TypeScript Middleware

Open-source TypeScript projects categorized as Middleware

Top 23 TypeScript Middleware Projects

  • http-proxy-middleware

    :zap: The one-liner node.js http-proxy middleware for connect, express, next.js and more

    Project mention: About Reverse Proxy | dev.to | 2023-10-09

    Then we translate each rule. webpack-dev-server uses http-proxy-middleware under the hood, and here's how to translate each field.

  • helmet

    Help secure Express apps with various HTTP headers

    Project mention: 🔒Securing Web: A Deep Dive into Content Security Policy (CSP) | dev.to | 2024-02-15


  • WorkOS

    The modern API for authentication & user identity. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • telegraf

    Modern Telegram Bot Framework for Node.js (by telegraf)

  • Ts.ED

    :triangular_ruler: Ts.ED is a Node.js and TypeScript framework on top of Express to write your application with TypeScript (or ES6). It provides a lot of decorators and guideline to make your code more readable and less error-prone. ⭐️ Star to support our work!

    Project mention: Choosing a backend API framework | /r/node | 2023-06-13

    Ts.ED - Controller-based (DI supporting) backend framework that seems to offer quite a lot (although I'm wary of it being quite close to Nest.js)

  • next-connect

    The TypeScript-ready, minimal router and middleware layer for Next.js, Micro, Vercel, or Node.js http/http2

    Project mention: Is there any elegant way of executing same logics in getServerSideProps of every page? | /r/nextjs | 2023-04-27

    Try next-connect

  • itty-router

    A little router.

    Project mention: Ask HN: Which stack is as boring (good boring) and cheap in 2023 as PHP? | news.ycombinator.com | 2023-03-11

    Instead of Next and it's bloat, you should try Svelte, a barebones Svelte (not SvelteKit) app feels like a breeze to scaffold and deploy through Netlify or Vercel with nearly 0 configuration. The same can be said about SvelteKit, though you can just get away by using a minimal router like Itty (https://github.com/kwhitley/itty-router) with barebones Svelte (just run npx create-vite, and follow the interactive scaffold process).

  • redux-dynamic-modules

    Modularize Redux by dynamically loading reducers and middlewares.

  • LearnThisRepo.com

    Learn 300+ open source libraries for free using AI. LearnThisRepo lets you learn 300+ open source repos including Postgres, Langchain, VS Code, and more by chatting with them using AI!

  • axios-auth-refresh

    Library that helps you implement automatic refresh of authorization via axios interceptors. You can easily intercept the original request when it fails, refresh the authorization and continue with the original request, without user even noticing.

  • express-openapi-validator

    🦋 Auto-validates api requests, responses, and securities using ExpressJS and an OpenAPI 3.x specification

  • Rill

    🗺 Universal router for web applications.

  • Quell

    Quell is an easy-to-use, lightweight JavaScript library providing a client- and server-side caching solution for GraphQL. Use Quell to prevent redundant client-side API requests and to minimize costly server-side response latency.

  • express-zod-api

    A Typescript library to help you get an API server up and running with I/O schema validation and custom middlewares in minutes.

    Project mention: preferred way to type guard api response body? | /r/typescript | 2023-05-26

    Check out this library: https://github.com/RobinTail/express-zod-api

  • zundo

    🍜 undo/redo middleware for zustand. <700 bytes

  • graphql-armor

    🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️

    Project mention: Launch HN: Escape (YC W23) – Discover and secure all your APIs | news.ycombinator.com | 2024-02-01

    When I met Antoine, who had previously been a security engineer at NATO and Apple, we decided to tackle this issue together and create a modern security tool that would appeal to both developers and security people. It needed to be fast, easy to set up yet configurable, have outstanding support for securing APIs, and find what was relevant with a low false positive rate.

    The first step was to show security engineers and developers what APIs they had to secure. We needed to find an easy way to discover any organization’s exposed and internal APIs.

    To discover all APIs, we crafted a system that extracts all the API routes the organization exposes by scanning its domains, frontend websites, and SPAs. It then enriches this data by connecting to code repositories, API gateways, and API development tools to create a full list of all the exposed endpoints and the sensitivity of the data they handle. Other testing tools do not provide an inventory of all the API routes exposed by an organization, but as we mentioned above, the biggest problem security engineers face is often just finding out what it is they need to test!

    Then, we needed to provide security engineers and developers with a list of security issues in their APIs.

    Since APIs act as a business model layer, most of the critical security issues lie in the business processes underlying APIs. In security, issues obtained from breaking business processes are called Broken Object Level Authorization (BOLA), Broken Function Level Authorization (BFLA), and Broken Object Property Level Authorization (BOPLA).

    To find them, we knew we couldn’t rely on traditional techniques like fuzzing. We needed to find a way to model the Business Process underlying the API and attempt to break it.

    Doing research on this topic, we discovered that modeling API business processes in a similar way to board games, like Chess or Go, worked surprisingly well. The underlying reason is simple: a board game is a state machine on which you can execute actions that must respect rules to change the game’s state. Think about moving the pieces in a chess game, each piece has its specific moves, and their position on the board represents the state.

    APIs are similar: they have a database, which represents the internal state, and API routes, which represent the actions you can run on the state. Of course, most APIs are more complex than a chess game because they have much more routes than there are chess pieces. In mathematics, we would say that the action space is much larger.

    But the models are similar enough for us to try applying alpha-beta, Monte-Carlo Search Three, and more advanced Machine Learning techniques that have proven to work well in the context of large action space games like Go.

    Those were the foundational ideas behind our in-house algorithm, Feedback-Driven API Exploration (FDAE), which automatically identifies the underlying business processes and generates sequences of API requests especially aimed at breaking them, uncovering potential security flaws and data leaks.

    FDAE starts by ingesting the list of routes and parameters in an API. It first identifies the routes leading to sensitive data, like PII or financial information, and the parameters that have the most chances of being vulnerable to various kinds of injections and attacks.

    Often, those routes require parameters like UUIDs or domain-specific values. That’s where traditional security scanners fall short: they often fuzz randomly the parameters hoping to find some low-hanging fruit injection, but end up blocked at the data validation layer.

    FDAE is smarter. If it detects that the route /user/:uuid might be sensible, it will first look at all the other routes in the API and try to find one that returns a valid user UUID. Once it gets the valid user UUID, it will use it to trigger the /user/:uuid route and try to exploit it in many different ways.

    If there are no existing users in the database, but there is a route to create one, Escape’s FDAE will even be able to create a user, get its UUID, and then attempt exploiting the routes that require a user UUID.

    This process, very similar to what human penetration testers and bug hunters do, allows Escape to do extensive and deep testing of any API and business processes. It’s specifically good at finding many access control bugs like tenant isolation problems, complex multi-step injections, and request forgeries.

    To give a specific example, imagine you’re building an e-commerce application, Escape can detect cases where users can bypass payment steps or modify input parameters in the request to access other user’s orders or private information.

    You can find a more detailed explanation of how Feedback Driven API Exploration works with graphics here: https://escape.tech/blog/feedback-driven-api-exploration/

    Escape’s entire scanning process takes minutes. It was very important to us, as former developers, to seamlessly integrate API testing in CI/CD pipelines and quickly implement relevant fixes. To verify that it was scalable, we scanned all public APIs on the internet and produced research reports on their quality: the State of GraphQL Security (https://26857953.fs1.hubspotusercontent-eu1.net/hubfs/268579...), and the State of Public APIs (https://apirank.dev/state-of-public-api-2023/).

    Apart from discovering and testing APIs in minutes, we wanted to make Escape actionable. Pinpointing a problem is one thing, but then how to fix it? Most dynamic scanners give vague remediation instructions. Escape actually generates code snippets to help developers.

    We offer a few monthly and yearly subscription plans based on the number of APIs and developers in the org, with a free 7 days trial. The pricing is accessible in the app during a trial period. Since our product is highly technical, we wanted to make sure that users can explore our features, evaluate what Escape does, and understand its value before making a decision. Users can see pricing details at a point in their trial journey where it makes the most sense, aligning with their understanding of the product. You can try us without a credit card at https://escape.tech.

    Our main SaaS product is closed source, but we publish many open source packages for security and developers on https://github.com/Escape-Technologies/ , some of them being widely used like GraphQL Armor (https://github.com/Escape-Technologies/graphql-armor/)

    The number and complexity of APIs are constantly growing, and we’re continuing to learn every day, so we would greatly appreciate and are eager for your feedback (no matter how big or small)! Thanks!

  • next-session

    Simple promise-based session middleware for Next.js, micro, Express, and more

  • diary

    📑 Zero-dependency, fast logging library for Node, Browser and Workers (by maraisr)

  • oauth2-client

    OAuth2 client for Node and browsers (by badgateway)

  • prisma-field-encryption

    Transparent field-level encryption at rest for Prisma

  • cloudflare-worker-router

    A super lightweight router (1.0K) with middleware support and ZERO dependencies for Cloudflare Workers.

  • connery

    Connery - Plugin infrastructure for AI

    Project mention: Built open source API wrapper for GPTs | /r/GPT | 2023-11-21

    Link to our repo: https://github.com/connery-io/connery-platform

  • dashport

    Local and OAuth authentication middleware for Deno

  • peko

    Featherweight HTTP routing + utils for stateless TypeScript apps 🐣

    Project mention: Peko: Featherweight server toolkit for apps on the edge | /r/javascript | 2023-04-05
  • parsec 🌌

    🌌 Tiniest body parser in the universe. Built for modern Node.js

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2024-02-15.

TypeScript Middleware related posts


What are some of the best open-source Middleware projects in TypeScript? This list will help you:

Project Stars
1 http-proxy-middleware 10,398
2 helmet 9,929
3 telegraf 7,423
4 Ts.ED 2,691
5 next-connect 1,586
6 itty-router 1,509
7 redux-dynamic-modules 1,062
8 axios-auth-refresh 991
9 express-openapi-validator 850
10 Rill 613
11 Quell 577
12 express-zod-api 505
13 zundo 483
14 graphql-armor 449
15 next-session 333
16 diary 232
17 oauth2-client 224
18 prisma-field-encryption 195
19 cloudflare-worker-router 189
20 connery 158
21 dashport 151
22 peko 150
23 parsec 🌌 134
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.