fearless application security for nodejs developers

About Spartan

Spartan is a node application which provides nodejs developers with clear, easy to understand & ingest end-to-end security policies, modules and middleware tailored specifically to work with the application, not around it.

What You Get

command line

command line application

The primary means to interact with _spartan is via the command line application. It serves as the first step in describing your application's security posture and is the mechanism to tune your security policies as your application changes.
security policy

security policy

security.json is the core artifact from _spartan. After you answer a few questions about your app, _spartan will generate this JSON file reflecting the security policy of your application.

boilerplate code

security.js refers to the collection of submodules that are generated and configured from the interpreted policy. These modules are referencable throughout your application like any other module you would include in your code.

_spartan goes where node goes








Embedded & IoT



_spartan's Concept of Operations

Spartan is organized around an outside-in, layered approach to defense. To do that, _spartan provides thirteen modules to provide end-to-end security coverage

API Management

Application Dependencies

Access Controls

Session Management

Cross Origin Resource Sharing

Secure Caching

Secure Connections

Data Storage & Classification

Secure Forms

Client-side Security Headers

Secrets Management


User Input Validation

Why Spartan?


Tailored to your application

Spartan covers the security risks which are applicable to your application and when your app changes, _spartan changes with it.

Speed to Production

_spartan provides plug-and-play coverage for the security risks applicable to your app, so you can push your [secure] app to production even faster

Part of your app's DNA

By being embedded into your actual codebase, _spartan works with your application, not around it

Installing Spartan

Try it!

You can get started with _spartan in just a couple of steps

First, open a command prompt and type this:

npm install -g spartan-shield

Now, in your project directory, type this to generate a default policy and code

_spartan -D

Finally, require the generated code in your project like this

let security = require('security')

Congrats! Now you have access to the modules needed to secure your project!

Learn More!

Be sure to check out the _spartan user guide & documentation

Here to Help

Have questions about_spartan implementation and want to talk to a real person? We can do that!

Ask a Question



Join other spartan users in the invite-only spartan-users-group slack channel and get your questions answered, learn about best practices and find out about new features

Spartan Setup & Orientation Consult



30-minute Skype call where we install & configure _spartan along with a brief orientation of the code. Optional: set up restricted security branch on github

Spartan Setup & Integration Consult

VSCode Skype


90-minute VSCode LiveShare & Skype call which includes setup, configuration, orientation and code integration consultation. Optional: create a restricted security branch for your project in github

The Full Effect



One-day (8 hours) on-site* Includes secure design review, _spartan set up, configuration and boilerplate code integration consultation.
*price does not include travel, hotel, meals or expenses. Contact for a statement of work which includes these values


Other ways to reach us