Ali nazari

Posted on Mar 26

Express.js honeypot 🍯🐝

#programming #javascript #node #webdev

Hey there, fellow devs!

In today’s fast-paced web world, keeping your admin routes locked down is more important than ever. Let’s face it—no one wants uninvited guests snooping around your backend.

That’s why I built express-admin-honeypot

a lightweight Express middleware that acts as a decoy for your admin panel.

It logs sneaky access attempts and helps you learn who’s trying to break in, all while keeping your real admin area under wraps.

Getting Started

Setting up node-admin-honeypot is a breeze. Here’s how you can get it rolling in your Express app:

1. Install the Package

npm install node-admin-honeypot

2. Use the Middleware

Add it to your app with default settings. It protects the /admin path by default and serves a built-in fake admin page.

import express from 'express';
import {honeypot} from 'express-admin-honeypot';

const app = express();

app.use(honeypot());

app.get('/', (req, res) => {
  res.send('Welcome to the real app!');
});

app.listen(3000, () => console.log('Server running on port 
3000'));

key features

Lightweight: checkout bundlephobia stats
typescript friendly
Module Support: Works seamlessly with both ESM and CommonJS.
Flexible Logging: Compatible with popular loggers like Pino, Winston, and more.
Event-Driven: Supports events so you can hook into intrusion attempts and customize responses.

Join the Community!

If you like what you see, please consider starring the GitHub repository and sharing your thoughts.

Your stars help boost the project, letting more developers discover and benefit from this simple security tool.

Final Thoughts

Check out our npm page for comprehensive documentation, detailed examples, and more insights on how to secure your Express applications!

Top comments (4)

Scott • Mar 26

This is cool. I've thought about setting up something like this for SSH, so it's interesting to see it applied to Express.js.

Is it only compatible with Express.js or would it work with other Javascript frameworks as well?

Ali nazari • Mar 26

Thanks! Right now, it's specifically built for Express.js, but support for other frameworks is planned for the future. :)

William • Mar 27

This honeypot sounds like a smart way to keep things secure, awesome job!

Ali nazari • Mar 27

Thank you so much!