express-yup
Advanced tools
Readme
express-yup is a super light-weight Express middleware to easily validate the Express Request object against a Yup schema.
Yup is a leaner alternative to Joi, that also supports client-side validation and is the reason why this middleware was created in the first place - to easily share schemas between the client- and server-side.
If Joi is more your thing, then rather use the excellent express-validation library.
express-yup has two peer-dependencies that you need to ensure is installed first: express and yup.
Install from NPM:
npm install express yup # or yarn add express yup
If you are using TypeScript, you might want to install their type definition files as well:
npm install -D @types/express @types/yup # or yarn add -D @types/express @types/yup
and then install express-yup (it comes with its TypeScript types):
npm install express-yup # or yarn add express-yup
Add as middleware to your Express app as a whole if you want to validate all routes against a specific schema, or add individually to each route (more likely):
import express, { NextFunction, Request, Response } from 'express'
import bodyParser from 'body-parser'
import * as yup from 'yup'
import { validate } from 'express-yup'
const app = express()
// Add whatever other middleware you need for your Express app
app.use(bodyParser.json())
// Example global `express-yup` validate middleware
const authHeaderSchema = yup.object().shape({
headers: yup.object().shape({
authorization: yup
.string()
.matches(/^Bearer\s\w+$/)
.required(),
}),
})
app.use(validate(authHeaderSchema))
// Example route-level middleware
const routeSchema = yup.object().shape({
// notice that we are setting our schema to validate the `body` object here
body: yup.object().shape({
hello: yup.string().required(),
bye: yup.string().required(),
}),
})
app.post(
'/some-route',
validate(routeSchema),
(req: Request, res: Response) => {
// `hello` and `bye` guaranteed to be string properties on `req.body`
const { hello, bye } = req.body
// Do what you need from here
}
)
// Global error middleware
app.use((error: Error, req: Request, res: Response, next: NextFunction) => {
if (error instanceof yup.ValidationError) {
res.status(400).json({ message: error.message }) // status code is 400 by default
return
}
res.status(500).json({ message: 'Internal Server Error' })
})
MIT
FAQs
`express-yup` is a super light-weight Express [middleware](https://expressjs.com/en/guide/using-middleware.html#using-middleware) to easily validate the Express [Request object](https://expressjs.com/en/4x/api.html#req) against a [Yup](https://www.npmjs.c
We found that express-yup demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA launched a new project called Vulnrichment to enrich CVEs with details that help prioritize patching and mitigation efforts, as the NVD backlog of unenriched CVEs awaiting analysis surpasses 10,000.
Security News
Socket is joining forces with CISA and other industry leaders at the RSA Conference to sign the Secure by Design pledge, committing to uphold the highest security standards in our products.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.