A middleware wrapper for express that skips calling the middleware for pre-flight requests.
# Yarn
yarn add deflight
# NPM
npm install deflight
The package exports both a named and a default export:
import { deflight } from "deflight";
// Or
import deflight from "deflight";
app.use(deflight(someMiddleware));
If your app serves requests coming from a different origin than your server is hosted on, and you need to do something specifically with the pre-flight requests, for example, sending the Access-Control-Allow-Methods header on a per-route basis:
app.use(deflight(someExpensiveMiddleware));
app.all('/example', (req, res, next) => {
if ((req.method || '').toLowerCase() === 'options') {
res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
res.setHeader('Content-Length', '0');
return res.status(204).end();
}
// Route logic
});
You need to enable the preflightContinue option to let the CORS middleware pass the pre-flight request
to subsequent middlewares and not return early.
app.use(
cors({
origin: "https://example.com",
preflightContinue: true, // Required
})
);
The wrapper uses the default Request type from the express package.
If you have extended the request object, or your middleware expects a different request object:
interface ExtendedRequest extends Request {
customProp: string;
}
app.use(deflight<ExtendedRequest>(someMiddleware));
Deflight is released under the MIT License.
FAQs
Bypass express middlewares for pre-flight requests
The npm package deflight receives a total of 0 weekly downloads. As such, deflight popularity was classified as not popular.
We found that deflight demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.