Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
express-query-params
Advanced tools
Express.js middleware implementing the API Query Spec, converting the params to SQL or a Mongo query
Express.js middleware implementing the API Query Spec, converting the query to something that can be used to look up the resource.
It works for MongoDB and SQL.
npm i --save express-query-params # with npm
yarn add express-query-params # with yarn
This middleware can just be plugged into your stack like so:
const express = require('express')
const queryParams = require('express-query-params')
const app = express()
app.use(queryParams())
Inside any downstream middleware, this plugin will create a parsedQuery
prop on request
, so you should be able to access it via request.parsedQuery
.
The middleware accepts a few options to make your life easier:
app.use(queryParams({
/*
Will validate dates according to this format - defaults to ISO8601
If you want to custom-format your dates, please pass a function here. Its first
argument would be the raw date and it would expect the formatted date as a return.
*/
dateFormat: 'ISO8601',
/*
Here you can overwrite the default behaviour of how dates are handled. If this is
set to true, it will give you back a JS Date object. If you set it to false, you will
merely get the string you put in.
A caveat - if you set `dateFormat` to a custom function, this option will have no effect.
For SQL, this defaults to false and for Mongo the default is true
*/
returnJSDate: false|true,
/*
Accepts `mongo`, `sql` or `sequelize` - defaults to `mongo`
*/
format: 'mongo',
/*
Use this to prevent certain params from becoming clauses. Useful for things like
pagination params. Default is `limit`.
Add their key to this array.
Is compatible with the whitelistParams (but can't really imagine why you'd want to!)
*/
blacklistParams: [ 'limit' ],
/*
Use this to only allow certain params becoming clauses. Useful for limiting access in
your API's search functionality.
Add their key to this array.
Is compatible with the blacklistParams (but can't really imagine why you'd want to!)
*/
whitelistParams: []
}));
So far, this middleware supports mongodb
, sql
and sequelize
as output formats.
mongodb
the output is a javascript object that can be used to query MongoDb.sql
it will output an object with the following props:
query
- this contains a tokenised query (ie. $1
replaces raw params)values
- this is an array of typecast values you can use in your query runner to coincide with the query
propsequelize
outputs an object usable as a where clause in a Sequelize lookupThis module has endured a complete re-write from version 0.4.0
to 1.0.0
. Their APIs are only partially compatible now, so please ensure you read the following differences before upgrading:
dateFormat
option now works differently, please read about it above if you need it to do something besides default.moment
is no longer required for this module, it uses only native JS date.Do you have a database that is not SQL or Mongo? Would love to have your contribution in the form of a PR! Please include a test.
npm run test
FAQs
Express.js middleware implementing the API Query Spec, converting the params to SQL or a Mongo query
The npm package express-query-params receives a total of 37 weekly downloads. As such, express-query-params popularity was classified as not popular.
We found that express-query-params demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.