Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Search API HTML Element Filter 1.0.7 Minor update available for module search_api_html_element_filter (1.0.7). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Nesguard

No security coverage
View on drupal.org

This module integrates Drupal with NESGuard.cloud to protect your website from JavaScript supply chain attacks. It automatically applies Subresource Integrity (SRI) attributes to external scripts, ensuring they haven't been tampered with, and provides real-time monitoring for script changes.

NESGuard SRI Monitor integrates Drupal with NESGuard.cloud to provide advanced JavaScript security through Subresource Integrity (SRI) monitoring. It protects your site from supply chain attacks by ensuring external scripts haven't been tampered with.

Features

- Automatically applies SRI integrity attributes to JavaScript resources based on verified hashes
- Real-time monitoring via WebSockets connection to detect and respond to script changes instantly
- Fallback mechanism for critical scripts like Stripe.js to ensure uninterrupted protection
- Optional Content Security Policy (CSP) header management to further enhance security
- Service-based architecture following Drupal best practices
- Comprehensive logging and debugging capabilities
- Detailed status reporting in Drupal's status report

Post-Installation

1. Set a secure encryption key in your settings.php file:
$settings['nesguard_encryption_key'] = 'YOUR_SECURE_RANDOM_KEY_HERE';
2. Navigate to Administration > Configuration > System > NESGuard SRI Settings
3. Enter your NESGuard Agency Identifier and API Key
4. Enable the module to activate SRI protection
5. Optionally configure CSP settings if needed

The module will automatically fetch monitored script lists from your NESGuard account and apply SRI attributes to those scripts. The client-side JavaScript establishes a WebSocket connection to receive real-time hash updates.

Additional Requirements

- Drupal 9.4+ or Drupal 10+
- PHP 7.4 or higher
- PHP OpenSSL extension
- A NESGuard.cloud account with an active subscription
- Outbound HTTPS and WebSocket connections to nesguard.cloud

No additional modules are required, though this module pairs well with security-focused modules like Security Review for a more comprehensive security posture.

Similar projects

While the Security Review module provides general security auditing, and CSP handles Content Security Policy, NESGuard is unique in providing specialized Subresource Integrity protection with real-time monitoring. It's specifically designed to protect against JavaScript supply chain attacks.

Supporting this Module

Development is supported by nesgaurd.com, a service dedicated to improving JavaScript security across the web.

Community Documentation

For detailed information on Subresource Integrity and why it's important for your site's security, visit nesgaurd.com or refer to the Mozilla Developer Network SRI documentation.

Activity

Total releases
2
First release
Mar 2025
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 2
Maintenance
Dormant

Releases

Version Type Release date
10.1.x-dev Dev Apr 10, 2025
10.x-dev Dev Mar 31, 2025