You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@curveball/problem

Package Overview
Dependencies
Maintainers
4
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@curveball/problem

A middleware for converting errors into application/problem+json

1.0.0
latest
Source
npm
Version published
Weekly downloads
1.2K
14.35%
Maintainers
4
Weekly downloads
 
Created
Source

Curveball Problem Middleware

This package is a middleware for the Curveball framework that catches any exception and turns them into application/problem+json responses, as defined in RFC9457.

By default any exception turns into a non-descript 500 Internal Server Error. To create a more specific error, use an exception from the @curveball/http-errors package or implement one of the interfaces.

Installation

npm install @curveball/problem

Getting started

import problemMw from '@curveball/problem';
import { Application } from '@curveball/kernel';

const app = new Application();
app.use(problemMw());

Typically you will want the problem middleware to be one of the first middlewares you add to the server. Only exceptions from midddlewares that come after the problem middleware can be caught.

Throwing errors

You can throw the following kinds of errors.

  • Standard errors. These errors will be anonimized and logged to the console. a http 500 error gets emitted. (unless debug mode is on).
  • Errors with a httpStatus property. Any error that's thrown that has a httpStatus property will automatically use that http status. The error message will be used as a title.
  • An error from the http-errors package.

Debug mode

By default the middleware will emit a detailed error for any exception that implements the http-errors interfaces, because the assumption is that if these errors were emitted, they were intended for the user of the server.

Any exceptions that are thrown that don't implement these interfaces are stripped from their message and detail and converted to a 500 error to avoid potential security issues.

It's possible to turn this off during development in two ways. You can set the debug setting to true as such:

app.use(problemMw({
  debug: true
});

The second way is by setting the environemnt variable NODE_ENV to the string development.

If the debug property is set, that value always takes precedent.

Quiet mode

If quiet mode is enabled, 4XX errors are not logged. Client errors are common and usually expected behavior, so it might be preferable for them to not spam the log.

app.use(problemMw({
  quiet: true
});

Keywords

http
framework
nodejs
typescript
push
http2

FAQs

Package last updated on 17 Jan 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader

Research

/

Security News

Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader

North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.

By Kirill Boychenko  -  Jul 14, 2025