software

A Small Node.js Library to Score HTTP Requests (Privacy-First)

Published: (January 18, 2026 at 06:33 AM EST)
1 min read
Source: Dev.to

Source: Dev.to

Overview

Bots, scanners, and noisy automated traffic are common in Node.js apps.
Instead of trying to 100 % detect humans, this small open‑source package takes a simpler, more honest approach:

  • Scores incoming HTTP requests (0–100) based on risk.
  • Lightweight, privacy‑first, and uses transparent heuristics.
  • No browser fingerprinting, no external or paid APIs.
  • Handles search‑engine crawlers safely.

Package: request-risk-score

Installation

npm install request-risk-score

Usage

const { analyzeRequest } = require('request-risk-score');

const result = analyzeRequest({
  ip: '10.0.0.5',
  headers: { 'user-agent': 'curl/7.68.0' },
  url: '/admin/login'
});

console.log(result);

Example Output

{
  "score": 75,
  "bucket": "likely_automated",
  "signals": ["tool_user_agent", "sensitive_path", "no_cookies"]
}

Why Risk Scoring?

  • Blocking decisions remain under your control; the library only provides a probability score and an explanation.
  • Works well for small APIs and services that don’t have a Web Application Firewall (WAF).
  • npm:
  • Blog post:
Back to Blog

Related posts

Read more »

NodeSecure hidden capability: mama

Hello 👋 I'm starting a new short‑article series focused on highlighting lesser‑known parts of the NodeSecurehttps://github.com/NodeSecure project. The goal is...