{"library":"express-mongo-sanitize","type":"library","category":null,"description":"Express 4.x middleware to sanitize user-supplied data (req.body, req.query, req.params, req.headers) by stripping or replacing MongoDB operator injection characters ($ and .). This package is widely used to prevent NoSQL injection attacks, particularly the $where operator. Version 2.2.0 is stable, typed (TypeScript declarations included), and supports both CommonJS and ESM via Node >=10. Key differentiators: simple drop-in middleware, configurable replaceWith character, allowDots option for nested queries, onSanitize callback, and dry run mode. Alternatives like mongo-sanitize are lower-level; express-mongo-sanitize integrates directly with Express.","language":"javascript","status":"active","version":"2.2.0","tags":["javascript","mongodb","express","middleware","operator","injection","security","typescript"],"last_verified":"Fri Jun 05","install":[{"cmd":"npm install express-mongo-sanitize","imports":["import mongoSanitize from 'express-mongo-sanitize'","import { sanitize } from 'express-mongo-sanitize'","import type { SanitizeOptions } from 'express-mongo-sanitize'"]},{"cmd":"yarn add express-mongo-sanitize","imports":[]},{"cmd":"pnpm add express-mongo-sanitize","imports":[]}],"homepage":"https://github.com/fiznool/express-mongo-sanitize#readme","github":"https://github.com/fiznool/express-mongo-sanitize","docs":null,"changelog":null,"pypi":null,"npm":"express-mongo-sanitize","openapi_spec":null,"status_page":null,"smithery":null,"compatibility":null}