3 thoughts on “It a good idea add the helmet lib how default in the express?

  1. Security should be a concept handled at design / architecture stage of an App / Service and not a package being added to core – please don‘t even consider adding it to core.

  2. Please keep express minimalistic and free of opinionated middleware. I especially don’t like how helmet was written. The core concepts in helmet are good, but most of it is setting the correct response headers. Trivial stuff to rewrite.

    If OP wants to include certain middleware into their app then encourage them to write their own opinionated app framwework on top of express.

  3. Definitely we don’t need a big, bloated with ‘middleware of someone choice’ Express. Keep it minimal.

    And leave links to all good middlewares in “best practices’ (just like it is now). People will find it, learn it and use if them need it.

Comments are closed.