I built dssrf, a safe-by-construction SSRF defense library for Node.js apps.

Most existing SSRF libraries rely on blacklists or regex checks, which are easy to bypass. dssrf takes a different approach based on normalization, DNS resolution, redirect validation, and IP classification.

Key features: – URL normalization RFC compliant – DNS resolution + IP classification – Redirect chain validation – IPv4/IPv6 safety – Rebinding detection – Protocol restrictions – TypeScript types included

The goal is to eliminate entire classes of classic SSRF vulnerability and it bypasses rather than patching individual payloads.

GitHub: https://github.com/HackingRepo/dssrf-js npm: https://www.npmjs.com/package/dssrf

I love feedback, edge cases, and contributions from the community.