Security News
The Nightmare Before Deployment
Season’s greetings from Socket, and here’s to a calm end of year: clean dependencies, boring pipelines, no surprises.
By Ahmad Nassri - Dec 16, 2025
@esmj/schema-express-middleware
Advanced tools
@esmj/schema-express-middleware
Middleware for express that uses @esmj/schema to make requests type-safe.
@esmj/schema-express-middleware
Express middleware for validating request body, query, params, and headers using @esmj/schema. Inspired by popular validation middlewares like zod-express-middleware and express-joi-validation, but using @esmj/schema for fast, type-safe validation.
Installation
npm install @esmj/schema-express-middleware
Usage
Basic Example
import express from 'express';
import { s, validateBody } from '@esmj/schema-express-middleware';
const app = express();
app.use(express.json());
const userSchema = s.object({
name: s.string({ message: 'Name is required' }).refine((value) => value.length > 0, { message: 'Name must not be empty' }),
age: s.string({ message: 'Age is required' })
.transform((value) => Number.parseInt(value))
.pipe(s.number())
.refine((value) => Number.isInteger(value) && value >= 0, { message: 'Age must be a non-negative integer' }),
});
app.post('/users', validateBody(userSchema), (req, res) => {
// req.schema.body is now validated and typed
res.json({ user: req.schema.body });
});
app.listen(3000);
API
validate(schemas, errorHandler?)
Arguments:
schema:{ body?, query?, params?, headers? }— An object where each property is an optional@esmj/schemaSchemaInterface. Each provided schema will be used to validate the corresponding part of the request (req.body,req.query,req.params,req.headers).errorHandler(optional):(opts) => unknown— A function called on validation error. Receives an object with{ req, res, next, part, error, result }.part: One of'body' | 'query' | 'params' | 'headers'indicating which part failed.error: The validation error (withmessageand optionalcause).result: The failed parse result (withsuccess: false).
Returns: Express RequestHandler middleware.
import { validate, s } from '@esmj/schema-express-middleware';
app.post(
'/login',
validate({
body: s.object({ username: s.string(), password: s.string() }),
query: s.object({ next: s.string().optional() }),
}),
(req, res) => {
// req.schema.body and req.schema.query are validated and typed
res.send('ok');
}
);
Custom Error Handler
You can provide a custom error handler to control the response:
import { validate } from '@esmj/schema-express-middleware';
function myErrorHandler({ res, error, part }) {
res.status(422).json({ part, message: error.message });
}
app.post('/users', validate({ body: userSchema }, myErrorHandler), handler);
validateBody(schema, errorHandler?)
Arguments:
schema: [@esmj/schemaSchemaInterface] — The schema to validatereq.body.errorHandler(optional): Same as above.
Returns: Express RequestHandler middleware.
app.post('/users', validateBody(userSchema), handler);
validateQuery(schema, errorHandler?)
Arguments:
schema: [@esmj/schemaSchemaInterface] — The schema to validatereq.query.errorHandler(optional): Same as above.
Returns: Express RequestHandler middleware.
app.get('/search', validateQuery(s.object({ q: s.string() })), handler);
validateParams(schema, errorHandler?)
Arguments:
schema: [@esmj/schemaSchemaInterface] — The schema to validatereq.params.errorHandler(optional): Same as above.
Returns: Express RequestHandler middleware.
app.get('/users/:id', validateParams(s.object({ id: s.string() })), handler);
validateHeaders(schema, errorHandler?)
Arguments:
schema: [@esmj/schemaSchemaInterface] — The schema to validatereq.headers.errorHandler(optional): Same as above.
Returns: Express RequestHandler middleware.
app.get('/secure', validateHeaders(s.object({ authorization: s.string() })), handler);
Types
- All helpers are fully typed. After validation, the validated and transformed data is available on the
req.schemaproperty:req.schema.body— validated request body (ifbodyschema provided)req.schema.query— validated query parameters (ifqueryschema provided)req.schema.params— validated route parameters (ifparamsschema provided)req.schema.headers— validated headers (ifheadersschema provided)
- All schemas must be @esmj/schema.
License
MIT
FAQs
Middleware for express that uses @esmj/schema to make requests type-safe.
The npm package @esmj/schema-express-middleware receives a total of 2 weekly downloads. As such, @esmj/schema-express-middleware popularity was classified as not popular.
We found that @esmj/schema-express-middleware demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 31 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords
Impostor NuGet package Tracer.Fody.NLog typosquats Tracer.Fody and its author, using homoglyph tricks, and exfiltrates Stratis wallet JSON/passwords to a Russian IP address.
By Kirill Boychenko - Dec 15, 2025
Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025