koa-helmet icon indicating copy to clipboard operation
koa-helmet copied to clipboard
verified publisher icon venables

Is this project abondoned?

Open csikb opened this issue 4 weeks ago • 2 comments

Hi! 👋 I’m wondering about the current maintenance status of this project.

There haven’t been any commits, releases, or responses to issues/PRs in quite some time. Since koa-helmet is commonly used in production Koa applications, it would be helpful to know whether the project is still maintained or if users should consider alternatives.

Could you clarify whether the repository is still actively maintained, is it looking for a maintainer?

Thanks!

csikb avatar Dec 07 '25 12:12 csikb

Hi @EvanHahn, I saw that you are an active maintainer of the helmet repository. Your FAQ mentions this project, however it might be unwise if it's unmaintained

csikb avatar Dec 07 '25 12:12 csikb

I'm not the maintainer but the most recent commit was less than 6 weeks ago—pretty recent in my opinion. Unless there's a separate concern, I'll continue to recommend koa-helmet.

EvanHahn avatar Dec 07 '25 15:12 EvanHahn

Thanks for the nudge @csikb , but like Evan mentioned: there has been recent activity here & I've responded to folks in their PRs, so Im sure there was just a misunderstanding (maybe only looking at the latest "Release" date?)

The nice thing about relying on the wonderful helmet package is that this library can remain stable. The Koa v3 upgrade worked without code changes.

I just published another patch release (8.0.2) to call out the v3 support explicitly in the README, and to reset the timer if you were only looking at "releases". But definitely not abandoned!

venables avatar Dec 10 '25 18:12 venables

Hi all,

Thanks for all the replies. I'm using Renovate in my project and their dashboard highlighted this repository as abandoned. I'm using their default settings and any dependencies older than 1 year would make it to that list.

It's really great to hear that the API for both projects are so well designed that they didn't introduce breaking changes.

This is a personal preference, but I usually pin dependencies in my projects for immutability and the helmet range option was quite flexible, that looked a bit alarming to me.

Thank you for the continued support!

csikb avatar Dec 11 '25 16:12 csikb

I agree the range can be a bit wide looking, but that's also the beauty of making it a peerDependency - so you can pick how to pin and this library has no preference.

But, we could tighten it up on the top end to ensure only known versions are supported.

Happy to accept PRs for that if you'd like!

venables avatar Dec 12 '25 02:12 venables

Happy to accept PRs for that if you'd like!

https://github.com/venables/koa-helmet/pull/109

csikb avatar Dec 15 '25 07:12 csikb