frontpage.

I built dssrf, a safe-by-construction SSRF defense library for Node.js apps.

Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.

Key features: – URL normalization RFC compliant – DNS resolution + IP classification – Redirect chain validation – IPv4/IPv6 safety – Rebinding detection – Protocol restrictions – TypeScript types included

The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.

GitHub: https://github.com/HackingRepo/dssrf-js npm: https://www.npmjs.com/package/dssrf

I love feedback, edge cases, and contributions from the community.

Show HN: tomcp.org – Turn any URL into an MCP server

Show HN: Tripwire: A new anti evil maid defense

Show HN: Autofix Bot – Hybrid static analysis and AI code review agent

Show HN: Euporie-lite, Jupyter notebooks in terminal in the browser

Show HN: Dbxlite – Query 100M+ rows in a browser tab, no install

Show HN: A zero-to-hero, spaced-repetition guide to WebGL2 and GLSL

Show HN: AI system 60x faster than ChatGPT – built by combat vet with no degree

Show HN: Sim – Apache-2.0 n8n alternative

Show HN: Epstein's emails reconstructed in a message-style UI (OCR and LLMs)

Show HN: Jottings; Anti-social microblog for your thoughts

Show HN: Local Privacy Firewall-blocks PII and secrets before ChatGPT sees them

Show HN: Open-source, offline voice typing and live captions for Android

Show HN: 360css CSS library inspired by the xbox360 dashboard

Show HN: Dssrf – A safe‑by‑construction SSRF defense library for Node.js

Show HN: Marmot v2.20 – A distributed SQLite server with MySQL wire compatbility

Show HN: Workmux – Parallel development in tmux with Git worktrees

Show HN: Wirebrowser – A JavaScript debugger with breakpoint-driven heap search

Show HN: A minimum viable Markov gibberish generator in 32 lines of Python

Show HN: GPULlama3.java Llama Compilied to PTX/OpenCL Now Integrated in Quarkus

Show HN: An endless scrolling word search game

Show HN: Gotui – a modern Go terminal dashboard library

Show HN: Gemini Pro 3 imagines the HN front page 10 years from now

Show HN: A 2-row, 16-key keyboard designed for smartphones

Show HN: Automated license plate reader coverage in the USA

Show HN: AlgoDrill – Interactive drills to stop forgetting LeetCode patterns

Show HN: I built a system for active note-taking in regular meetings like 1-1s

Show HN: I want to democratise Bloomberg Terminal

Show HN: Search the lyrics of 500 HÖR Berlin techno sets

Show HN: The world's least deterministic programming language

Show HN: Forecaster Arena – Testing LLMs on real events with prediction markets

Show HN: Dssrf – A safe‑by‑construction SSRF defense library for Node.js

Show HN: tomcp.org – Turn any URL into an MCP server

Show HN: Tripwire: A new anti evil maid defense

Show HN: Autofix Bot – Hybrid static analysis and AI code review agent

Show HN: Euporie-lite, Jupyter notebooks in terminal in the browser

Show HN: Dbxlite – Query 100M+ rows in a browser tab, no install

Show HN: A zero-to-hero, spaced-repetition guide to WebGL2 and GLSL

Show HN: AI system 60x faster than ChatGPT – built by combat vet with no degree

Show HN: Sim – Apache-2.0 n8n alternative

Show HN: Epstein's emails reconstructed in a message-style UI (OCR and LLMs)

Show HN: Jottings; Anti-social microblog for your thoughts

Show HN: Local Privacy Firewall-blocks PII and secrets before ChatGPT sees them

Show HN: Open-source, offline voice typing and live captions for Android

Show HN: 360css CSS library inspired by the xbox360 dashboard

Show HN: Dssrf – A safe‑by‑construction SSRF defense library for Node.js

Show HN: Marmot v2.20 – A distributed SQLite server with MySQL wire compatbility

Show HN: Workmux – Parallel development in tmux with Git worktrees

Show HN: Wirebrowser – A JavaScript debugger with breakpoint-driven heap search

Show HN: A minimum viable Markov gibberish generator in 32 lines of Python

Show HN: GPULlama3.java Llama Compilied to PTX/OpenCL Now Integrated in Quarkus

Show HN: An endless scrolling word search game

Show HN: Gotui – a modern Go terminal dashboard library

Show HN: Gemini Pro 3 imagines the HN front page 10 years from now

Show HN: A 2-row, 16-key keyboard designed for smartphones

Show HN: Automated license plate reader coverage in the USA

Show HN: AlgoDrill – Interactive drills to stop forgetting LeetCode patterns

Show HN: I built a system for active note-taking in regular meetings like 1-1s

Show HN: I want to democratise Bloomberg Terminal

Show HN: Search the lyrics of 500 HÖR Berlin techno sets

Show HN: The world's least deterministic programming language

Show HN: Forecaster Arena – Testing LLMs on real events with prediction markets