security

npm

Security-focused Angular services for validation, crypto, and safe storage.

TypeScriptmain.ts
import { provideSecurity } from '@angular-helpers/security';
  
  bootstrapApplication(AppComponent, {
    providers: [
      provideSecurity({
        enableRegexSecurity: true,
        enableWebCrypto: true,
      }),
    ],
  });

πŸ”
Security Services

RegexSecurityService

Executes regular expressions safely in a Web Worker to prevent ReDoS (Regular Expression Denial of Service) attacks. Provides timeout protection, complexity analysis, and safe mode enforcement.

Explore API→

RegexSecurityBuilder

Fluent builder for constructing regular expressions with built-in security analysis. Supports method chaining for readable pattern construction. Obtain an instance via RegexSecurityService.builder().

Explore API→

WebCryptoService

Provides cryptographic operations using the Web Crypto API (SubtleCrypto). Supports hashing, AES-GCM encryption/decryption, key generation, key import/export, and secure random generation.

Explore API→

SecureStorageService

Transparent AES-GCM encrypted storage on top of localStorage/sessionStorage. Supports ephemeral in-memory keys for single-session security or passphrase-derived keys via PBKDF2 for cross-session persistence.

Explore API→

InputSanitizerService

Structured input sanitization to defend against XSS, URL injection, and unsafe HTML. This is defense-in-depth and does NOT replace a Content Security Policy (CSP).

Explore API→

PasswordStrengthService

Entropy-based password strength evaluation. All methods are synchronous and side-effect free β€” safely wrappable in Angular computed(). Detects sequences, repetitions, keyboard walks, and common passwords.

Explore API→

JwtService

Client-side JWT decode and inspection utilities. Explicitly NON-verifying β€” signature validation must happen server-side. Use for reading expiration, extracting claims for UX, or detecting expired tokens to redirect to login.

Explore API→

HibpService

Have I Been Pwned k-anonymity leaked-password check. Only the first 5 hex chars of the SHA-1 hash leave the browser; the full password is never transmitted. Fail-open on network errors.

Explore API→

CsrfService

Double-submit CSRF token helper. Generates cryptographically secure tokens via WebCryptoService and persists them in the configured storage. Pair with withCsrfHeader() functional interceptor for automatic header injection.

Explore API→

RateLimiterService

Client-side rate limiter with per-key policies. Supports token-bucket (smooth limiting with burst capacity) and sliding-window (strict max operations per time window). Signal-based state for reactive UIs.

Explore API→

SensitiveClipboardService

Copies sensitive strings to the clipboard with verified automatic clearing. Mirrors password-manager behaviour: reads the clipboard before clearing and skips when the content no longer matches what was written, preventing clobbering of unrelated user copies.

Explore API→

SecurityValidators (Reactive Forms)

Static factory class exposing Reactive Forms validators that bridge the shared security helpers into Angular ValidatorFn contracts. Lives in the @angular-helpers/security/forms sub-entry so consumers not using Reactive Forms do not pay a bundle cost.

Explore API→

Signal Forms validators

Angular v21 Signal Forms rule functions mirroring the Reactive Forms validators, plus an async hibpPassword() rule. Lives in the @angular-helpers/security/signal-forms sub-entry. Both paradigms delegate to the same shared core helpers, guaranteeing behavioural parity for the same input.

Explore API→