Express Maskdata Middleware

0.1.1 verified Sat May 09 auth: no javascript

Express middleware for masking sensitive data in API responses, built on maskdata. Version 0.1.1 (latest), stable but early stage. Released irregularly. Differentiates by integrating maskdata into Express with simple rule-based configuration for common fields like email, password, phone, SSN, credit card. Supports TypeScript out of the box. Minimal footprint; only dependency is maskdata. Ideal for protecting PII in response bodies without manual transformation.

Common errors

error TypeError: createMaskingMiddleware is not a function ↓

cause Attempting to use default import or wrong named import (e.g., import * as mask).

fix

Use named import: import { createMaskingMiddleware } from 'express-maskdata-middleware'.

error Cannot find module 'express-maskdata-middleware' ↓

cause Package not installed or misspelled.

fix

Run: npm install express-maskdata-middleware --save

error Argument of type '{ emailFields: string[]; }' is not assignable to parameter of type 'MaskingRules' ↓

cause Missing required properties or TypeScript type mismatch; MaskingRules expects all optional fields but error may arise from strict null checks or version mismatch.

fix

Ensure all used fields are defined in the rules object, or use type assertion: createMaskingMiddleware(rules as MaskingRules).

Warnings

gotcha Middleware only masks JSON responses. Non-JSON responses (e.g., XML, HTML) are not transformed. ↓

fix Use express.json() and ensure res.json() is used for responses you want masked.

gotcha Field names in maskingRules must match exact keys in the response object; nested field paths are not supported (e.g., 'user.email' will not match). ↓

fix Flatten or preprocess nested objects, or use maskdata directly for complex structures.

gotcha The middleware does not mask arrays of objects; only top-level fields and objects at root or immediate children are processed. ↓

fix Implement custom masking for arrays if needed, or ensure array elements are processed individually.

gotcha package name is misspelled 'express-maskdata-middleware' but actual npm package is 'express-maskdata-middleware' (both correct here; warning for future readers). ↓

fix Use the exact npm name: `express-maskdata-middleware`.

Install

npm install express-maskdata-middleware

yarn add express-maskdata-middleware

pnpm add express-maskdata-middleware

Imports

createMaskingMiddleware

wrong

const { createMaskingMiddleware } = require('express-maskdata-middleware')

correct

import { createMaskingMiddleware } from 'express-maskdata-middleware'

Package exports ESM. For CJS use dynamic import or check compatibility; named export only.

MaskingRules

wrong

import { MaskingRules } from 'express-maskdata-middleware'

correct

import type { MaskingRules } from 'express-maskdata-middleware'

MaskingRules is exported as a TypeScript type, not a value. Use type import to avoid runtime errors.

default import
wrong
```
import * as expressMaskDataMiddleware from 'express-maskdata-middleware'
```
correct
```
import expressMaskDataMiddleware from 'express-maskdata-middleware'
```
Package has no default export; only named export createMaskingMiddleware is available. This default import will fail at runtime.

Quickstart

Initializes an Express app, creates masking middleware with rules for email and password, and applies to all routes. The /user endpoint returns JSON with sensitive fields automatically masked.

import express from 'express';
import { createMaskingMiddleware } from 'express-maskdata-middleware';

const app = express();

const maskingRules = {
  emailFields: ['email'],
  passwordFields: ['password'],
  phoneFields: ['phoneNumber'],
  ssnFields: ['ssn'],
  cardFields: ['creditCard'],
};

app.use(createMaskingMiddleware(maskingRules));

app.get('/user', (req, res) => {
  res.json({
    email: 'user@example.com',
    password: 'supersecretpassword',
    username: 'testuser',
  });
});

app.listen(3000, () => console.log('Server running on port 3000'));