@orveth/security ships small middleware for common production hygiene: request correlation IDs and baseline security headers. It does not replace a full security audit, WAF, or auth platform.
security.ts
import { Orveth } from "orveth";
import { requestId, securityHeaders } from "@orveth/security";
const app = new Orveth();
app.use(requestId());
app.use(securityHeaders());- requestId() — attach a correlation ID to each request
- securityHeaders() — set practical baseline response headers