{"id":17922,"library":"report-to","title":"Express Report-To Middleware","description":"This package provides Express.js middleware for setting the HTTP `Report-To` response header, crucial for client-side error reporting via browser APIs. Currently at version 1.1.0, it appears to be in a maintenance phase with no major updates since 2021. Its primary function is to configure reporting endpoints for various browser features, such as `Content-Security-Policy` (CSP) violation reports, Network Error Logging (NEL), or Intervention Reports. A key differentiator is its focus solely on configuring the `Report-To` header, rather than implementing the reporting mechanisms themselves. This design choice means it requires integration with other modules (e.g., `network-error-logging` for NEL) to make the reporting functional. The module offers a structured way to define report groups, `max_age`, `include_subdomains`, and multiple prioritized endpoints, adhering to the W3C Reporting API specification.","status":"maintenance","version":"1.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/Cherry/report-to","tags":["javascript","connect","express","middleware","report-to","reportTo","typescript"],"install":[{"cmd":"npm install report-to","lang":"bash","label":"npm"},{"cmd":"yarn add report-to","lang":"bash","label":"yarn"},{"cmd":"pnpm add report-to","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The primary export is a default function. While the package supports TypeScript, ESM usage should use a default import.","wrong":"import { reportTo } from 'report-to';","symbol":"reportTo","correct":"import reportTo from 'report-to';"},{"note":"CommonJS environments use `require` to import the default function.","wrong":"const { reportTo } = require('report-to');","symbol":"reportTo","correct":"const reportTo = require('report-to');"},{"note":"TypeScript users can import the `ReportToOptions` interface for type-checking the configuration object.","symbol":"ReportToOptions","correct":"import type { ReportToOptions } from 'report-to';"}],"quickstart":{"code":"import express from 'express';\nimport reportTo from 'report-to';\n\nconst app = express();\n\napp.use(reportTo({\n    groups: [\n\t\t{\n\t\t\tgroup: \"endpoint-1\",\n\t\t\tmax_age: 10886400,\n\t\t\tinclude_subdomains: true,\n\t\t\tendpoints: [\n\t\t\t\t{\n\t\t\t\t\turl: \"https://example.com/reports\",\n\t\t\t\t\tpriority: 1\n\t\t\t\t},\n\t\t\t\t{\n\t\t\t\t\turl: \"https://backup.com/reports\",\n\t\t\t\t\tpriority: 2\n\t\t\t\t}\n\t\t\t]\n\t\t}\n\t]\n}));\n\n// Example of also setting NEL header, which uses the 'endpoint-1' group defined above\napp.use((req, res, next) => {\n  res.setHeader('NEL', '{\"report_to\":\"endpoint-1\",\"max_age\":31536000,\"include_subdomains\":true}');\n  next();\n});\n\napp.get('/', (req, res) => {\n  res.send('Hello with Report-To and NEL headers!');\n});\n\nconst PORT = process.env.PORT || 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on port ${PORT}`);\n});","lang":"typescript","description":"This quickstart demonstrates how to integrate `report-to` middleware into an Express application, defining a reporting group. It also includes an example of how a complementary `NEL` header would be set, referencing the defined reporting endpoint, as the `Report-To` header alone does not trigger reports."},"warnings":[{"fix":"Ensure that additional reporting headers (e.g., `Content-Security-Policy` with `report-to`, `NEL`) are also set in your application, referencing the `group` names defined in your `report-to` middleware configuration.","message":"The `Report-To` header configured by this middleware only defines reporting endpoints. For actual client-side error reporting to occur (e.g., CSP violations, Network Error Logging), you must also set other HTTP response headers (like `Content-Security-Policy-Report-Only` or `NEL`) that reference the defined `Report-To` groups.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Set a `max_age` value in your `Report-To` group configuration that is appropriate for your application's reporting needs, typically several days or weeks (e.g., 2592000 for 30 days) to ensure consistent reporting even across multiple user sessions.","message":"The `max_age` property in your `Report-To` configuration should be sufficiently long to allow browsers to cache the reporting endpoint configuration. Short `max_age` values can lead to unreliable reporting, as browsers might drop the configuration too quickly.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"For ESM: `import reportTo from 'report-to';`. For CommonJS: `const reportTo = require('report-to');`.","cause":"Attempting to use `reportTo` as a named import or without invoking it as a function when requiring it in CommonJS.","error":"TypeError: reportTo is not a function"},{"fix":"Ensure `app.use(reportTo({...}));` is called before sending responses, and verify that the `groups` array in the configuration is correctly structured with `group`, `max_age`, and `endpoints` properties.","cause":"The `report-to` middleware was not applied to the Express app, or the configuration object passed to it was invalid or missing the `groups` array.","error":"HTTP Header 'Report-To' is missing or invalid in browser developer tools"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}