{"id":16762,"library":"basic-auth-middleware","title":"Basic Auth Middleware","description":"The package `basic-auth-middleware` provides a foundational HTTP Basic Authentication middleware for Node.js `http` servers. Released as version 1.0.0, this package is definitively abandoned, having received its last update over seven years ago (as of April 2026). It was marked with an \"experimental\" stability badge even at its stable release, indicating it was never intended for long-term production use. It integrates with native `http` server requests and responses, employing a callback-based API (`middleware(req, res, ctx, done)`) for authentication flow control. Error objects are constructed using the `boom` library, which is itself deprecated. Due to its unmaintained status and dated design patterns, it is not suitable for new projects and poses potential security and maintenance risks for existing applications.","status":"abandoned","version":"1.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/yoshuawuyts/basic-auth-middleware","tags":["javascript","basic","auth","middleware","merry","authentication","authorization"],"install":[{"cmd":"npm install basic-auth-middleware","lang":"bash","label":"npm"},{"cmd":"yarn add basic-auth-middleware","lang":"bash","label":"yarn"},{"cmd":"pnpm add basic-auth-middleware","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Used internally for generating HTTP-friendly error objects.","package":"boom","optional":false}],"imports":[{"note":"This package only provides a CommonJS export. ES Modules (ESM) syntax like `import` is not supported. There are no TypeScript type declarations provided by the package.","wrong":"import Auth from 'basic-auth-middleware'","symbol":"Auth","correct":"const Auth = require('basic-auth-middleware')"}],"quickstart":{"code":"const Auth = require('basic-auth-middleware');\nconst http = require('http');\n\nconst USERNAME = process.env.BASIC_AUTH_USERNAME || 'my-username';\nconst PASSWORD = process.env.BASIC_AUTH_PASSWORD || 'some-password';\nconst PORT = process.env.PORT || 3000;\n\nconst auth = Auth(USERNAME, PASSWORD);\n\nconst server = http.createServer(function (req, res) {\n  const ctx = {}; // Context object, can be used for passing data\n  auth(req, res, ctx, function (err) {\n    if (err) {\n      // boom errors typically have .output.statusCode\n      res.statusCode = err.output ? err.output.statusCode : 401;\n      res.setHeader('WWW-Authenticate', 'Basic realm=\"Authentication Required\"');\n      res.end('Not authenticated. Please provide valid credentials.');\n      console.log('Authentication failed.');\n      return;\n    }\n    res.end('Authentication successful! Welcome.');\n    console.log('Authentication successful.');\n  });\n});\n\nserver.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log(`Try accessing with 'curl -u ${USERNAME}:${PASSWORD} http://localhost:${PORT}'`);\n  console.log(`Or without credentials to fail: 'curl http://localhost:${PORT}'`);\n});","lang":"javascript","description":"Demonstrates setting up a basic HTTP server with basic authentication using environment variables for credentials. It shows successful and failed authentication scenarios."},"warnings":[{"fix":"Migrate to a actively maintained basic authentication middleware for your specific framework (e.g., 'express-basic-auth' for Express) or implement a custom, modern solution.","message":"This package is considered abandoned, with the last update over 7 years ago (as of April 2026). It also carried an 'experimental' stability badge even at its 1.0.0 release. It is not recommended for new projects and should be replaced in existing ones due to potential security vulnerabilities and lack of maintenance.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Wrap the middleware in a Promise or utilize an alternative package that provides a promise-based or async/await compatible API for easier integration with modern Node.js patterns.","message":"The middleware uses a callback-based API (`middleware(req, res, ctx, done)`) which is less common in modern async/await-centric Node.js development. This can lead to more complex error handling and control flow compared to promise-based alternatives.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Inspect the `err` object in the callback for specific `boom` properties like `err.output` or `err.isBoom`. Consider migrating to a middleware that uses standard JavaScript `Error` objects or more modern error handling patterns.","message":"This package relies on the 'boom' library for error objects. 'boom' is also deprecated and largely unmaintained. Consumers of the `err` object will need to handle `boom`-specific properties (e.g., `err.output.statusCode`) rather than standard JavaScript `Error` properties.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Use CommonJS `require` syntax: `const Auth = require('basic-auth-middleware');`","cause":"Attempting to import this CommonJS-only package using ES Modules (`import`) syntax in a modern Node.js environment.","error":"ERR_REQUIRE_ESM: require() of ES Module ... not supported."},{"fix":"Ensure you create an instance by calling `Auth` with username and password: `const auth = Auth('your-username', 'your-password');` before using `auth(req, res, ctx, done);`","cause":"Attempting to call the imported module directly as a middleware function instead of first instantiating it with credentials.","error":"TypeError: auth is not a function"}],"ecosystem":"npm","meta_description":null}