DOCUMENTATION

Zero Configuration

"Zero Config" means sane defaults. We believe you shouldn't have to be a security expert to build a secure app. Out of the box, Nalth handles:

Automatic HTTPS setup for localhost (using mkcert)
Strict Content Security Policy (CSP) generation
Subresource Integrity (SRI) hashing
Secure HTTP headers (HSTS, X-Frame-Options, etc.)
Vulnerability scanning of dependencies

However, "Zero Config" doesn't mean "No Config". When you need to customize behavior (e.g., allowing a specific third-party script in your CSP), you can create a nalth.config.ts file.

nalth.config.ts

import { defineConfig } from 'nalth'

export default defineConfig({
  security: {
    csp: {
      directives: {
        'script-src': ['self', 'https://analytics.google.com']
      }
    }
  }
})