security

npm

Security-focused Angular services for validation, crypto, and safe storage.

TypeScriptmain.ts
import { provideSecurity } from '@angular-helpers/security';
  
  bootstrapApplication(AppComponent, {
    providers: [
      provideSecurity({
        enableRegexSecurity: true,
        enableWebCrypto: true,
      }),
    ],
  });

🔐
Security Services

RegexSecurityService

Executes regular expressions safely in a Web Worker to prevent ReDoS (Regular Expression Denial of Service) attacks. Provides timeout protection, complexity analysis, and safe mode enforcement.

Explore API

RegexSecurityBuilder

Fluent builder for constructing regular expressions with built-in security analysis. Supports method chaining for readable pattern construction. Obtain an instance via RegexSecurityService.builder().

Explore API

WebCryptoService

Provides cryptographic operations using the Web Crypto API (SubtleCrypto). Supports hashing, AES-GCM encryption/decryption, key generation, key import/export, and secure random generation.

Explore API

SecureStorageService

Transparent AES-GCM encrypted storage on top of localStorage/sessionStorage. Supports ephemeral in-memory keys for single-session security or passphrase-derived keys via PBKDF2 for cross-session persistence.

Explore API

InputSanitizerService

Structured input sanitization to defend against XSS, URL injection, and unsafe HTML. This is defense-in-depth and does NOT replace a Content Security Policy (CSP).

Explore API

PasswordStrengthService

Entropy-based password strength evaluation. All methods are synchronous and side-effect free — safely wrappable in Angular computed(). Detects sequences, repetitions, keyboard walks, and common passwords.

Explore API

JwtService

Client-side JWT decode and inspection utilities. Explicitly NON-verifying — signature validation must happen server-side. Use for reading expiration, extracting claims for UX, or detecting expired tokens to redirect to login.

Explore API

HibpService

Have I Been Pwned k-anonymity leaked-password check. Only the first 5 hex chars of the SHA-1 hash leave the browser; the full password is never transmitted. Fail-open on network errors.

Explore API

CsrfService

Double-submit CSRF token helper. Generates cryptographically secure tokens via WebCryptoService and persists them in the configured storage. Pair with withCsrfHeader() functional interceptor for automatic header injection.

Explore API

RateLimiterService

Client-side rate limiter with per-key policies. Supports token-bucket (smooth limiting with burst capacity) and sliding-window (strict max operations per time window). Signal-based state for reactive UIs.

Explore API

SensitiveClipboardService

Copies sensitive strings to the clipboard with verified automatic clearing. Mirrors password-manager behaviour: reads the clipboard before clearing and skips when the content no longer matches what was written, preventing clobbering of unrelated user copies.

Explore API

SecurityValidators (Reactive Forms)

Static factory class exposing Reactive Forms validators that bridge the shared security helpers into Angular ValidatorFn contracts. Lives in the @angular-helpers/security/forms sub-entry so consumers not using Reactive Forms do not pay a bundle cost.

Explore API

Signal Forms validators

Angular v21 Signal Forms rule functions mirroring the Reactive Forms validators, plus an async hibpPassword() rule. Lives in the @angular-helpers/security/signal-forms sub-entry. Both paradigms delegate to the same shared core helpers, guaranteeing behavioural parity for the same input.

Explore API