Hyde Security JS | Client-Side Security Library

Important: This library provides client-side security enhancements and is NOT a replacement for server-side security measures. Always implement proper backend authentication, authorization, and validation.

Overview

Hyde Security JS is a comprehensive client-side security library designed to protect web applications from common threats including XSS attacks, malicious debugging, bot activity, and DOM tampering. It's built for developers who demand production-grade security in their frontend applications.

The library provides easy-to-use APIs with minimal configuration and zero dependencies.

Core Features

DevTools Detection

Detect when browser developer tools are open and respond accordingly.

XSS Protection

Sanitize and validate user inputs to prevent cross-site scripting attacks.

Anti-Debug

Prevent code execution in debug mode and freeze debuggers.

Session Protection

Secure session management with token validation and expiration.

Bot Detection

Identify and block automated bot traffic patterns.

DOM Protection

Prevent unauthorized DOM manipulation and tampering attempts.

Quick Start

Basic Setup

import HydeSecurity from '@tirth1107/hyde-security-js';

// Initialize with default configuration
const security = new HydeSecurity();

// Enable all protections
security.enableAll();

Advanced Setup

import HydeSecurity from '@tirth1107/hyde-security-js';

const security = new HydeSecurity({
  devToolsDetection: true,
  xssProtection: true,
  antiDebug: true,
  sessionProtection: true,
  botDetection: true,
  domProtection: true,
  redirectOnDevTools: true,
  redirectUrl: 'https://example.com/error'
});

security.initialize();

API Reference

DevTools Detection

security.detectDevTools();
security.onDevToolsOpen(() => {
  console.warn('DevTools detected!');
  // Handle response
});

Detects when browser developer tools are opened. Triggers callbacks when detected.

XSS Protection

const safeText = security.sanitizeInput(userInput);
const validated = security.validateHTML(htmlString);

Sanitizes user inputs and validates HTML to prevent XSS attacks.

Anti-Debug

security.enableAntiDebug();
security.freezeDebugger();

Prevents code execution in debug mode and freezes debugger instances.

Session Protection

security.setSessionToken(token, expirationTime);
security.validateSession();
security.clearSession();

Manages secure session tokens with automatic expiration and validation.

Bot Detection

security.isBotActivity();
security.getBotScore();
security.onBotDetected(() => {
  console.warn('Bot activity detected');
});

Identifies suspicious bot patterns and automated traffic.

DOM Protection

security.protectDOM();
security.watchElement(targetElement);
security.onDOMTamper(() => {
  console.error('DOM tamper detected!');
});

Monitors and prevents unauthorized DOM modifications.

Configuration Options

{
  // Detection & Prevention
  devToolsDetection: true,
  xssProtection: true,
  antiDebug: true,
  sessionProtection: true,
  botDetection: true,
  domProtection: true,
  
  // Behavior
  redirectOnDevTools: false,
  redirectUrl: 'https://example.com',
  autoSessionValidation: true,
  sessionTimeout: 3600000, // 1 hour
  
  // Logging
  verboseLogging: false,
  logToConsole: true,
  
  // Callbacks
  onDevToolsOpen: null,
  onXSSAttempt: null,
  onBotDetected: null,
  onDOMTamper: null
}

Best Practices

Server-Side Validation - Always validate on the server, never rely solely on client-side checks.
HTTPS Only - Always serve your application over HTTPS.
Keep Updated - Regularly update the library to get security patches.
Implement CSP - Use Content Security Policy headers for defense-in-depth.
Rate Limiting - Implement server-side rate limiting for sensitive operations.

Examples

Protecting a Form

const security = new HydeSecurity();
security.enableXSSProtection();

document.getElementById('form').addEventListener('submit', (e) => {
  const input = document.getElementById('userInput').value;
  const cleaned = security.sanitizeInput(input);
  // Submit cleaned data
});

Session Management

security.setSessionToken(jwtToken, 3600000);

setInterval(() => {
  if (!security.validateSession()) {
    window.location.href = '/login';
  }
}, 60000);

Support & Resources

Access source code, NPM packages, and issue tracking for Hyde Security JS.

GitHub Repo NPM Package Report Issues