{"id":16724,"library":"express-auth-middle","title":"Express Basic and X-Auth Middleware","description":"express-auth-middle is an authentication middleware for Express.js applications, offering support for both standard HTTP Basic Authentication and a custom `X-Auth` header scheme. Written in TypeScript, it provides type safety and integrates cleanly into Express applications. The current stable version is 1.1.2, with the last publish occurring approximately three years ago, suggesting a maintenance-level release cadence rather than active feature development. Key differentiators include its dual-method authentication approach (allowing either basic or x-auth, or both), the ability to define custom credentials, and an optional `challenge` flag to prompt clients for credentials via the `WWW-Authenticate` header. It is designed for straightforward integration into existing Express middleware chains.","status":"maintenance","version":"1.1.2","language":"javascript","source_language":"en","source_url":"https://github.com/johndcarmichael/express-auth-middle","tags":["javascript","express","authentication middleware","basic auth","x-auth"],"install":[{"cmd":"npm install express-auth-middle","lang":"bash","label":"npm"},{"cmd":"yarn add express-auth-middle","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-auth-middle","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required as a peer dependency for the middleware to function within an Express application. The package itself is not a direct dependency but expects an Express app to be provided.","package":"express","optional":false}],"imports":[{"note":"The primary middleware function is exported as a default export. Attempting to use named imports or CommonJS `require` directly will result in errors in modern ESM environments.","wrong":"import { authMiddleWare } from 'express-auth-middle';\nconst authMiddleWare = require('express-auth-middle');","symbol":"authMiddleWare","correct":"import authMiddleWare from 'express-auth-middle';"},{"note":"For type-checking with TypeScript, import `AuthOptions` as a type. This specifies the configuration object for the middleware, including methods and credentials.","wrong":"import { AuthOptions } from 'express-auth-middle';","symbol":"AuthOptions","correct":"import type { AuthOptions } from 'express-auth-middle';"}],"quickstart":{"code":"import express from 'express';\nimport authMiddleWare from 'express-auth-middle';\n\nconst app = express();\nconst PORT = process.env.PORT || 3000;\n\n// Dummy configuration for demonstration. In production, use environment variables.\nconst config = {\n  xAuthorisationKey: process.env.X_AUTH_KEY || 'your_secret_x_auth_key',\n  basicAuthUname: process.env.BASIC_AUTH_USERNAME || 'admin',\n  basicAuthPword: process.env.BASIC_AUTH_PASSWORD || 'password123'\n};\n\n/**\n * Injects routes and authentication middleware into the Express app.\n * This example applies the middleware globally to all subsequent routes.\n */\napp.use(authMiddleWare({\n  methods: ['x-auth', 'basic-auth'], // Enable both X-Auth and Basic Auth\n  credentials: {\n    xAuthorisationKey: config.xAuthorisationKey,\n    basicAuthUname: config.basicAuthUname,\n    basicAuthPword: config.basicAuthPword\n  },\n  challenge: 'Protected Area' // Prompts client for credentials if none are provided\n}));\n\n// Example protected route\napp.get('/api/protected', (req, res) => {\n  res.send('Welcome to the protected area!');\n});\n\n// Catch-all for unhandled routes\napp.use((req, res) => {\n  res.status(404).send('Not Found');\n});\n\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('Test with curl:');\n  console.log(`  curl -H \"X-Auth: ${config.xAuthorisationKey}\" http://localhost:${PORT}/api/protected`);\n  console.log(`  curl -H \"Authorization: Basic ${Buffer.from(`${config.basicAuthUname}:${config.basicAuthPword}`).toString('base64')}\" http://localhost:${PORT}/api/protected`);\n});\n","lang":"typescript","description":"This quickstart demonstrates how to initialize `express-auth-middle` to secure all routes using both X-Auth and Basic Authentication methods, and provides example `curl` commands."},"warnings":[{"fix":"Store `basicAuthUname`, `basicAuthPword`, and `xAuthorisationKey` securely in environment variables (e.g., using `dotenv`) and never hardcode them in your application code or commit them to version control.","message":"The `credentials` object expects raw, unhashed authentication values (e.g., plain text passwords for Basic Auth, or the exact X-Auth key). This middleware does not perform hashing internally. It is crucial to manage these credentials securely, ideally through environment variables or a secure configuration management system.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure you are using `import authMiddleWare from 'express-auth-middle';` in an ESM-enabled project (e.g., `\"type\": \"module\"` in `package.json`). For older CommonJS projects, you might need a transpilation step or a different middleware.","message":"As of version 1.0.0, the package primarily supports ESM (`import/export`) syntax, making direct `require()` calls problematic in many modern Node.js setups without specific configuration. If you encounter 'TypeError: authMiddleWare is not a function' or 'Cannot read property 'default' of undefined', it's likely an import issue.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Always ensure that the credentials required by the `methods` specified in the middleware options are fully and correctly provided in the `credentials` object.","message":"Incorrectly configuring the `methods` array (e.g., including 'basic-auth' but not providing `basicAuthUname` or `basicAuthPword`) will lead to authentication failures where those methods are expected, or potentially unexpected fallback behavior.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Periodically audit your dependencies and consider if a more actively maintained authentication solution is necessary for long-term security. Monitor the project's GitHub for any security advisories.","message":"The package has not been updated in over three years (as of early 2026). For a security-critical component like authentication middleware, this lack of active maintenance could pose risks if new vulnerabilities are discovered in its dependencies or implementation that are not addressed.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure your project is configured for ESM and use `import authMiddleWare from 'express-auth-middle';`. If using CommonJS, explicit handling of default exports (e.g., `require('express-auth-middle').default`) might be needed, but migrating to ESM is recommended.","cause":"Attempting to import the default export from `express-auth-middle` incorrectly in an environment that expects CommonJS or specific Babel transpilation behavior.","error":"TypeError: (0 , express_auth_middle_1.default) is not a function"},{"fix":"Verify that the `xAuthorisationKey`, `basicAuthUname`, and `basicAuthPword` in your middleware configuration exactly match the values sent by the client. Check for typos, incorrect encoding for Basic Auth, or missing headers.","cause":"The client did not provide valid authentication credentials (either X-Auth header or Basic Auth header) as configured by the middleware, or the provided credentials did not match.","error":"Error: Unauthorized"},{"fix":"Run `npm install express-auth-middle` or `yarn add express-auth-middle`. If already installed, check your `tsconfig.json` paths or module resolution settings if using TypeScript.","cause":"The `express-auth-middle` package is not installed or the import path is incorrect.","error":"Cannot find module 'express-auth-middle'"}],"ecosystem":"npm"}