{"id":16686,"library":"simple-auth-basic","title":"Basic HTTP Authentication Parser","description":"simple-auth-basic is a lightweight Node.js module designed for parsing HTTP Basic Authorization headers. It extracts the username and password from the 'Authorization' header in an incoming request or a raw header string, returning an object with `name` and `pass` properties. If the header is invalid or missing, it returns `undefined`. The current stable version is 2.0.8. As a focused utility for a well-established standard, its release cadence is generally slow, primarily for maintenance and compatibility updates rather than new features. Its key differentiator is its simplicity and singular focus on parsing the header, leaving credential validation to the application logic, often paired with a timing-safe string comparison library like `tsscmp` for security.","status":"maintenance","version":"2.0.8","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","basic","auth","authorization","authbasic"],"install":[{"cmd":"npm install simple-auth-basic","lang":"bash","label":"npm"},{"cmd":"yarn add simple-auth-basic","lang":"bash","label":"yarn"},{"cmd":"pnpm add simple-auth-basic","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"While the README shows CJS `require()`, modern Node.js applications should prefer ESM `import`. This package should be compatible with both.","wrong":"const auth = require('simple-auth-basic')","symbol":"auth","correct":"import auth from 'simple-auth-basic'"},{"note":"The `parse` function is a method on the default export, not a named export itself.","wrong":"import { parse } from 'simple-auth-basic'","symbol":"auth.parse","correct":"import auth from 'simple-auth-basic'; auth.parse(headerString)"}],"quickstart":{"code":"import http from 'http';\nimport auth from 'simple-auth-basic';\nimport compare from 'tsscmp'; // Often used for timing-safe comparisons\n\nconst server = http.createServer((req, res) => {\n  const credentials = auth(req);\n\n  // Basic function to validate credentials (against a user store in real apps)\n  function check (name, pass) {\n    let valid = true;\n    // Using tsscmp to prevent timing attacks\n    valid = compare(name, 'john') && valid;\n    valid = compare(compare(pass, 'secret') && valid);\n    return valid;\n  }\n\n  if (!credentials || !check(credentials.name, credentials.pass)) {\n    res.statusCode = 401;\n    res.setHeader('WWW-Authenticate', 'Basic realm=\"Secure Area\"');\n    res.end('Access denied');\n  } else {\n    res.end(`Welcome, ${credentials.name}! Access granted.`);\n  }\n});\n\nconst port = 3000;\nserver.listen(port, () => {\n  console.log(`Server listening on http://localhost:${port}`);\n  console.log('Try accessing with \"john:secret\" basic auth.');\n});","lang":"javascript","description":"Demonstrates setting up a basic Node.js HTTP server that uses simple-auth-basic to parse Authorization headers and perform credential validation. It includes an example of using `tsscmp` for secure password comparison."},"warnings":[{"fix":"Always use a timing-safe string comparison library (e.g., `tsscmp`) when validating user-provided passwords against stored credentials to mitigate timing attacks.","message":"This module only parses the Basic Authorization header. It does not perform any credential validation or database lookups. Developers must implement their own logic for checking usernames and passwords, preferably using timing-safe comparison methods to prevent timing attacks.","severity":"gotcha","affected_versions":">=0.8"},{"fix":"For raw strings, use `auth.parse(headerString)`. For Node.js `IncomingMessage` objects, use `auth(req)`.","message":"The `auth(req)` function expects a standard Node.js HTTP request object. When parsing a header string from other sources (e.g., a custom proxy header or a non-Node.js environment), use `auth.parse(string)` instead.","severity":"gotcha","affected_versions":">=0.8"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure `auth` is imported correctly as a default export (`import auth from 'simple-auth-basic'`) and that `auth` is called with a request object (`auth(req)`). For string parsing, use `auth.parse(headerString)`.","cause":"Attempting to call `auth` directly on a string instead of a request object, or attempting to call `auth.parse` before `auth` is imported correctly.","error":"TypeError: auth is not a function"},{"fix":"Replace `const auth = require('simple-auth-basic')` with `import auth from 'simple-auth-basic'`.","cause":"Using CommonJS `require()` syntax in an ESM project (e.g., `\"type\": \"module\"` in package.json or `.mjs` files).","error":"ReferenceError: require is not defined in ES module scope"}],"ecosystem":"npm"}