{"id":18326,"library":"express-basic-auth-v2","title":"express-basic-auth","description":"Simple plug-and-play HTTP basic auth middleware for Express. Stable version 1.2.2, occasionally updated. Minimal configuration with static users or custom authorizer functions. Provides timing-attack-safe comparison via safeCompare. Supports synchronous and asynchronous authorization. TypeScript-compatible via included types. Lightweight alternative to passport or express-basic-auth (note: this is a fork).","status":"active","version":"1.2.2","language":"javascript","source_language":"en","source_url":"https://github.com/nagulan51/express-basic-auth","tags":["javascript","express","middleware","basic","auth","authentication","http","typescript"],"install":[{"cmd":"npm install express-basic-auth-v2","lang":"bash","label":"npm"},{"cmd":"yarn add express-basic-auth-v2","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-basic-auth-v2","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Required peer dependency; middleware is designed to work with Express applications.","package":"express","optional":false}],"imports":[{"note":"Default import in ESM; CJS require also works. Package does not export named exports besides safeCompare.","wrong":"const basicAuth = require('express-basic-auth')","symbol":"default","correct":"import basicAuth from 'express-basic-auth'"},{"note":"safeCompare is a named export; accessible via destructured import or via basicAuth.safeCompare.","wrong":"const { safeCompare } = require('express-basic-auth')","symbol":"safeCompare (named export)","correct":"import basicAuth, { safeCompare } from 'express-basic-auth'"},{"note":"TypeScript type import for async authorizer callback signature. Only available when using ESM.","wrong":null,"symbol":"basicAuth.AuthorizedResponseCallback","correct":"import type { AuthorizedResponseCallback } from 'express-basic-auth'"}],"quickstart":{"code":"import express from 'express';\nimport basicAuth from 'express-basic-auth';\nconst app = express();\napp.use(basicAuth({\n    users: { 'admin': 'supersecret' },\n    challenge: true\n}));\napp.get('/', (req, res) => {\n    console.log(req.auth.user);\n    res.send('Hello Authenticated!');\n});\napp.listen(3000);","lang":"typescript","description":"Sets up basic auth middleware with static users, enables challenge response, and logs authenticated user."},"warnings":[{"fix":"Use safeCompare(userInput, secret) instead of safeCompare(secret, userInput).","message":"safeCompare should always receive user input as first argument to prevent timing attacks.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Add { authorizeAsync: true } to the options object when providing an async authorizer.","message":"When using custom authorizer with async, you must pass authorizeAsync: true in options.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Access `req.auth` only after ensuring the request passed authorization, or filter later.","message":"The middleware adds `req.auth` even for unauthorized requests; check authorization status separately.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Set challenge: true in options to send WWW-Authenticate header triggering browser prompt.","message":"Default response body for 401 is empty; clients may not display a prompt without challenge option.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Use 'express-basic-auth' from npm for original package; this package is a fork.","message":"Package name 'express-basic-auth-v2' may be confused with original 'express-basic-auth' by LionC.","severity":"deprecated","affected_versions":">=0.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Add { users: { ... } } or { authorizer: myFunction } to the options.","cause":"Missing required option 'users' or 'authorizer' in options object.","error":"Error: No users or authorizer function specified"},{"fix":"Use import basicAuth from 'express-basic-auth' or const basicAuth = require('express-basic-auth').","cause":"Improper import: using named import instead of default import.","error":"TypeError: basicAuth is not a function"},{"fix":"Ensure the authorizer option is a function (or async function) if provided.","cause":"Passed a non-function as authorizer option.","error":"Error: Authorizer must be a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}