Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
The boom npm package is a set of utilities for returning HTTP errors. It is part of the hapi ecosystem and provides a way to send error responses that include a friendly error message, the correct HTTP status code, and any additional error information.
Creating HTTP-friendly error objects
Boom allows you to create error objects that are suitable for HTTP responses. For example, you can create a 400 Bad Request error using Boom.badRequest('Invalid request payload input').
{"statusCode": 400, "error": "Bad Request", "message": "Invalid request payload input"}
Decorating error objects
Boom provides a way to decorate error objects with additional information. You can add custom data to an error using Boom.badRequest('Invalid request payload input').data({ custom: 'info' }).
{"statusCode": 400, "error": "Bad Request", "message": "Invalid request payload input", "data": {"custom": "info"}}
Generating errors for various HTTP status codes
Boom has methods for generating errors corresponding to most HTTP status codes, such as Boom.notFound('Resource not found') for a 404 error, or Boom.internal('An internal server error occurred') for a 500 error.
[{"statusCode": 404, "error": "Not Found", "message": "Resource not found"}, {"statusCode": 500, "error": "Internal Server Error", "message": "An internal server error occurred"}]
The http-errors package is similar to boom in that it allows you to create HTTP error objects. It is middleware-friendly and can be used with frameworks like Express. Unlike boom, it does not have a dependency on the hapi ecosystem.
api-error-handler is an Express middleware for handling API errors. It formats error responses in a consistent structure. While it is similar to boom in handling errors, it is specifically designed for Express and is used as middleware rather than a standalone error object generator.
HTTP-friendly error objects
Lead Maintainer: Adam Bretz
Boom.badRequest([message], [data])
Boom.unauthorized([message], [scheme], [attributes])
Boom.paymentRequired([message], [data])
Boom.forbidden([message], [data])
Boom.notFound([message], [data])
Boom.methodNotAllowed([message], [data], [allow])
Boom.notAcceptable([message], [data])
Boom.proxyAuthRequired([message], [data])
Boom.clientTimeout([message], [data])
Boom.conflict([message], [data])
Boom.resourceGone([message], [data])
Boom.lengthRequired([message], [data])
Boom.preconditionFailed([message], [data])
Boom.entityTooLarge([message], [data])
Boom.uriTooLong([message], [data])
Boom.unsupportedMediaType([message], [data])
Boom.rangeNotSatisfiable([message], [data])
Boom.expectationFailed([message], [data])
Boom.teapot([message], [data])
Boom.badData([message], [data])
Boom.locked([message], [data])
Boom.preconditionRequired([message], [data])
Boom.tooManyRequests([message], [data])
Boom.illegal([message], [data])
boom provides a set of utilities for returning HTTP errors. Each utility returns a Boom
error response
object (instance of Error
) which includes the following properties:
isBoom
- if true
, indicates this is a Boom
object instance.isServer
- convenience bool indicating status code >= 500.message
- the error message.output
- the formatted response. Can be directly manipulated after object construction to return a custom
error response. Allowed root keys:
statusCode
- the HTTP status code (typically 4xx or 5xx).headers
- an object containing any HTTP headers where each key is a header name and value is the header content.payload
- the formatted object used as the response payload (stringified). Can be directly manipulated but any
changes will be lost
if reformat()
is called. Any content allowed and by default includes the following content:
statusCode
- the HTTP status code, derived from error.output.statusCode
.error
- the HTTP status message (e.g. 'Bad Request', 'Internal Server Error') derived from statusCode
.message
- the error message derived from error.message
.Error
properties.The Boom
object also supports the following method:
reformat()
- rebuilds error.output
using the other object properties.wrap(error, [statusCode], [message])
Decorates an error with the boom properties where:
error
- the error object to wrap. If error
is already a boom object, returns back the same object.statusCode
- optional HTTP status code. Defaults to 500
.message
- optional message string. If the error already has a message, it adds the message as a prefix.
Defaults to no message.var error = new Error('Unexpected input');
Boom.wrap(error, 400);
create(statusCode, [message], [data])
Generates an Error
object with the boom decorations where:
statusCode
- an HTTP error code number. Must be greater or equal 400.message
- optional message string.data
- additional error data set to error.data
property.var error = Boom.create(400, 'Bad request', { timestamp: Date.now() });
Boom.badRequest([message], [data])
Returns a 400 Bad Request error where:
message
- optional message.data
- optional additional error data.Boom.badRequest('invalid query');
Generates the following response payload:
{
"statusCode": 400,
"error": "Bad Request",
"message": "invalid query"
}
Boom.unauthorized([message], [scheme], [attributes])
Returns a 401 Unauthorized error where:
message
- optional message.scheme
can be one of the following:
attributes
- an object of values to use while setting the 'WWW-Authenticate' header. This value is only used
when scheme
is a string, otherwise it is ignored. Every key/value pair will be included in the
'WWW-Authenticate' in the format of 'key="value"' as well as in the response payload under the attributes
key. Alternatively value can be a string which is use to set the value of the scheme, for example setting the token value for negotiate header. If string is used message parameter must be null.
null
and undefined
will be replaced with an empty string. If attributes
is set, message
will be used as
the 'error' segment of the 'WWW-Authenticate' header. If message
is unset, the 'error' segment of the header
will not be present and isMissing
will be true on the error object.If either scheme
or attributes
are set, the resultant Boom
object will have the 'WWW-Authenticate' header set for the response.
Boom.unauthorized('invalid password');
Generates the following response:
"payload": {
"statusCode": 401,
"error": "Unauthorized",
"message": "invalid password"
},
"headers" {}
Boom.unauthorized('invalid password', 'sample');
Generates the following response:
"payload": {
"statusCode": 401,
"error": "Unauthorized",
"message": "invalid password",
"attributes": {
"error": "invalid password"
}
},
"headers" {
"WWW-Authenticate": "sample error=\"invalid password\""
}
Boom.unauthorized(null, 'Negotiate', 'VGhpcyBpcyBhIHRlc3QgdG9rZW4=');
Generates the following response:
"payload": {
"statusCode": 401,
"error": "Unauthorized",
"attributes": "VGhpcyBpcyBhIHRlc3QgdG9rZW4="
},
"headers" {
"WWW-Authenticate": "Negotiate VGhpcyBpcyBhIHRlc3QgdG9rZW4="
}
Boom.unauthorized('invalid password', 'sample', { ttl: 0, cache: null, foo: 'bar' });
Generates the following response:
"payload": {
"statusCode": 401,
"error": "Unauthorized",
"message": "invalid password",
"attributes": {
"error": "invalid password",
"ttl": 0,
"cache": "",
"foo": "bar"
}
},
"headers" {
"WWW-Authenticate": "sample ttl=\"0\", cache=\"\", foo=\"bar\", error=\"invalid password\""
}
Boom.paymentRequired([message], [data])
Returns a 402 Payment Required error where:
message
- optional message.data
- optional additional error data.Boom.paymentRequired('bandwidth used');
Generates the following response payload:
{
"statusCode": 402,
"error": "Payment Required",
"message": "bandwidth used"
}
Boom.forbidden([message], [data])
Returns a 403 Forbidden error where:
message
- optional message.data
- optional additional error data.Boom.forbidden('try again some time');
Generates the following response payload:
{
"statusCode": 403,
"error": "Forbidden",
"message": "try again some time"
}
Boom.notFound([message], [data])
Returns a 404 Not Found error where:
message
- optional message.data
- optional additional error data.Boom.notFound('missing');
Generates the following response payload:
{
"statusCode": 404,
"error": "Not Found",
"message": "missing"
}
Boom.methodNotAllowed([message], [data], [allow])
Returns a 405 Method Not Allowed error where:
message
- optional message.data
- optional additional error data.allow
- optional string or array of strings (to be combined and separated by ', ') which is set to the 'Allow' header.Boom.methodNotAllowed('that method is not allowed');
Generates the following response payload:
{
"statusCode": 405,
"error": "Method Not Allowed",
"message": "that method is not allowed"
}
Boom.notAcceptable([message], [data])
Returns a 406 Not Acceptable error where:
message
- optional message.data
- optional additional error data.Boom.notAcceptable('unacceptable');
Generates the following response payload:
{
"statusCode": 406,
"error": "Not Acceptable",
"message": "unacceptable"
}
Boom.proxyAuthRequired([message], [data])
Returns a 407 Proxy Authentication Required error where:
message
- optional message.data
- optional additional error data.Boom.proxyAuthRequired('auth missing');
Generates the following response payload:
{
"statusCode": 407,
"error": "Proxy Authentication Required",
"message": "auth missing"
}
Boom.clientTimeout([message], [data])
Returns a 408 Request Time-out error where:
message
- optional message.data
- optional additional error data.Boom.clientTimeout('timed out');
Generates the following response payload:
{
"statusCode": 408,
"error": "Request Time-out",
"message": "timed out"
}
Boom.conflict([message], [data])
Returns a 409 Conflict error where:
message
- optional message.data
- optional additional error data.Boom.conflict('there was a conflict');
Generates the following response payload:
{
"statusCode": 409,
"error": "Conflict",
"message": "there was a conflict"
}
Boom.resourceGone([message], [data])
Returns a 410 Gone error where:
message
- optional message.data
- optional additional error data.Boom.resourceGone('it is gone');
Generates the following response payload:
{
"statusCode": 410,
"error": "Gone",
"message": "it is gone"
}
Boom.lengthRequired([message], [data])
Returns a 411 Length Required error where:
message
- optional message.data
- optional additional error data.Boom.lengthRequired('length needed');
Generates the following response payload:
{
"statusCode": 411,
"error": "Length Required",
"message": "length needed"
}
Boom.preconditionFailed([message], [data])
Returns a 412 Precondition Failed error where:
message
- optional message.data
- optional additional error data.Boom.preconditionFailed();
Generates the following response payload:
{
"statusCode": 412,
"error": "Precondition Failed"
}
Boom.entityTooLarge([message], [data])
Returns a 413 Request Entity Too Large error where:
message
- optional message.data
- optional additional error data.Boom.entityTooLarge('too big');
Generates the following response payload:
{
"statusCode": 413,
"error": "Request Entity Too Large",
"message": "too big"
}
Boom.uriTooLong([message], [data])
Returns a 414 Request-URI Too Large error where:
message
- optional message.data
- optional additional error data.Boom.uriTooLong('uri is too long');
Generates the following response payload:
{
"statusCode": 414,
"error": "Request-URI Too Large",
"message": "uri is too long"
}
Boom.unsupportedMediaType([message], [data])
Returns a 415 Unsupported Media Type error where:
message
- optional message.data
- optional additional error data.Boom.unsupportedMediaType('that media is not supported');
Generates the following response payload:
{
"statusCode": 415,
"error": "Unsupported Media Type",
"message": "that media is not supported"
}
Boom.rangeNotSatisfiable([message], [data])
Returns a 416 Requested Range Not Satisfiable error where:
message
- optional message.data
- optional additional error data.Boom.rangeNotSatisfiable();
Generates the following response payload:
{
"statusCode": 416,
"error": "Requested Range Not Satisfiable"
}
Boom.expectationFailed([message], [data])
Returns a 417 Expectation Failed error where:
message
- optional message.data
- optional additional error data.Boom.expectationFailed('expected this to work');
Generates the following response payload:
{
"statusCode": 417,
"error": "Expectation Failed",
"message": "expected this to work"
}
Boom.teapot([message], [data])
Returns a 418 I'm a Teapot error where:
message
- optional message.data
- optional additional error data.Boom.teapot('sorry, no coffee...');
Generates the following response payload:
{
"statusCode": 418,
"error": "I'm a Teapot",
"message": "Sorry, no coffee..."
}
Boom.badData([message], [data])
Returns a 422 Unprocessable Entity error where:
message
- optional message.data
- optional additional error data.Boom.badData('your data is bad and you should feel bad');
Generates the following response payload:
{
"statusCode": 422,
"error": "Unprocessable Entity",
"message": "your data is bad and you should feel bad"
}
Boom.locked([message], [data])
Returns a 423 Locked error where:
message
- optional message.data
- optional additional error data.Boom.locked('this resource has been locked');
Generates the following response payload:
{
"statusCode": 423,
"error": "Locked",
"message": "this resource has been locked"
}
Boom.preconditionRequired([message], [data])
Returns a 428 Precondition Required error where:
message
- optional message.data
- optional additional error data.Boom.preconditionRequired('you must supply an If-Match header');
Generates the following response payload:
{
"statusCode": 428,
"error": "Precondition Required",
"message": "you must supply an If-Match header"
}
Boom.tooManyRequests([message], [data])
Returns a 429 Too Many Requests error where:
message
- optional message.data
- optional additional error data.Boom.tooManyRequests('you have exceeded your request limit');
Generates the following response payload:
{
"statusCode": 429,
"error": "Too Many Requests",
"message": "you have exceeded your request limit"
}
Boom.illegal([message], [data])
Returns a 451 Unavailable For Legal Reasons error where:
message
- optional message.data
- optional additional error data.Boom.illegal('you are not permitted to view this resource for legal reasons');
Generates the following response payload:
{
"statusCode": 451,
"error": "Unavailable For Legal Reasons",
"message": "you are not permitted to view this resource for legal reasons"
}
All 500 errors hide your message from the end user. Your message is recorded in the server log.
Boom.badImplementation([message], [data])
- (alias: internal
)Returns a 500 Internal Server Error error where:
message
- optional message.data
- optional additional error data.Boom.badImplementation('terrible implementation');
Generates the following response payload:
{
"statusCode": 500,
"error": "Internal Server Error",
"message": "An internal server error occurred"
}
Boom.notImplemented([message], [data])
Returns a 501 Not Implemented error where:
message
- optional message.data
- optional additional error data.Boom.notImplemented('method not implemented');
Generates the following response payload:
{
"statusCode": 501,
"error": "Not Implemented",
"message": "method not implemented"
}
Boom.badGateway([message], [data])
Returns a 502 Bad Gateway error where:
message
- optional message.data
- optional additional error data.Boom.badGateway('that is a bad gateway');
Generates the following response payload:
{
"statusCode": 502,
"error": "Bad Gateway",
"message": "that is a bad gateway"
}
Boom.serverUnavailable([message], [data])
Returns a 503 Service Unavailable error where:
message
- optional message.data
- optional additional error data.Boom.serverUnavailable('unavailable');
Generates the following response payload:
{
"statusCode": 503,
"error": "Service Unavailable",
"message": "unavailable"
}
Boom.gatewayTimeout([message], [data])
Returns a 504 Gateway Time-out error where:
message
- optional message.data
- optional additional error data.Boom.gatewayTimeout();
Generates the following response payload:
{
"statusCode": 504,
"error": "Gateway Time-out"
}
Q How do I include extra information in my responses? output.payload
is missing data
, what gives?
A There is a reason the values passed back in the response payloads are pretty locked down. It's mostly for security and to not leak any important information back to the client. This means you will need to put in a little more effort to include extra information about your custom error. Check out the "Error transformation" section in the hapi documentation.
FAQs
HTTP-friendly error objects
The npm package boom receives a total of 2,650,502 weekly downloads. As such, boom popularity was classified as popular.
We found that boom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.