Security doesn't have to be a painBot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.
$ npm install @arcjet/node
Native security for modern frameworks
→security as code
→security as code
- Implement bot protection, rate limiting, email validation & more in just a few lines of code.
- Customizable protection for forms, login pages, API routes, for all your apps and sites.
- Don’t break prod. Test security rules locally.
Protection that works in every environment. Security as code. No agent required.
Tech stack
Defense
Arcjet Shield WAF
Protect your application against common attacks, including the OWASP Top 10.
Rate limiting
Bot protection
Email validation
Protect a signup form
PII detection
Outsourced security?You might be used to this.
Unversioned, untracked, click-ops rule changes.
Only able to test rule changes in prod.
Deploying agents everywhere.
LATENCY:Provider dependent
?:You're delegating control anywhere a question mark is
Here's how it looks with Arcjet
LEARN MORE ⇢ ✦Aj ARCHITECTURE
Local-first security
→make your appsecurity aware
→make your appsecurity aware
Security context
Dynamically adjustable rules defined in code. Access the metadata about why a request was allowed or denied and adjust your app logic in real time.
Testable security rules
Native performance with WasmWasm native performanceNative performance
What are devs saying?
Use advanced features
Sampling & testing
Test rules without blocking traffic using Arcjet's DRY_RUN
mode. Apply sampling to gradually roll out new rules.
function shouldSampleRequest(sampleRate: number) {
return Math.random() < sampleRate;
}
function sampleSecurity() {
const mode = shouldSampleRequest(0.1) ? “LIVE” : “DRY_RUN”;
return aj.withRule(
shield(
{ mode: mode },
),
),
}
Any specific ideas? We can help you set things up
Get started with Arcjet