Problem with solving first challenge of InfoSec Course


I am very stuck on the issue with installing and requiring the package ‘helmet’ from the first challenge of the course

I have previous experience with NodeJS, but it seems like no matter what I do I keep getting a result saying “helmet version 3.21.3 should be in package.json”

Link to the repo as well as the link I use to submit the live version:

What I’ve already tried:

  • Running npm install helmet@3.21.3 in the command line
  • Manually adding helmet version 3.21.3 in the dependencies part of package.json and running npm install

I really hope this wasn’t because of a minor technicality because it almost completely ruined my will to advance in this course

that is not the link to the live version, the link to the live version is the link that appears above the preview once you run the code for the first time

with that link you will actually submit your project to the tests

Thanks, that worked. I wish this was mentioned at the submission though.

Hey there,

Thanks, for mentioning, we have noticed this common confusion, and something is in the works to mention this in the submission. Also, the placeholder alludes to the format of the URL expected.

Just out of interest: Did you skip some of the previous lessons in the curriculum?

You are correct, I should have paid attention to that too. Perhaps other than mentioning this an alternative is also to point out the erroneous URL submission. With the error message I have received saying “helmet version 3.21.3 should be in package.json”, I would have probably never thought that the submitted URL is wrong.

Considering that this issue occurred to me during the first lesson the answer is that I hadn’t skipped any previous lessons.

The lesson mentioned in this thread is 5 certificates, and a few hundred lessons after the first backend section:

For the most part, the lessons appear in the order they are expected to be completed. You might find a lot of the future lessons within the Information Security section confusing, if you have not at least completed the prior backend content.

Thank you for your reply and clearing it up. In my opinion I already have solid knowledge and professional experience with NodeJS development and APIs/RESTful services, therefore I did not find the need to previously complete the previous courses.

My wish is to strengthen my knowledge in Information Security and gain some practical knowledge.

Ah. No worries then.

Some specifics about the platform, then:

  • In order to claim a certificate, you need to only complete the 5 projects from a section. To claim, head over to your profile settings page.
  • The Information and Security section has been updated, within the last year, and consists of 2/5 Python content. Feel free to not do the Python side, unless you really want.
  • If you still want a certificate without wanting to do the Python content, then you can find the old Information Security projects in the settings page (towards the bottom). This has been renamed to Legacy Information Security and Quality Assurance Certification, and consists of 5/5 JavaScript projects, 2 of which are within the current curriculum (first 2 projects), and 3 are in Quality Assurance Certification > Quality Assurance Projects
  • You are welcome to use, or any other platform to host your projects. The tests require a Live App, which must be publicly visible. Typically, the tests target the endpoints you are required to create for the projects.
  • If in doubt, ask here, or you can also find the tests on the main GitHub repo:
    freeCodeCamp/ at master · freeCodeCamp/freeCodeCamp ( (first Information and Security project, as an example)

Hope this helps some.

Thank you very much for taking your time to clear things up even further, I highly appreciate it.