DEV Community

Cover image for Express.js honeypot ๐Ÿฏ๐Ÿ
Ali nazari
Ali nazari

Posted on

Express.js honeypot ๐Ÿฏ๐Ÿ

Hey there, fellow devs!

In todayโ€™s fast-paced web world, keeping your admin routes locked down is more important than ever. Letโ€™s face itโ€”no one wants uninvited guests snooping around your backend.

Thatโ€™s why I built express-admin-honeypot

a lightweight Express middleware that acts as a decoy for your admin panel.

It logs sneaky access attempts and helps you learn whoโ€™s trying to break in, all while keeping your real admin area under wraps.

Getting Started

Setting up node-admin-honeypot is a breeze. Hereโ€™s how you can get it rolling in your Express app:

1. Install the Package

npm install node-admin-honeypot
Enter fullscreen mode Exit fullscreen mode

2. Use the Middleware

Add it to your app with default settings. It protects the /admin path by default and serves a built-in fake admin page.

import express from 'express';
import {honeypot} from 'express-admin-honeypot';

const app = express();

app.use(honeypot());

app.get('/', (req, res) => {
  res.send('Welcome to the real app!');
});

app.listen(3000, () => console.log('Server running on port 
3000'));
Enter fullscreen mode Exit fullscreen mode

key features

  • Lightweight: checkout bundlephobia stats

  • typescript friendly

  • Module Support: Works seamlessly with both ESM and CommonJS.

  • Flexible Logging: Compatible with popular loggers like Pino, Winston, and more.

  • Event-Driven: Supports events so you can hook into intrusion attempts and customize responses.

Join the Community!

If you like what you see, please consider starring the GitHub repository and sharing your thoughts.

Your stars help boost the project, letting more developers discover and benefit from this simple security tool.

Final Thoughts

Check out our npm page for comprehensive documentation, detailed examples, and more insights on how to secure your Express applications!

Top comments (4)

Collapse
 
smjburton profile image
Scott

This is cool. I've thought about setting up something like this for SSH, so it's interesting to see it applied to Express.js.

Is it only compatible with Express.js or would it work with other Javascript frameworks as well?

Collapse
 
silentwatcher_95 profile image
Ali nazari

Thanks! Right now, it's specifically built for Express.js, but support for other frameworks is planned for the future. :)

Collapse
 
william123 profile image
William

This honeypot sounds like a smart way to keep things secure, awesome job!

Collapse
 
silentwatcher_95 profile image
Ali nazari

Thank you so much!