dssrf: Deterministic SSRF Protection for Node.js Applications

[HackingRepo]

dssrf is a lightweight Node.js library that provides deterministic SSRF protection for any code that uses fetch() or outbound HTTP requests. It’s designed for production environments where user‑controlled URLs or third‑party API calls can introduce SSRF risk.

Instead of trusting the input URL, dssrf validates the actual outbound destination before the request is made. It blocks unsafe patterns like DNS rebinding, private IP access, malformed hostnames, and redirect chains that resolve to internal networks.

Key features

• Deterministic outbound‑request validation
• Safe redirect handling (every hop re‑validated)
• Blocks private and internal IP ranges
• Protects against DNS rebinding
• Disallow all protocol schema except http and https
• remove the User Info (@) symbol and replace backslash () with (/)
• Strict IPv4 validation
• Unicode normalization to prevent unicode based attacks

GitHub: https://github.com/HackingRepo/dssrf-js
NPM: https://www.npmjs.com/package/dssrf