Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
express-unless
Advanced tools
Conditionally add a middleware to express with some common patterns.
The express-unless package is a middleware for Express.js that allows you to conditionally skip other middleware based on certain criteria. This is useful for scenarios where you want to apply middleware to most routes but exclude certain ones based on conditions like the request path, HTTP method, or custom logic.
Path-based exclusion
This feature allows you to exclude certain paths from the middleware. In this example, the middleware is applied to all routes except '/public' and '/about'.
const express = require('express');
const unless = require('express-unless');
const app = express();
const myMiddleware = (req, res, next) => {
// Middleware logic
next();
};
myMiddleware.unless = unless;
app.use(myMiddleware.unless({ path: ['/public', '/about'] }));
app.get('/public', (req, res) => res.send('Public Page'));
app.get('/about', (req, res) => res.send('About Page'));
app.get('/private', (req, res) => res.send('Private Page'));
app.listen(3000, () => console.log('Server running on port 3000'));
Method-based exclusion
This feature allows you to exclude certain HTTP methods from the middleware. In this example, the middleware is applied to all routes except those using the GET and POST methods.
const express = require('express');
const unless = require('express-unless');
const app = express();
const myMiddleware = (req, res, next) => {
// Middleware logic
next();
};
myMiddleware.unless = unless;
app.use(myMiddleware.unless({ method: ['GET', 'POST'] }));
app.get('/test', (req, res) => res.send('GET request'));
app.post('/test', (req, res) => res.send('POST request'));
app.put('/test', (req, res) => res.send('PUT request'));
app.listen(3000, () => console.log('Server running on port 3000'));
Custom logic exclusion
This feature allows you to exclude middleware based on custom logic. In this example, the middleware is skipped if the request contains a header 'x-custom-header' with the value 'skip'.
const express = require('express');
const unless = require('express-unless');
const app = express();
const myMiddleware = (req, res, next) => {
// Middleware logic
next();
};
myMiddleware.unless = unless;
app.use(myMiddleware.unless((req) => {
return req.headers['x-custom-header'] === 'skip';
}));
app.get('/test', (req, res) => res.send('Test route'));
app.listen(3000, () => console.log('Server running on port 3000'));
The express-conditional-middleware package allows you to conditionally apply middleware based on custom conditions. It is similar to express-unless but focuses more on applying middleware conditionally rather than skipping it. This package is useful if you need more control over when middleware should be applied.
Conditionally skip a middleware when a condition is met.
npm i express-unless --save
With existing middlewares:
var { unless } = require("express-unless");
var static = express.static(__dirname + "/public");
static.unless = unless;
app.use(static.unless({ method: "OPTIONS" }));
If you are authoring a middleware you can support unless as follow:
var { unless } = require("express-unless");
module.exports = function (middlewareOptions) {
var mymid = function (req, res, next) {};
mymid.unless = unless;
return mymid;
};
method
it could be an string or an array of strings. If the request method match the middleware will not run.path
it could be an string, a regexp or an array of any of those. It also could be an array of object which is url and methods key-pairs. If the request path or path and method match, the middleware will not run. Check Examples for usage.ext
it could be an string or an array of strings. If the request path ends with one of these extensions the middleware will not run.custom
it must be a function that accepts req
and returns true
/ false
. If the function returns true for the given request, the middleware will not run.useOriginalUrl
it should be true
or false
, default is true
. if false, path
will match against req.url
instead of req.originalUrl
. Please refer to Express API for the difference between req.url
and req.originalUrl
.Require authentication for every request unless the path is index.html.
app.use(
requiresAuth.unless({
path: ["/index.html", { url: "/", methods: ["GET", "PUT"] }],
})
);
Avoid a fstat for request to routes doesnt end with a given extension.
app.use(
static.unless(function (req) {
var ext = url.parse(req.originalUrl).pathname.substr(-4);
return !~[".jpg", ".html", ".css", ".js"].indexOf(ext);
})
);
MIT 2014 - Jose Romaniello
FAQs
Conditionally add a middleware to express with some common patterns.
We found that express-unless demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.