{"id":17042,"library":"nocache","title":"Nocache Middleware","description":"The `nocache` package is an Express/Connect middleware designed to aggressively disable client-side caching by setting specific HTTP response headers. It is currently at stable version 4.0.0. As a component of the Helmet.js suite, its release cadence is generally tied to Helmet's, focusing on stability and security rather than frequent feature additions, with major version updates typically aligning with Node.js EOLs or significant breaking changes. Its primary differentiator is its simplicity and integration within the broader Helmet.js ecosystem, providing a straightforward, opinionated way to ensure clients always request fresh resources. This is crucial for applications sensitive to stale data, enforcing immediate updates, or handling sensitive information that should never reside in a browser cache. It effectively sets `Cache-Control`, `Expires`, and `Surrogate-Control` headers.","status":"active","version":"4.0.0","language":"javascript","source_language":"en","source_url":"git://github.com/helmetjs/nocache","tags":["javascript","express","connect","nocache","caching","cache","typescript"],"install":[{"cmd":"npm install nocache","lang":"bash","label":"npm"},{"cmd":"yarn add nocache","lang":"bash","label":"yarn"},{"cmd":"pnpm add nocache","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The `nocache` export is a function that returns the middleware. It must be called (`nocache()`) before being passed to `app.use()`.","wrong":"const nocache = require('nocache'); // CommonJS is still supported but ESM is preferred in modern applications.","symbol":"nocache","correct":"import nocache from 'nocache';"},{"note":"For CommonJS environments, `require` is the standard way to import. Ensure you still call it as a function: `app.use(nocache());`.","wrong":"import nocache from 'nocache'; // While possible, for CJS-only projects, 'require' is the correct syntax.","symbol":"nocache","correct":"const nocache = require('nocache');"}],"quickstart":{"code":"import express from 'express';\nimport nocache from 'nocache';\n\nconst app = express();\nconst port = process.env.PORT ?? 3000;\n\n// Apply the nocache middleware globally to all routes.\n// This ensures that all responses from this server attempt to disable client-side caching.\napp.use(nocache());\n\napp.get('/', (req, res) => {\n  res.send('<h1>Welcome!</h1><p>This content should not be cached by your browser.</p>');\n});\n\napp.get('/api/data', (req, res) => {\n  // Even API endpoints will have caching headers applied, forcing fresh requests.\n  res.json({ message: 'Dynamic data from API', timestamp: new Date().toISOString() });\n});\n\napp.listen(port, () => {\n  console.log(`Nocache server listening on port ${port}`);\n  console.log('Inspect network requests in your browser to see Cache-Control, Expires, and Surrogate-Control headers set to disable caching.');\n});","lang":"typescript","description":"Demonstrates how to initialize an Express application and apply the `nocache` middleware globally, ensuring all HTTP responses include headers designed to disable client-side caching."},"warnings":[{"fix":"Upgrade your Node.js environment to version 16.0.0 or higher to ensure compatibility and access the latest features and security updates.","message":"Version 4.0.0 of `nocache` updated its minimum Node.js engine requirement to `>=16.0.0`. Older Node.js versions are not officially supported and may encounter issues.","severity":"breaking","affected_versions":">=4.0.0"},{"fix":"Carefully consider where `nocache` is applied. For static assets or content that changes infrequently, consider applying `nocache` only to specific routes (e.g., `app.get('/admin', nocache(), ...)`) or using more granular cache control strategies.","message":"Applying `nocache` globally to an Express application can have significant performance implications for your users and server. By disabling all client-side caching, every asset (HTML, CSS, JS, images) must be re-downloaded on each request, increasing network traffic and server load.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Review the order of middleware in your application and the configuration of your web server/proxy. Ensure `nocache` is applied at a point where its headers will not be overridden by subsequent processes if you intend for it to be the authoritative cache control mechanism.","message":"The `nocache` middleware sets specific HTTP headers (`Cache-Control`, `Expires`, `Surrogate-Control`). If other middleware, your web server (e.g., Nginx, Apache), or a reverse proxy also manipulates caching headers, there might be conflicts or unintended behavior where `nocache`'s headers are overwritten or fail to take effect as expected.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"The `nocache` export is a factory function that returns the actual middleware. You must call it, even with no arguments, before passing its result to `app.use()`: `app.use(nocache());`.","cause":"This error typically occurs when `nocache` is passed directly to `app.use()` without being called as a function, e.g., `app.use(nocache);`.","error":"TypeError: nocache is not a function"}],"ecosystem":"npm","meta_description":null}