • Advanced rate limiting
  • IP whitelisting/blacklisting
  • Request signature validation
typescript
const server = createServer({
    security: {
        enabled: true,
        level: "enhanced", // "basic" | "enhanced" | "maximum"
    },
});

Security Headers

XyPriss automatically sets secure HTTP headers using Helmet. You can customize these directives in your configuration:

typescript
const server = createServer({
    security: {
        helmet: {
            contentSecurityPolicy: {
                directives: {
                    defaultSrc: ["'self'"],
                    styleSrc: ["'self'", "'unsafe-inline'"],
                    scriptSrc: ["'self'"],
                    imgSrc: ["'self'", "data:", "https:"],
                },
            },
            hsts: {
                maxAge: 31536000,
                includeSubDomains: true,
                preload: true,
            },
        },
    },
});

Security Best Practices

Always enable HTTPS in production
Use environment variables for sensitive data
Implement rate limiting on auth endpoints
Validate and sanitize all user inputs
Keep dependencies updated regularly
Use CSRF protection for state-changing ops
Implement proper authentication
Log security events for monitoring

Monitoring & Logging

Enable security event logging to monitor for suspicious activity:

typescript
const server = createServer({
    logging: {
        enabled: true,
        level: "info",
        components: {
            security: true,
        },
    },
    security: {
        enabled: true,
        logSecurityEvents: true,
    },
});
XyPriss Security Shield
For projects requiring advanced protection, install the optional security shield:
bash
xfpm install xypriss-security

Data Privacy & Disclosure

At Nehonix, we prioritize the privacy and security of your data. We are committed to total transparency regarding data handling:

Zero External Data Collection

XyPriss is designed as a self-contained framework. Nehonix does not collect, store, or transmit any application data, user information, or server metrics to external servers. All logic executed by the framework stays within your local infrastructure, ensuring absolute data sovereignty.

The only external requests made by official components (such as XyNginC or XFPM) are strictly for fetching necessary updates, security templates, or package metadata from official GitHub repositories.

Environment Shield

Secure your server by preventing unauthorized access to sensitive system files and directories.