{"id":18356,"library":"express-sanitizer","title":"express-sanitizer","description":"Express middleware for sanitizing user input using the Caja-HTML-Sanitizer (Google Caja sanitizer) to mitigate persistent XSS risks. Version 1.0.6 is available on npm. The package has been in maintenance mode since 2021; its core dependency (sanitizer) has not been updated in years. It adds a `req.sanitize()` method to Express request objects. Compared to alternatives like express-validator, this library is minimal but unmaintained and should be avoided in new projects.","status":"maintenance","version":"1.0.6","language":"javascript","source_language":"en","source_url":"git://github.com/markau/express-sanitizer","tags":["javascript","express","sanitize","sanitization","xss"],"install":[{"cmd":"npm install express-sanitizer","lang":"bash","label":"npm"},{"cmd":"yarn add express-sanitizer","lang":"bash","label":"yarn"},{"cmd":"pnpm add express-sanitizer","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Provides the HTML sanitization logic; wraps Google Caja sanitizer","package":"sanitizer","optional":false}],"imports":[{"note":"This package does not ship ESM. Use CommonJS require to avoid errors.","wrong":"import expressSanitizer from 'express-sanitizer';","symbol":"expressSanitizer","correct":"const expressSanitizer = require('express-sanitizer');"},{"note":"The middleware must be called as a function (expressSanitizer()) to attach the sanitize method.","wrong":"app.use(expressSanitizer); (missing invocation)","symbol":"req.sanitize","correct":"app.use(expressSanitizer()); … req.sanitize(input)"},{"note":"You can use the underlying sanitizer package directly, but it has the same maintenance issues.","wrong":"","symbol":"sanitizer","correct":"const sanitizer = require('sanitizer');"}],"quickstart":{"code":"const express = require('express');\nconst expressSanitizer = require('express-sanitizer');\n\nconst app = express();\napp.use(express.json());\napp.use(expressSanitizer());\n\napp.post('/sanitize', (req, res) => {\n  const sanitized = req.sanitize(req.body.input);\n  res.json({ sanitized });\n});\n\napp.listen(3000);","lang":"javascript","description":"Demonstrates setting up Express with express-sanitizer middleware and sanitizing a POST body property."},"warnings":[{"fix":"Migrate to a maintained alternative like express-validator or DOMPurify for server-side sanitization.","message":"The core dependency (sanitizer) has not been updated in 5 years and is considered abandonware.","severity":"deprecated","affected_versions":">=1.0.0"},{"fix":"Ensure you call it: app.use(expressSanitizer());","message":"The expressSanitizer middleware must be invoked as a function (expressSanitizer()). If you pass the function reference without calling it, req.sanitize will not exist.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Combine with express-validator or another validation library for comprehensive input handling.","message":"This package only provides basic string sanitization via req.sanitize(). It does not validate input types or provide rich validation like express-validator.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Use require('express-sanitizer') instead of import.","cause":"The import statement uses ES module syntax (import) with a CommonJS-only package.","error":"TypeError: expressSanitizer is not a function"},{"fix":"Call the module as a function: app.use(expressSanitizer());","cause":"The middleware was either not used, or it was used incorrectly (e.g., app.use(expressSanitizer) instead of app.use(expressSanitizer())).","error":"TypeError: req.sanitize is not a function"},{"fix":"Run npm install or explicitly add 'sanitizer' to your package.json.","cause":"The dependency 'sanitizer' is missing or not installed. This can happen if express-sanitizer is installed without its dependencies (e.g., using --no-optional or in a lockfile mismatch).","error":"Cannot find module 'sanitizer'"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}