What is express-validator?
express-validator is a set of express.js middlewares that wraps validator.js, a library for string validation and sanitization. It provides a comprehensive set of validation and sanitization middlewares for handling user input in express applications.
What are express-validator's main functionalities?
Validation
This feature allows you to validate user input. In this example, the 'username' field must be alphanumeric and the 'password' field must be at least 5 characters long. If the validation fails, a 400 status code with the validation errors is returned.
const { body, validationResult } = require('express-validator');
app.post('/user', [
body('username').isAlphanumeric(),
body('password').isLength({ min: 5 })
], (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
res.send('User is valid');
});
Sanitization
This feature allows you to sanitize user input. In this example, the 'email' field is normalized to a standard email format and the 'username' field is trimmed of whitespace and escaped to prevent HTML injection.
const { body } = require('express-validator');
app.post('/user', [
body('email').normalizeEmail(),
body('username').trim().escape()
], (req, res) => {
res.send('User input is sanitized');
});
Custom Validators
This feature allows you to create custom validation logic. In this example, the 'age' field must be at least 18. If the validation fails, a 400 status code with the validation errors is returned.
const { body, validationResult } = require('express-validator');
app.post('/user', [
body('age').custom(value => {
if (value < 18) {
throw new Error('Age must be at least 18');
}
return true;
})
], (req, res) => {
const errors = validationResult(req);
if (!errors.isEmpty()) {
return res.status(400).json({ errors: errors.array() });
}
res.send('User is valid');
});
Other packages similar to express-validator
joi
Joi is a powerful schema description language and data validator for JavaScript. It allows you to create blueprints or schemas for JavaScript objects to ensure validation of key information. Compared to express-validator, Joi is more focused on schema-based validation and is not tied to express.js.
yup
Yup is a JavaScript schema builder for value parsing and validation. It is similar to Joi but is more lightweight and has a more modern API. Like Joi, Yup is not tied to express.js and can be used in various JavaScript environments.
validator
Validator is a library of string validators and sanitizers. It is the underlying library used by express-validator for its validation and sanitization functions. While it provides a comprehensive set of validation and sanitization functions, it does not provide middleware for express.js out of the box.
express-validator
An express.js middleware for
validator.
Upgrade notice
If you're arriving here as a express-validator v3 user after upgrading to v4+, please check the upgrade guide in order to find out what's different!
Also please note that, starting with v5.0.0, no new features will be accepted into the legacy API. Only bug fixes will be made.
Installation
npm install express-validator
Also make sure that you have Node.js 8 or newer in order to use it.
Documentation
Please refer to the documentation website on https://express-validator.github.io.
Changelog
Check the GitHub Releases page.
License
MIT License