This repository has been merged into the NIS2 Shield Frontend Monorepo.
Please use
@nis2shield/react-guardfrom the monorepo (packages/react) for the latest updates, security patches, and features. This standalone repository is now ARCHIVED and will no longer receive updates.
Client-Side Security Telemetry & Session Protection for NIS2 Compliance.
Companies subject to NIS2 Directive require strict session management, audit logs, and client-side security controls. This library provides drop-in React components to handle:
- Automatic session termination (Idle Timer) - Art. 21.2.h
- Visual protection against shoulder surfing (Tab Napping)
- Security event hooks for SIEM integration
- Encrypted local storage for sensitive data (GDPR-compliant)
@nis2shield/react-guard acts as the "sentinel" for your frontend applications, integrating with any NIS2 Shield Backend Adapter (Django, Express, Spring) to provide end-to-end compliance coverage.
Part of the NIS2 Shield Ecosystem: Use with infrastructure for Demonstrable Compliance (audited via
tfsec).
- π‘οΈ Session Watchdog: Detects user inactivity and "Tab Napping" (background tab hijacking risks)
- π‘ Telemetry Engine: Automatically captures React component crashes (
AuditBoundary) and sends sanitized reports to your SIEM - π Secure Storage: Drop-in replacement for
localStorage/sessionStoragewith AES-GCM encryption - β¨οΈ Secure Input: Pre-configured props to harden input fields against caching and clipboard
- π Device Fingerprinting (v0.2.0+): Passive device fingerprint collection for session hijacking detection
β οΈ Security Banner (v0.2.0+): Warns users about insecure connections (HTTP) and outdated browsers
npm install @nis2shield/react-guard
# or
yarn add @nis2shield/react-guardimport { Nis2Provider, SessionWatchdog, AuditBoundary } from '@nis2shield/react-guard';
function App() {
return (
<Nis2Provider
config={{
auditEndpoint: '/api/nis2/telemetry/',
idleTimeoutMinutes: 15,
debug: process.env.NODE_ENV === 'development'
}}
>
<AuditBoundary fallback={<h1>Security Alert</h1>}>
<SessionWatchdog onIdle={() => window.location.href = '/logout'} />
<YourMainApp />
</AuditBoundary>
</Nis2Provider>
);
}import { useSecureStorage } from '@nis2shield/react-guard';
const UserProfile = () => {
const { value: iban, setValue: setIban } = useSecureStorage('user_iban', '');
return (
<input
value={iban}
onChange={(e) => setIban(e.target.value)}
placeholder="IBAN (Encrypted locally)"
/>
);
};import { useSecureInput } from '@nis2shield/react-guard';
const PasswordField = () => {
const secureProps = useSecureInput({ type: 'password' });
return <input {...secureProps} placeholder="Enter Password" />;
};import { useNis2Log } from '@nis2shield/react-guard';
const TransferMoney = () => {
const { logWarning } = useNis2Log();
const handleTransfer = (amount: number) => {
if (amount > 10000) {
logWarning('HIGH_VALUE_TRANSACTION_ATTEMPT', { amount });
}
};
};Collect passive device fingerprints to detect session hijacking:
import { useDeviceFingerprint } from '@nis2shield/react-guard';
const LoginPage = () => {
const { fingerprint, isLoading, sendToBackend } = useDeviceFingerprint();
const handleLogin = async () => {
// Send fingerprint with login for backend validation
sendToBackend();
// ... rest of login logic
};
return <button onClick={handleLogin} disabled={isLoading}>Login</button>;
};Collected data:
- Screen resolution, color depth
- Timezone, language, platform
- Hardware concurrency, device memory
- Canvas fingerprint (SHA-256 hash)
- WebGL renderer/vendor
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend β
β @nis2shield/react-guard β
β βββ SessionWatchdog (idle detection) β
β βββ AuditBoundary (crash reports) β
β βββ useDeviceFingerprint (session validation) β
β βββ β POST /api/nis2/telemetry/ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Backend (NIS2 Adapter) β
β Supported: Django, Express, Spring Boot, .NET β
β βββ ForensicLogger (HMAC signed logs) β
β βββ RateLimiter, SessionGuard, TorBlocker β
β βββ β SIEM (Elasticsearch, Splunk, QRadar, etc.) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Infrastructure β
β nis2shield/infrastructure β
β βββ Centralized Logging (ELK/Splunk) β
β βββ Compliance Reporting (Automatic PDF generation) β
β βββ Audited Deployment (Terraform/Helm) β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
import { Nis2Provider, SessionWatchdog, AuditBoundary, useSecureStorage } from '@nis2shield/react-guard';
function BankingApp() {
return (
<Nis2Provider config={{ idleTimeoutMinutes: 5, auditEndpoint: '/api/audit/' }}>
<AuditBoundary fallback={<SecurityLockScreen />}>
<SessionWatchdog
onIdle={() => {
window.location.href = '/logout?reason=idle';
}}
/>
<Dashboard />
</AuditBoundary>
</Nis2Provider>
);
}import { useSecureStorage, useSecureInput } from '@nis2shield/react-guard';
const PaymentForm = () => {
const { value: cardNumber, setValue: setCardNumber } = useSecureStorage('card', '');
const secureProps = useSecureInput({ type: 'password' });
return (
<form>
<input
value={cardNumber}
onChange={(e) => setCardNumber(e.target.value)}
placeholder="Card Number (encrypted locally)"
/>
<input {...secureProps} placeholder="CVV" />
</form>
);
};import { useDeviceFingerprint, useNis2Log } from '@nis2shield/react-guard';
const LoginPage = () => {
const { fingerprint, sendToBackend } = useDeviceFingerprint();
const { logWarning } = useNis2Log();
const handleLogin = async (credentials) => {
// Send fingerprint with login for session hijacking detection
await sendToBackend();
// Log high-risk attempts
if (credentials.failedAttempts > 3) {
logWarning('BRUTE_FORCE_ATTEMPT', { attempts: credentials.failedAttempts });
}
};
};npm install # Install dependencies
npm test # Run test suite (35 tests)
npm run build # Build for productionMIT License - see LICENSE for details.
See CONTRIBUTING.md for guidelines.
Documentation Β· npm Β· Changelog