{"id":10663,"library":"connect","title":"Connect HTTP Middleware Framework","description":"Connect is a minimalist, high-performance HTTP server framework for Node.js, built around the concept of 'middleware' plugins. It provides a simple, extensible mechanism to compose request handling functions into a stack, where each middleware can process the request, modify the response, and then pass control to the next middleware or end the request-response cycle. This architecture makes Connect a foundational component for more feature-rich frameworks like Express.js. The package's current stable version is 3.7.0, last published in May 2019, indicating a mature and stable project that is now in a maintenance phase rather than active feature development. Connect differentiates itself by being extremely lightweight, offering only core middleware functionality, and relying on the ecosystem for specific tasks like body parsing or session management, which were largely externalized starting from version 3.0.0.","status":"maintenance","version":"3.7.0","language":"javascript","source_language":"en","source_url":"https://github.com/senchalabs/connect","tags":["javascript","framework","web","middleware","connect","rack"],"install":[{"cmd":"npm install connect","lang":"bash","label":"npm"},{"cmd":"yarn add connect","lang":"bash","label":"yarn"},{"cmd":"pnpm add connect","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Connect is primarily a CommonJS module. While Node.js ESM can import CJS modules using a default import, the canonical and most reliable way to import 'connect' is via `require()`.","wrong":"import connect from 'connect';","symbol":"connect","correct":"const connect = require('connect');"},{"note":"Middleware functions are typically defined anonymously or as named functions and passed to the `app.use()` method. They must call `next()` to pass control to the subsequent middleware or `res.end()` to terminate the request.","symbol":"app.use","correct":"app.use(function(req, res, next) { /* ... */ next(); });"},{"note":"Connect distinguishes error-handling middleware by their four-argument signature (err, req, res, next). These are invoked when `next(error)` is called from another middleware. They must be declared after the middleware they are intended to catch errors from.","symbol":"error middleware","correct":"app.use(function(err, req, res, next) { /* handle error */ });"}],"quickstart":{"code":"const connect = require('connect');\nconst http = require('http');\nconst compression = require('compression');\nconst cookieSession = require('cookie-session');\nconst bodyParser = require('body-parser');\n\nconst app = connect();\n\n// Gzip/deflate outgoing responses\napp.use(compression());\n\n// Store session state in browser cookie\n// Note: `keys` should be strong, randomly generated strings in production.\napp.use(cookieSession({\n  keys: ['super-secret-key-1', 'super-secret-key-2']\n}));\n\n// Parse urlencoded request bodies into req.body\napp.use(bodyParser.urlencoded({ extended: false }));\n\n// Example middleware that logs the request method and URL\napp.use(function logRequest(req, res, next) {\n  console.log(`${req.method} ${req.url}`);\n  next();\n});\n\n// Respond to a specific path\napp.use('/hello', function(req, res) {\n  res.setHeader('Content-Type', 'text/plain');\n  res.end('Hello from Connect on /hello!\\n');\n});\n\n// General fallback response for all other requests\napp.use(function(req, res) {\n  res.setHeader('Content-Type', 'text/plain');\n  res.end('Hello from Connect! Try /hello\\n');\n});\n\n// Error handling middleware (must take 4 arguments)\napp.use(function onError(err, req, res, next) {\n  console.error(err.stack);\n  res.statusCode = 500;\n  res.end('Something broke!\\n');\n});\n\n// Create node.js http server and listen on port\nconst PORT = process.env.PORT || 3000;\nhttp.createServer(app).listen(PORT, () => {\n  console.log(`Connect server listening on port ${PORT}`);\n  console.log(`Access at http://localhost:${PORT}`);\n});","lang":"javascript","description":"Demonstrates setting up a basic Connect application with common external middleware (compression, cookie-session, body parsing) and illustrating basic routing and error handling before starting an HTTP server."},"warnings":[{"fix":"Manually install and `require()` or `import` the corresponding external middleware package (e.g., `npm install body-parser` and `require('body-parser')`).","message":"Connect v3.x removed many previously bundled middleware, requiring developers to install them as separate npm packages. This includes `bodyParser`, `json`, `urlencoded` (now `body-parser`), `compress` (now `compression`), `timeout` (now `connect-timeout`), `cookieParser` (now `cookie-parser`), `limit`, and `multipart`.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Ensure your project runs on Node.js v0.10.0 or higher. For modern applications, consider migrating to Express.js, which builds upon Connect and offers broader compatibility.","message":"Connect v3.x dropped support for Node.js versions prior to 0.10.x. Newer Node.js features may not be fully leveraged or supported in this older framework version.","severity":"breaking","affected_versions":">=3.0.0"},{"fix":"Migrate to `node-basic-auth` or an alternative authentication middleware for new projects or when updating existing ones.","message":"The `basic-auth` middleware was deprecated in Connect v3.x. While not removed, new development or bug reports are no longer accepted for it.","severity":"deprecated","affected_versions":">=3.0.0"},{"fix":"Always audit third-party middleware for known vulnerabilities and ensure they are actively maintained. Consider using comprehensive frameworks like Express.js that incorporate many best practices and security features by default.","message":"As a framework focused on minimalism, Connect does not inherently include protections against all web vulnerabilities. Middleware used with Connect, especially older or unmaintained ones, may introduce security risks such as XSS or ReDoS if not carefully chosen and configured.","severity":"gotcha","affected_versions":"*"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure you are initializing your application correctly: `const connect = require('connect'); const app = connect();`","cause":"`connect()` was not called to create the application instance, or `app` is not the result of `connect()`.","error":"TypeError: app.use is not a function"},{"fix":"Install the missing middleware via npm (e.g., `npm install body-parser`) and then `require()` it in your application code.","cause":"A middleware (e.g., `body-parser`, `compression`, `cookie-session`) is used without being explicitly installed and required. Connect v3.x externalized most middleware.","error":"Error: Cannot find module 'body-parser'"},{"fix":"Review your middleware chain. Ensure that only one middleware sends the final response or that `next()` is not called after `res.end()`. Place `next(error)` calls appropriately for error handling.","cause":"This common HTTP error occurs when a response is attempted to be sent or modified after `res.end()`, `res.send()`, or `res.json()` has already been called in a preceding middleware or the current one.","error":"Error: Can't set headers after they are sent."}],"ecosystem":"npm"}