Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@esmj/schema-express-middleware

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@esmj/schema-express-middleware

Middleware for express that uses @esmj/schema to make requests type-safe.

latest
Source
npmnpm
Version
0.4.0
Version published
Weekly downloads
7
-50%
Maintainers
1
Weekly downloads
 
Created
Source

@esmj/schema-express-middleware

Express middleware for validating request body, query, params, and headers using @esmj/schema. Inspired by popular validation middlewares like zod-express-middleware and express-joi-validation, but using @esmj/schema for fast, type-safe validation.

Installation

npm install @esmj/schema-express-middleware

Usage

Basic Example

import express from 'express';
import { s, validateBody } from '@esmj/schema-express-middleware';

const app = express();
app.use(express.json());

const userSchema = s.object({
  name: s.string({ message: 'Name is required' }).refine((value) => value.length > 0, { message: 'Name must not be empty' }),
  age: s.string({ message: 'Age is required' })
    .transform((value) => Number.parseInt(value))
    .pipe(s.number())
    .refine((value) => Number.isInteger(value) && value >= 0, { message: 'Age must be a non-negative integer' }),
});

app.post('/users', validateBody(userSchema), (req, res) => {
  // req.schema.body is now validated and typed
  res.json({ user: req.schema.body });
});

app.listen(3000);

API

validate(schemas, errorHandler?)

Arguments:

  • schema: { body?, query?, params?, headers? } — An object where each property is an optional @esmj/schema SchemaInterface. Each provided schema will be used to validate the corresponding part of the request (req.body, req.query, req.params, req.headers).
  • errorHandler (optional): (opts) => unknown — A function called on validation error. Receives an object with { req, res, next, part, error, result }.
    • part: One of 'body' | 'query' | 'params' | 'headers' indicating which part failed.
    • error: The validation error (with message and optional cause).
    • result: The failed parse result (with success: false).

Returns: Express RequestHandler middleware.

import { validate, s } from '@esmj/schema-express-middleware';

app.post(
  '/login',
  validate({
    body: s.object({ username: s.string(), password: s.string() }),
    query: s.object({ next: s.string().optional() }),
  }),
  (req, res) => {
    // req.schema.body and req.schema.query are validated and typed
    res.send('ok');
  }
);

Custom Error Handler

You can provide a custom error handler to control the response:

import { validate } from '@esmj/schema-express-middleware';

function myErrorHandler({ res, error, part }) {
  res.status(422).json({ part, message: error.message });
}

app.post('/users', validate({ body: userSchema }, myErrorHandler), handler);

validateBody(schema, errorHandler?)

Arguments:

  • schema: [@esmj/schema SchemaInterface] — The schema to validate req.body.
  • errorHandler (optional): Same as above.

Returns: Express RequestHandler middleware.

app.post('/users', validateBody(userSchema), handler);

validateQuery(schema, errorHandler?)

Arguments:

  • schema: [@esmj/schema SchemaInterface] — The schema to validate req.query.
  • errorHandler (optional): Same as above.

Returns: Express RequestHandler middleware.

app.get('/search', validateQuery(s.object({ q: s.string() })), handler);

validateParams(schema, errorHandler?)

Arguments:

  • schema: [@esmj/schema SchemaInterface] — The schema to validate req.params.
  • errorHandler (optional): Same as above.

Returns: Express RequestHandler middleware.

app.get('/users/:id', validateParams(s.object({ id: s.string() })), handler);

validateHeaders(schema, errorHandler?)

Arguments:

  • schema: [@esmj/schema SchemaInterface] — The schema to validate req.headers.
  • errorHandler (optional): Same as above.

Returns: Express RequestHandler middleware.

app.get('/secure', validateHeaders(s.object({ authorization: s.string() })), handler);

Types

  • All helpers are fully typed. After validation, the validated and transformed data is available on the req.schema property:
    • req.schema.body — validated request body (if body schema provided)
    • req.schema.query — validated query parameters (if query schema provided)
    • req.schema.params — validated route parameters (if params schema provided)
    • req.schema.headers — validated headers (if headers schema provided)
  • All schemas must be @esmj/schema.

License

MIT

Keywords

schema
validation
type
inference
express
middleware

FAQs

Package last updated on 23 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

Research

SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains

An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

By Socket Research Team  -  Feb 20, 2026
Socket Joins the OpenJS Foundation

Company News

Socket Joins the OpenJS Foundation

Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

By Sarah Gooding  -  Feb 19, 2026