A security-first request parsing, sanitization, and validation layer for Express.js APIs.
This package helps mitigate common attack vectors such as NoSQL injection, prototype pollution, and malicious payload abuse by applying strict validation and deep sanitization at the API boundary.
- 🛡️ NoSQL injection protection (
$ne,$gt, dot-notation abuse) - 🧬 Prototype pollution prevention (
__proto__,constructor) - 🧼 Deep request sanitization with depth & size limits
- 📋 Joi-based schema validation
- 🧹 HTML sanitization for user-generated content
- 🚫 Mass-assignment protection (
stripUnknown) - ⚡ Zero-config, drop-in Express middleware
This package is provided as-is and is intended to be used as an additional defensive security layer, not as a complete security solution.
It does not guarantee protection against all attack vectors and should be used alongside proper authentication, authorization, database validation, and infrastructure-level security controls.
npm install express-secure-input