npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@ptkhanh94npm/deleniti-atque-doloribus

v1.0.0

Published

Express 4.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.

Downloads

12

Keywords

package managerconsoleAsyncIteratorcloudtrailexitFunction.prototype.namepruneflatMapfolderinspectlazyspinnerswatcherwordbreakfast-deep-copyfullwgetstartersameValueZerosafeflagsexit-codeestreetoArrayworkspace:*ajaxclassname-0arraysfigletregular expressionlesscssinputnamestaskupmimetypeswalkingbrowseri18nECMAScript 7util.inspectcjkhookstrimRightECMAScript 6argvshrinkwrapbatchcompile lessdeepcloneSetfetchmaketddstringifycharacterpathtrimlookrequesta11ydescriptionnativearraybufferextraprettyairbnbstreams2reduxenvironmentcolumntypesmapreduceBigInt64ArraylibphonenumberUint8ClampedArray_.extendObject.getPrototypeOftoStringTagbuffersfixed-widthlimitedreadablees7JSON-Schemadeepgenericscensorwarningpackage.jsoncloudsearchparsercontainsreact-testing-libraryintrinsicparsinghardlinksutilityerror-handlingbreakjsconfigcodesyupeslintplugindeepcopyrfc4122regexpObservablehookformemrBigUint64ArrayclonehelperscopyresolvefromaccessorObject.definePropertyObject.valuesfseventsemojipropertiesdebuggerES5schemepositivepnpm9proxysqsoptimizervalueslinkInt8ArraystreamsUint8Arrayrm -frawaitmatchesjoidatedeep-clonexterm$.extendfast-deep-cloneECMAScript 2021fullwidthapolloasciigloblength__proto__livegetdataviewmergefind-uptouchurldir256es-shimskoreanreal-timeSymbolbluebirdES2019styled-componentsemittesterArray.prototype.containsformcallequalityescapequerystringcore-jsvestendpointwatchFileoptimistec2unicodermbundlerfast-copydropsideviewmobileagenteventEmitterUint32ArrayObject.iskeysloadbalancinginstabletermenumerablejsxcss-in-jsstyleguidebootstrap cssTypeBoxartchromiumecmascriptESnextstructuredClonegroupdeterministicbrowserlistmetadataexecdatastructurecorelrusetPrototypeOfECMAScript 3fastcloneaccessibilityECMAScript 2023stylesutileslintspinnerArraynopehasreact-hookscachebundlingnodejsconsumeclassnamesio-tsbyteLengthiteratorwindowsapigetoptrobustlimitObject.entriesstyleUint16Array.envfinduptakewebansitypeoftypesafel10nguidlook-upES6Promiseautoprefixerglacierqsbcryptnegative zerofile systemfindLastIndexES2020everyjsdiffbddcall-boundcompilerES2016Array.prototype.flatsettingsArrayBuffer.prototype.slicedependenciesdeletees8promisesRegExp#flagsrmdirdescriptorequalcommand-lineObservablescss lesseventsrestfulquerypicomatchsuperstructhasOwnObject.fromEntrieswidthObject.keyshasOwnPropertycolourcommandermodulesmatchparseastrgbprivate datanpmminimalsyntaxerrortypedarraysstylingStreamMicrosoftmkdirsserializegroupBymochawatchingslotlessinternalcss nestingflattenstdlibgradients cssroutertrimEndchaiterminalpushECMAScript 2017Array.prototype.findLastIndexCSSbootstrap lessdotenvmappersistentcryptFloat64Arraycreatereacttyped arrayauthcommandsigintisawswaitES2021statelessswfFloat32ArrayiebrowserslistfsassertsESRFC-6455s3invarianttextsharedarraybufferamazonCSSStyleDeclarationstatejwttestingserializationlinewrapcollection.es6httpreducerloggingassertionlogexpressionperformantttybyteOffsetsignalsimmerprotobufECMAScript 2019chinesees2018replaysuperagentform-validationgdprremoveless mixinsparentredux-toolkitautoscalingrm -rfelasticacheimportexportshellformssimpledbprivatestoragegatewayrestcloudfrontcurlconcatuuididES2018noderangeerrores2015mimeefficientratelimitWebSocketreducewordwraptrimLeftbindtraverseobjecttapregularless compilersymbolpasswordlisteners@@toStringTagHyBiObject.assignauthenticationebscoercibleprotocol-buffersfull-widthcode pointslanguagequotepreserve-symlinksRxJSless.jsArray.prototype.includesshimpreprocessorroute53encryptionthroatcorsmkdirES3east-asian-widthpostcss-pluginbufferiterationtypeerrordatainferencepropertygetOwnPropertyDescriptorfunctionscomparesetflatcheckcolumnspackageerrortelephoneimmutablepackageselectronsortedmoveES2015onceURLSearchParamsInt32Arraylastincludesreact-hook-formES8getintrinsices-abstractchannelcolorsstringvaluepluginArray.prototype.filterstatusPushhttpscollectionlinuxobjownWeakMapsnsdescriptorsclass-validatorprogressconcatMaplintmime-dbbusyshebangjavascriptcallbindchromekeytoolsECMAScript 2022ES2023phonebeanstalkwritablesignalvariablesdynamodbforEachjsonnumberoffsetweaksetReflect.getPrototypeOfdom-testing-libraryutilitiescharactersInt16ArrayECMAScript 2018writeES2017gradients css3omittypedarrayworkerdebugelmcliopenWebSocketsArray.prototype.findLastclassessearchECMAScript 2020fast-cloneenvarktypedefinePropertycirculardataViewwatchdeep-copyinternal slottypanionworkflowsinatraexpressoperating-systemfpsrdsfilterjapaneseES2022specidlewhichxhrloadingReactiveXmixinsmake dirinstallerhandlerssomevpcruntimeArray.prototype.flatMapString.prototype.matchAllgetPrototypeOfsortes2016eslintconfigtypedMapjQuerytrimStartcomputed-typesRegExp.prototype.flagsreusemrufastifyinstalldefineseshigher-orderawesomesaucees6configurableextendarrayhas-ownSymbol.toStringTagsequenceparentscolorTypeScriptjasminetypestylesheetYAMLmatchAlljsonpathimportstringifiermkdirpassigncall-binddayjspatchrateECMAScript 5testconcurrency[[Prototype]]Array.prototype.flattennegativemomentredactprefixwrapfindLastflagesvalidzerocallboundmacosisConcatSpreadablenested csspipees20170cloudformationappregular expressionsframeworkajvdifflockfileuninstallrecursiveserializerwalktstapepolyfillECMAScript 2015symbolsstreamvalidateshames-shim APIECMAScript 2016outputtoobjectWeakSetless cssStreamsvalidationtoolkitfunctionponyfillString.prototype.trimsymlinkscssES7getteres5weakmapcss variableslicevariables in csscryptoreadablestreamnamespeedtoSortedconnectdependency managerdomdirectorytslibJSONStyleSheet

Readme

Express XSS Sanitizer

Express 4.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.

Build Status Build Status Latest Stable Version License NPM Downloads NPM Downloads

Installation

$ npm install @ptkhanh94npm/deleniti-atque-doloribus

Usage

Add as a piece of express middleware, before defining your routes.

const express = require('express');
const bodyParser = require('body-parser');
const { xss } = require('@ptkhanh94npm/deleniti-atque-doloribus');

const app = express();

app.use(bodyParser.json({limit:'1kb'}));
app.use(bodyParser.urlencoded({extended: true, limit:'1kb'}));
app.use(xss());

You can add options to specify allowed keys or allowed attributes to be skipped at sanitization

const options = {
   allowedKeys: ['name'],
   allowedAttributes: {
         input: ['value'],
   },
}

app.use(xss(options));

You can add options to specify allowed tags to sanitize it and remove other tags

const options = {
   allowedTags: ['h1']
}

app.use(xss(options));

Add as a piece of express middleware, before single route.

const express = require('express');
const bodyParser = require('body-parser');
const { xss } = require('@ptkhanh94npm/deleniti-atque-doloribus');

const app = express();

app.use(bodyParser.json({limit:'1kb'}));
app.use(bodyParser.urlencoded({extended: true, limit:'1kb'}));
app.post("/body", xss(), function (req, res) {
      // your code
});

app.post("/test", function (req, res) {
      // your code
});

You also can sanitize your data (object, array, string,etc) on the fly.

const { sanitize } = require('@ptkhanh94npm/deleniti-atque-doloribus');

// ...
      data = sanitize(data)
// or
      data = sanitize(data, {allowedKeys: ['name']})
// ...

For other frameworks

Tests

To run the test suite, first install the dependencies, then run npm test:

$ npm install
$ npm test

Support

Feel free to open issues on github.