@hugoheml/express-ts-handler
Advanced tools
This is route wrapper for Express that enables:
req on the flySupports Zod for validations. It doesn't depend on validation library directly, so it could be integrated with other validation libraries in future.
Check out example code.
npm i express-ts-handler zod
First, we need to initialize a handler function:
import { makeHandler } from 'express-ts-handler';
import { z, ZodSchema } from 'zod';
export const handler = makeHandler<ZodSchema>({
parse: (type, value) => type.parse(value),
object: z.object,
})
When we don't specify any validations, req.query, req.params, and req.body become of type unknown:
app.post('/path/:id',
handler({
handler(req) {
// no error in default Express, type error with this library:
req.body?.name.toLowerCase();
},
}),
);
Before we can use any request data, we need to add a validation for it.
All unknown keys will be stripped by Zod, so we can safely save req.body to a database.
app.post('/path/:id',
handler({
// coerce and validate id from route path
params: {
id: z.coerce.number().int(),
},
// validate query string
query: {
key: z.string().optional(),
},
// validate request body
body: {
name: z.string(),
},
// finally, route handler. It may be sync or async
async handler(req) {
// all the data is typed properly
const { id } = req.params // { id: number }
const { key } = req.query // { key: string }
const { name } = req.body // { name: string }
return { ...response }
},
}),
);
Validations can be defined, as shown above, with plain objects, but also you can define a different type:
app.post('/path/:id',
handler({
// body can be of any type
body: z.boolean().array().optional(),
async handler(req) {
// ...
},
}),
);
Set result validation to make it type-safe and validated:
app.get('/path',
handler({
result: {
name: z.string(),
},
async handler(req) {
// TS error:
// return { invalid: true }
return { name: 'string' }
},
}),
);
To not mistakenly leak a password, and to not send extra data when it's not intended, result validation prevents it with a TS error:
app.get('/path',
handler({
result: {
name: z.string(),
},
// TS error
async handler(req) {
return { name: 'string', password: '1234' };
},
}),
);
res.send is also performing safely:
app.get('/path',
handler({
result: {
name: z.string(),
},
async handler(req, res) {
// TS error
res.send({ name: 'string', password: '1234' });
// no error
res.send({ name: 'string' });
},
}),
);
This library runs validations on responses by default when NODE_ENV !== 'production'.
You can override it by passing a boolean into checkResult:
import { makeHandler } from 'express-ts-handler';
export const handler = makeHandler<ZodSchema>({
// never check:
checkResult: false,
});
We can define a regular function and call it inside a route handler, it's simpler than a middleware and is well typed:
// simple function
const authorizeUser = (req: Request) => {
const token = req.header('Authorization');
if (token === 'correct token') {
return loadUserByToken(token);
}
throw new Error('Unauthorized');
};
app.get('/path', async (req) => {
// no problems with types
const user = await authorizeUser(req);
})
That works well, but for the case if we want first to run a middleware, and only after it is passed to run validations, this library supports the following:
const authorizeUser = async (req: Request) => {
const token = req.header('Authorization');
if (token === 'correct token') {
const user = loadUserByToken(token);
// assign user object to req, return result
return Object.assign(req, { user });
}
throw new Error('Unauthorized');
};
app.get('/path',
handler({
use: authorizeUser,
async handler(req, res) {
// req.user has a correct type
req.user.id
},
}),
);
use can take a single function, or an array of multiple middlewares:
// may be sync
const one = (req: Request) => {
return Object.assign(req, { one: 123 });
};
// may be async
const two = async (req: Request) => {
return Object.assign(req, { two: 'string' });
};
app.get('/path',
handler({
use: [one, two],
async handler(req, res) {
// req.one is string
req.one.toLowerCase()
// req.one is a number
req.two.toFixed(2)
},
}),
);
Middlewares accept the same parameters as the Express ones, no problems with async errors, they can call next function.
const one = async () => {
throw new Error('error from middleware')
};
// calling next(err) is equivalent to throwing
const two = async (req, res, next) => {
next(new Error('error from middleware'))
};
app.get('/path',
handler({
use: [one, two],
async handler(req, res) {
// ...
},
}),
);
FAQs
Express route handler for type-safe validations
We found that @hugoheml/express-ts-handler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.