🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more

mongo-sanitize

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
m

mongo-sanitize

Helper to sanitize mongodb queries against query selector injections

1.1.0
latest
99

Supply Chain Security

100

Vulnerability

69

Quality

76

Maintenance

100

License

Version published
Weekly downloads
30K
-15.12%
Maintainers
1
Weekly downloads
 
Created
Issues
4

mongo-sanitize

For the passionately lazy, a standalone module that sanitizes inputs against query selector injection attacks:

var sanitize = require('mongo-sanitize');

// The sanitize function will strip out any keys that start with '$' in the input,
// so you can pass it to MongoDB without worrying about malicious users overwriting
// query selectors.
var clean = sanitize(req.params.username);

Users.findOne({ name: clean }, function(err, doc) {
  // ...
});

If sanitize() is passed an object, it will mutate the original object.

FAQs

Package last updated on 02 Mar 2020

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts