npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

simple-express-csrf

v1.0.0

Published

A really simple Express.js CSRF Middleware that just works out of the box.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lagrangianpointlagrangianpoint

Keywords

expresscsrftokensmiddlewareexpress-sessiontypescript

Readme

simple-express-csrf

A really simple Express.js CSRF Middleware that just works out of the box.

Are you tired of importing and testing multiple CSRF libraries into Express.js, and none of them work? Then this Middleware is for you! Minimal dependencies, educated guess and convetions on your stack. Depends on other well stablished CSRF lib.

Install

$ npm install simple-express-csrtf

This module assumes you are using in your project express, and expres-session.

To install those dependencies run:

$ npm install express expres-session

TypeScript

This module includes a TypeScript declaration file to enable auto complete in compatible editors and type information for TypeScript projects.

Importing

From javascript, you can import this with:

const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf");

// Or

import  { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";

From TypeScript, you simply import the middleware like:

import  { generateCSRFToken, generateCSRFToken, validateCSRFMiddleware } from "simple-express-csrf";

API

generateCSRFToken(request: Request)

Generates a new CSRF Token, which can be used to be renderd in your form. It needs the request object as an input to use it to save this token and the secret token in the session.

validateCSRFToken(request: Request)

Reads the csrf_token parameter from your POST request (the only method secured is POST), and verifies it against the secret token in session.

validateCSRFMiddleware(onErrorCallback: Function)

Automatically validates the CSRF token sent via the POST method. It allows your specified action to be accessed in case the token is valid, and if not, it calls an onErrorCallback callback function that you can use to customize what happens if the token is invalid.

Example

This is a complete example of how this middleware can be used making use of ejs as a template engine.

// app.js
const express = require("express");

const session = require('express-session');

const { generateCSRFToken, validateCSRFMiddleware } = require("simple-express-csrf")

const app = express();

const port = 4000;

app.set('view engine', 'ejs');

app.use(express.urlencoded({ extended: true }));

app.use(session({
  secret: "SECRET_SESION_KEY",
  resave: false,
  saveUninitialized: true,
}));

app.get("/", (req, res) => {
  res.render('index', { csrf_token: generateCSRFToken(req) });
});


app.post("/",
    validateCSRFMiddleware((err, req, res) => {
      return res.redirect("/404");
    }),
  (req, res) => {
  res.json({"success": true});
});

This is what the file views/index.ejs looks like:

    <form id="myform" action="/" method="post">
        <input type="hidden" name="csrf_token" value="<%= csrf_token %>" />
        <input type="text" name="name" placeholder="Name" />
        <button type="submit">Submit</button>
    </form>