{"id":18330,"library":"express-cors","title":"express-cors","description":"A lightweight middleware for Express.js (versions 0.x to 3.x) that enables Cross-Origin Resource Sharing (CORS) by adding appropriate HTTP headers. Version 0.0.3 is the latest and final release; the package has been abandoned in favor of the more popular 'cors' package. It allows configuration of allowed origins with flexible patterns (including scheme, subdomain, and port wildcards), as well as custom methods, headers, and max age. No longer maintained and incompatible with Express 4+ due to internal API changes and missing CORS preflight handling for non-simple requests.","status":"abandoned","version":"0.0.3","language":"javascript","source_language":"en","source_url":null,"tags":["javascript"],"install":[{"cmd":"npm install express-cors","lang":"bash","label":"npm"},{"cmd":"yarn add express-cors","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-cors","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only and does not support ES modules.","wrong":"import cors from 'express-cors'","symbol":"default","correct":"const cors = require('express-cors')"},{"note":"Module exports the middleware function directly; there is no default export.","wrong":"require('express-cors').default","symbol":"cors function","correct":"require('express-cors')"},{"note":"No named exports; only the function itself is exported.","wrong":"const { cors } = require('express-cors')","symbol":"default","correct":"const cors = require('express-cors')"}],"quickstart":{"code":"const express = require('express');\nconst cors = require('express-cors');\n\nconst app = express();\n\napp.use(cors({\n  allowedOrigins: ['example.com', '*.example.com'],\n  methods: ['GET', 'POST'],\n  headers: ['Content-Type', 'Authorization'],\n  maxAge: 3600\n}));\n\napp.get('/', (req, res) => {\n  res.send('Hello World!');\n});\n\napp.listen(3000, () => console.log('Server running on port 3000'));","lang":"javascript","description":"Set up Express middleware to allow CORS from example.com and subdomains, with custom methods and headers."},"warnings":[{"fix":"Replace with 'cors' package: npm uninstall express-cors && npm install cors","message":"express-cors is deprecated and no longer maintained. Use the cors package instead.","severity":"deprecated","affected_versions":">=0.0.0"},{"fix":"Migrate to cors package which supports Express 4+.","message":"express-cors does not support Express 4+; it relies on deprecated Express 3.x internal APIs (e.g., res.setHeader instead of res.set) and may cause errors.","severity":"breaking","affected_versions":">=0.0.0"},{"fix":"Add a separate OPTIONS route or use cors package which handles preflight automatically.","message":"express-cors does not handle non-simple CORS requests (preflight) automatically; the OPTIONS method must be explicitly handled.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Use '*' as an origin string if needed, but note that this package's pattern matching may behave unexpectedly.","message":"The allowedOrigins option does not support a boolean 'true' to allow any origin; each origin must be explicitly listed.","severity":"gotcha","affected_versions":">=0.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use require('express-cors') instead: const cors = require('express-cors');","cause":"Using ES module import (import cors from 'express-cors') with a CommonJS-only package.","error":"cors is not defined"},{"fix":"Ensure you pass the options object to cors(): app.use(cors({ ... }))","cause":"Passing incorrect configuration object or forgetting to call cors() as a function.","error":"TypeError: app.use() requires a middleware function"},{"fix":"Run: npm install express-cors","cause":"Package not installed or missing in node_modules.","error":"Cannot find module 'express-cors'"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}