dssrf is a lightweight Node.js library that provides deterministic SSRF protection for any code that uses fetch() or outbound HTTP requests. It works seamlessly in Appwrite projects, especially when calling external APIs or handling user‑controlled URLs inside server-side functions.

Instead of trusting the input URL, dssrf validates the actual outbound destination before the request is made. It blocks unsafe patterns like DNS rebinding, private IP access, malformed hostnames, and redirect chains that resolve to internal networks.

Key features

• Deterministic outbound‑request validation
• Safe redirect handling (every hop re‑validated)
• Blocks private and internal IP ranges
• Protects against DNS rebinding
• Disallow all protocol schema except http and https
• remove the User Info (@) symbol and replace backslash () with (/)
• Strict IPv4 validation
• Unicode normalization to prevent unicode based attacks

GitHub: https://github.com/HackingRepo/dssrf-js
NPM: https://www.npmjs.com/package/dssrf