Docs

Arcis Documentation

Arcis is inside-the-app security middleware for Node.js, Python, and Go. One install protects against XSS, SQL injection, SSRF, CSRF, prompt injection, bot traffic, and 20+ more attack types at the request boundary. Twelve framework adapters across the three SDKs.

New to Arcis? Start with Getting Started. Install and protect your app in under a minute.

Quick install

// Install
npm install @arcis/node

// app.js
import { arcis } from '@arcis/node';
const app = express();
app.use(arcis()); // that's it
# Install
pip install arcis

# main.py (FastAPI)
from arcis import ArcisMiddleware
from fastapi import FastAPI

app = FastAPI()
app.add_middleware(ArcisMiddleware)  # that's it
// Install
go get github.com/GagancM/arcis

// main.go (Gin)
package main

import (
    "github.com/gin-gonic/gin"
    arcisgin "github.com/GagancM/arcis/gin"
)

func main() {
    r := gin.Default()
    r.Use(arcisgin.Middleware()) // that's it
    r.Run()
}

What Arcis protects against

Arcis blocks 20+ attack types at the middleware layer. Every request is sanitized before it reaches your code. Every response is hardened before it reaches the client.

XSS & Injection

Script injection, SQL, NoSQL, command injection, LDAP, SSTI, XXE stripped from every input.

CSRF & SSRF

Double-submit cookie CSRF. SSRF blocks private IPs, loopback, cloud metadata.

Rate Limiting

Fixed, sliding, and token bucket algorithms. In-memory or Redis backend.

Security Headers

16 headers auto-set: CSP, HSTS, X-Frame-Options, COOP, CORP, COEP.

Explore the docs

Getting Started →

Install Arcis and protect your app in under a minute.

Framework Adapters →

Express, NestJS, SvelteKit, Astro, Nuxt, Bun + Hono (Node), FastAPI, Flask, Django (Python), Gin, Echo, net/http (Go).

Configuration →

All config options for sanitizers, rate limiters, headers, and CORS.

API Reference →

Every exported function across all three SDKs.

CLI Tools →

arcis scan, arcis audit, arcis sca for scanning and auditing.

Attack Vectors →

What each attack is, how it works, how Arcis blocks it.

Need help?

File an issue on GitHub or start a discussion in the community forum. For security vulnerabilities, report privately through GitHub Security Advisories.