Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@curveball/problem
Advanced tools
Curveball Problem Middleware
This package is a middleware for the Curveball framework that catches any
exception and turns them into application/problem+json responses, as defined
in RFC9457.
By default any exception turns into a non-descript 500 Internal Server Error. To create a more specific error, use an exception from the @curveball/http-errors package or implement one of the interfaces.
Installation
npm install @curveball/problem
Getting started
import problemMw from '@curveball/problem';
import { Application } from '@curveball/kernel';
const app = new Application();
app.use(problemMw());
Typically you will want the problem middleware to be one of the first middlewares you add to the server. Only exceptions from midddlewares that come after the problem middleware can be caught.
Throwing errors
You can throw the following kinds of errors.
- Standard errors. These errors will be anonimized and logged to the console. a http 500 error gets emitted. (unless debug mode is on).
- Errors with a
httpStatusproperty. Any error that's thrown that has ahttpStatusproperty will automatically use that http status. The error message will be used as a title. - An error from the http-errors package.
Debug mode
By default the middleware will emit a detailed error for any exception that implements the http-errors interfaces, because the assumption is that if these errors were emitted, they were intended for the user of the server.
Any exceptions that are thrown that don't implement these interfaces are stripped from their message and detail and converted to a 500 error to avoid potential security issues.
It's possible to turn this off during development in two ways. You can set the debug setting to true as such:
app.use(problemMw({
debug: true
});
The second way is by setting the environemnt variable NODE_ENV to the string
development.
If the debug property is set, that value always takes precedent.
Quiet mode
If quiet mode is enabled, 4XX errors are not logged. Client errors are common and usually expected behavior, so it might be preferable for them to not spam the log.
app.use(problemMw({
quiet: true
});
FAQs
A middleware for converting errors into application/problem+json
The npm package @curveball/problem receives a total of 206 weekly downloads. As such, @curveball/problem popularity was classified as not popular.
We found that @curveball/problem demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 17 Jan 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025