{"library":"csrf-csrf","type":"library","category":null,"description":"csrf-csrf is a utility package designed to provide stateless Cross-Site Request Forgery (CSRF) protection for Express applications, implementing the Double Submit Cookie Pattern. Currently at version 4.0.3, it offers a robust alternative to the deprecated `csurf` library, aiming for a simpler and more explicit configuration. Unlike session-based CSRF protection mechanisms like `csrf-sync` (which uses the Synchronizer Token Pattern), `csrf-csrf` is suited for stateless architectures, making it a distinct choice for specific application designs. The library ships with comprehensive TypeScript types (requiring TypeScript >= 3.8) and emphasizes clear implementation guidance to prevent common misconfigurations that can render CSRF protection ineffective. Development is active, with a recent major version release bringing breaking changes and improvements, and it explicitly recommends consulting upgrade guides for migration.","language":"javascript","status":"active","version":"4.0.3","tags":["javascript","csrf","middleware","express","tokens","typescript"],"last_verified":"Wed May 27","install":[{"cmd":"npm install csrf-csrf","imports":["import { doubleCsrf } from 'csrf-csrf';","import type { DoubleCsrfConfigOptions } from 'csrf-csrf';","import type { CsrfRequest } from 'csrf-csrf';"]},{"cmd":"yarn add csrf-csrf","imports":[]},{"cmd":"pnpm add csrf-csrf","imports":[]}],"homepage":null,"github":"https://github.com/Psifi-Solutions/csrf-csrf","docs":null,"changelog":null,"pypi":null,"npm":"https://www.npmjs.com/package/csrf-csrf","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":{"summary":{"python_range":"18–22","success_rate":0,"avg_install_s":null,"avg_import_s":null,"wheel_type":null},"url":"https://checklist.day/v1/registry/csrf-csrf/compatibility"}}