express-sanitizer
raw JSON → 1.0.6 verified Sat Apr 25 auth: no javascript maintenance
Express middleware for sanitizing user input using the Caja-HTML-Sanitizer (Google Caja sanitizer) to mitigate persistent XSS risks. Version 1.0.6 is available on npm. The package has been in maintenance mode since 2021; its core dependency (sanitizer) has not been updated in years. It adds a `req.sanitize()` method to Express request objects. Compared to alternatives like express-validator, this library is minimal but unmaintained and should be avoided in new projects.
Common errors
error TypeError: expressSanitizer is not a function ↓
cause The import statement uses ES module syntax (import) with a CommonJS-only package.
fix
Use require('express-sanitizer') instead of import.
error TypeError: req.sanitize is not a function ↓
cause The middleware was either not used, or it was used incorrectly (e.g., app.use(expressSanitizer) instead of app.use(expressSanitizer())).
fix
Call the module as a function: app.use(expressSanitizer());
error Cannot find module 'sanitizer' ↓
cause The dependency 'sanitizer' is missing or not installed. This can happen if express-sanitizer is installed without its dependencies (e.g., using --no-optional or in a lockfile mismatch).
fix
Run npm install or explicitly add 'sanitizer' to your package.json.
Warnings
deprecated The core dependency (sanitizer) has not been updated in 5 years and is considered abandonware. ↓
fix Migrate to a maintained alternative like express-validator or DOMPurify for server-side sanitization.
gotcha The expressSanitizer middleware must be invoked as a function (expressSanitizer()). If you pass the function reference without calling it, req.sanitize will not exist. ↓
fix Ensure you call it: app.use(expressSanitizer());
gotcha This package only provides basic string sanitization via req.sanitize(). It does not validate input types or provide rich validation like express-validator. ↓
fix Combine with express-validator or another validation library for comprehensive input handling.
Install
npm install express-sanitizer yarn add express-sanitizer pnpm add express-sanitizer Imports
- expressSanitizer wrong
import expressSanitizer from 'express-sanitizer';correctconst expressSanitizer = require('express-sanitizer'); - req.sanitize wrong
app.use(expressSanitizer); (missing invocation)correctapp.use(expressSanitizer()); … req.sanitize(input) - sanitizer
const sanitizer = require('sanitizer');
Quickstart
const express = require('express');
const expressSanitizer = require('express-sanitizer');
const app = express();
app.use(express.json());
app.use(expressSanitizer());
app.post('/sanitize', (req, res) => {
const sanitized = req.sanitize(req.body.input);
res.json({ sanitized });
});
app.listen(3000);