{"id":18417,"library":"hide-powered-by","title":"hide-powered-by","description":"Simple middleware to remove or spoof the X-Powered-By HTTP header. Version 1.1.0 is stable with minimal maintenance. Part of the Helmet.js security middleware family. Differentiates from alternatives by allowing custom header values to mislead attackers. Removing X-Powered-By only obfuscates the framework and is not a strong security measure.","status":"active","version":"1.1.0","language":"javascript","source_language":"en","source_url":"git://github.com/helmetjs/hide-powered-by","tags":["javascript","helmet","security","express","connect","x-powered-by","powered-by","typescript"],"install":[{"cmd":"npm install hide-powered-by","lang":"bash","label":"npm"},{"cmd":"yarn add hide-powered-by","lang":"bash","label":"yarn"},{"cmd":"pnpm add hide-powered-by","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"ESM import is preferred; CommonJS require also works in CJS environments.","wrong":"const hidePoweredBy = require('hide-powered-by')","symbol":"hidePoweredBy","correct":"import hidePoweredBy from 'hide-powered-by'"},{"note":"The package exports a single default function, not a named export.","wrong":"import { hidePoweredBy } from 'hide-powered-by'","symbol":"hidePoweredBy","correct":"const hidePoweredBy = require('hide-powered-by')"},{"note":"This is a TypeScript type export; use import type or skip if not using TS.","wrong":"import { HidePoweredByOptions } from 'hide-powered-by'","symbol":"HidePoweredByOptions","correct":"import type { HidePoweredByOptions } from 'hide-powered-by'"}],"quickstart":{"code":"import express from 'express';\nimport hidePoweredBy from 'hide-powered-by';\n\nconst app = express();\n\n// Remove X-Powered-By header\napp.use(hidePoweredBy());\n\n// Or set to a custom value\napp.use(hidePoweredBy({ setTo: 'PHP 4.2.0' }));\n\napp.get('/', (req, res) => {\n  res.send('Hello World!');\n});\n\napp.listen(3000, () => console.log('Server running on port 3000'));","lang":"typescript","description":"Demonstrates how to use hide-powered-by middleware with Express to remove or spoof the X-Powered-By header."},"warnings":[{"fix":"Consider additional security headers like Helmet's other middleware.","message":"Removing X-Powered-By is not a strong security measure; it only obfuscates the framework.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use app.disable('x-powered-by') for Express apps.","message":"If using Express, you can simply use app.disable('x-powered-by') instead of this middleware.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"If you want to remove the header entirely, ensure your framework supports removing headers.","message":"The middleware sets the header to '' (empty string) by default, which may still expose the header.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"npm install hide-powered-by","cause":"Package not installed","error":"Cannot find module 'hide-powered-by'"},{"fix":"Change import to `import hidePoweredBy from 'hide-powered-by'` or `const hidePoweredBy = require('hide-powered-by')`","cause":"Incorrect import: using named import instead of default","error":"TypeError: hidePoweredBy is not a function"},{"fix":"Use typed options: `import type { HidePoweredByOptions } from 'hide-powered-by'` and pass options as `HidePoweredByOptions`.","cause":"TypeScript type mismatch","error":"Property 'setTo' does not exist on type '{ setTo?: string | undefined; }'"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}