mongodb-sanitize

A lightweight security library (v2.2.0) that sanitizes JavaScript objects to prevent MongoDB query selector injection attacks by stripping or replacing dangerous keys starting with '$' (e.g., $gt, $ne, $where). It provides an Express middleware (sanitizes req.body, req.params, req.query by default) and standalone sanitize/isSanitized functions. Ships with TypeScript definitions, supports both ESM and CJS, and has zero runtime dependencies. Updates are infrequent but stable. Key differentiator: focused solely on MongoDB operator stripping with a simple API, unlike broader sanitization libraries.