{"id":18832,"library":"stripe-webhook-middleware","title":"stripe-webhook-middleware","description":"Node.js Express middleware for validating incoming Stripe webhook events. Stable version 0.2.0, low release cadence. Differentiates by simple integration, but lacks signature verification (only validates event type), making it insecure for production use. Alternatives like @stripe/stripe-node provide proper signature verification. Only supports event validation; no email templates or callbacks yet.","status":"maintenance","version":"0.2.0","language":"javascript","source_language":"en","source_url":"https://github.com/eddywashere/stripe-webhook-middleware","tags":["javascript","stripe","payment","middleware","express","connect"],"install":[{"cmd":"npm install stripe-webhook-middleware","lang":"bash","label":"npm"},{"cmd":"yarn add stripe-webhook-middleware","lang":"bash","label":"yarn"},{"cmd":"pnpm add stripe-webhook-middleware","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"CJS only; not ESM-compatible.","wrong":"import stripeMiddleware from 'stripe-webhook-middleware'","symbol":"default","correct":"const stripeMiddleware = require('stripe-webhook-middleware')"},{"note":"init is exported as a function; destructuring works but calling stripeMiddleware.init is also valid.","wrong":"const stripeMiddleware = require('stripe-webhook-middleware'); stripeMiddleware.init(app, opts)","symbol":"init","correct":"const { init } = require('stripe-webhook-middleware')"}],"quickstart":{"code":"const express = require('express');\nconst bodyParser = require('body-parser');\nconst stripeMiddleware = require('stripe-webhook-middleware');\n\nconst app = express();\napp.use(bodyParser.json());\napp.use(bodyParser.urlencoded({ extended: false }));\n\napp.post('/stripe', stripeMiddleware.init(app, {\n  stripeApiKey: process.env.STRIPE_API_KEY ?? ''\n}));\n\napp.listen(3000);","lang":"javascript","description":"Creating an Express endpoint that validates Stripe webhook events using the middleware."},"warnings":[{"fix":"Use @stripe/stripe-node's webhook construction or raw body verification.","message":"No webhook signature verification: only validates event type, not authenticity. Attacker can send fake events.","severity":"gotcha","affected_versions":"<=0.2.0"},{"fix":"Ensure body-parser middleware is added before stripeMiddleware.","message":"Require both body-parser (json and urlencoded) before middleware; otherwise req.body is undefined.","severity":"breaking","affected_versions":"<=0.2.0"},{"fix":"Migrate to modern Stripe SDK or a maintained alternative.","message":"Package has not been updated since 2016; underlying Stripe API events have changed.","severity":"deprecated","affected_versions":"<=0.2.0"}],"env_vars":null,"last_verified":"2026-04-25T00:00:00.000Z","next_check":"2026-07-24T00:00:00.000Z","problems":[{"fix":"Run 'npm install stripe-webhook-middleware' and verify package.json.","cause":"Package not installed or typo in package name.","error":"Cannot find module 'stripe-webhook-middleware'"},{"fix":"Add bodyParser.json() and bodyParser.urlencoded() calls before stripe middleware.","cause":"body-parser not applied before middleware; req.body is undefined.","error":"TypeError: Cannot read properties of undefined (reading 'forEach')"},{"fix":"Use `const stripeMiddleware = require('stripe-webhook-middleware')` and call `stripeMiddleware.init(app, opts)`.","cause":"Incorrect import: trying to call default export as function but it's an object with init property.","error":"stripeMiddleware.init is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}