Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

express-bff

Package Overview
Dependencies
Maintainers
1
Versions
14
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express-bff

## Features

1.1.0
latest
Source
npmnpm
Version published
Weekly downloads
2
Maintainers
1
Weekly downloads
 
Created
Source

An Express middleware for simple way to create BFF (backend-for-frontend) server for your RIA/SPA applications.

Features

  • Automated client-side security.
  • Built-in sessions.
  • File-based REST API controllers with automatic route-matching.
  • Server-sent event (SSE) support out-of-the-box.
  • Automated proxying of requests to backend server.
  • Easy integration with Server-side rendering (SSR) engines.
  • Static files serving if needed.
  • Query to SQL (QSQL) support. (coming soon)
  • Memoization of response based on request params. (coming soon)
  • GrapthQL integration. (coming soon)
  • Websockets support. (coming soon)

Install

npm i express-bff --save

Usage

Configuration

const path = require('path');
const express = require('express');
const bff = require('express-bff');

const app = express();

bff(app, {
    security: {
        cors: false,
        secure,
    },
    session: {
        persist: true,
        // OR
        persist({ secret, ttl }) {
          return new CustomStore();
        }
    },
    sse: {
        path: '/events',
        // option serializer callback for objects
        serializer(key, val) {
          return val;
        }
    },
    api: {
        dir: path.join(__dirname, 'routes'),
    },
    proxy: {
        target: 'https://192.x.x.x:3030',
    },
    static: {
        dir: path.join(__dirname, 'static'),
        single: true,
        dev,
    },
    ssr: {
      template: 'index', // provide template name for express render engine
      handler(req) {
        return { /* any locals to render in template */ };
      }
    }
});

app.listen(process.env.PORT);

REST API controller

// ./routes/posts/index.js => /posts

module.exports = {
    get,
    post,
    patch,
    put,
    delete: del
};

async function get(req, res) {
  // ...
}

async function post(req, res) {
  // ...
}

async function put(req, res) {
  // ...
}

async function patch(req, res) {
  // ...
}

async function del(req, res) {
  // ...
}

Route with dynamic parameters:

// ./routes/posts/:id.js => /posts/:id

module.exports = {
    get,
    ...
};

async function get(req, res) {
  console.log('ID is ', req.params.id);
}

Keywords

express
express middleware
bff
backend for frontend

FAQs

Package last updated on 13 Mar 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases

Security News

Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases

This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.

By Sarah Gooding  -  Aug 28, 2025
Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Security News

/

Research

Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.

By Sarah Gooding, Olivia Brown, Peter van der Zee  -  Aug 27, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.