Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
express-http-context
Advanced tools
Readme
Get and set request-scoped context anywhere. This is just an unopinionated, idiomatic ExpressJS implementation of cls-hooked (forked from continuation-local-storage). It's a great place to store user state, claims from a JWT, request/correlation IDs, and any other request-scoped data. Context is preserved even over async/await (in node 8+).
Install: npm install --save express-http-context
(Note: For node v4-7, use the legacy version: npm install --save express-http-context@<1.0.0
)
Use the middleware immediately before the first middleware that needs to have access to the context. You won't have access to the context in any middleware "used" before this one.
Note that some popular middlewares (such as body-parser, express-jwt) may cause context to get lost. To workaround such issues, you are advised to use any third party middleware that does NOT need the context BEFORE you use this middleware.
var express = require('express');
var httpContext = require('express-http-context');
var app = express();
// Use any third party middleware that does not need access to the context here, e.g.
// app.use(some3rdParty.middleware);
app.use(httpContext.middleware);
// all code from here on has access to the same context for each request
Set values based on the incoming request:
// Example authorization middleware
app.use((req, res, next) => {
userService.getUser(req.get('Authorization'), (err, result) => {
if (err) {
next(err);
} else {
httpContext.set('user', result.user)
next();
}
});
});
Get them from code that doesn't have access to the express req
object:
var httpContext = require('express-http-context');
// Somewhere deep in the Todo Service
function createTodoItem(title, content, callback) {
var user = httpContext.get('user');
db.insert({ title, content, userId: user.id }, callback);
}
You can access cls namespace directly as (it may be useful if you want to apply some patch to it, for example https://github.com/TimBeyer/cls-bluebird):
var ns = require('express-http-context').ns;
To avoid weird behavior with express:
express-http-context
in the first row of your app. Some popular packages use async which breaks CLS.For users of Node 10
See Issue #4 for more context. If you find any other weird behaviors, please feel free to open an issue.
Interesting in contributing? Take a look at the Contributing Guidlines
FAQs
Get and set request-scoped context anywhere
The npm package express-http-context receives a total of 158,284 weekly downloads. As such, express-http-context popularity was classified as popular.
We found that express-http-context demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.