Express middleware

The Express middleware modules listed here are maintained by the Expressjs team.

Middleware module Description Replaces built-in function (Express 3)
body-parser Parse HTTP request body. See also: body, co-body, and raw-body. express.bodyParser
compression Compress HTTP responses. express.compress
connect-rid Generate unique request ID. NA
cookie-parser Parse cookie header and populate req.cookies. See also cookies and keygrip. express.cookieParser
cookie-session Establish cookie-based sessions. express.cookieSession
cors Enable cross-origin resource sharing (CORS) with various options. NA
csurf Protect from CSRF exploits. express.csrf
errorhandler Development error-handling/debugging. express.errorHandler
method-override Override HTTP methods using header. express.methodOverride
morgan HTTP request logger. express.logger
multer Handle multi-part form data. express.bodyParser
response-time Record HTTP response time. express.responseTime
serve-favicon Serve a favicon. express.favicon
serve-index Serve directory listing for a given path.
serve-static Serve static files. express.static
session Establish server-based sessions (development only). express.session
timeout Set a timeout period for HTTP request processing. express.timeout
vhost Create virtual domains. express.vhost

Additional middleware modules

These are some additional popular middleware modules.

Middleware module Description
connect-image-optimus Optimize image serving. Switches images to .webp or .jxr, if possible.
express-debug Development tool that adds information about template variables (locals), current session, and so on.
express-partial-response Filters out parts of JSON responses based on the fields query-string; by using Google API’s Partial Response.
express-simple-cdn Use a CDN for static assets, with multiple host support.
express-slash Handles routes with and without trailing slashes.
express-stormpath User storage, authentication, authorization, SSO, and data security.
express-uncapitalize Redirects HTTP requests containing uppercase to a canonical lowercase form.
helmet Helps secure your apps by setting various HTTP headers.
join-io Joins files on the fly to reduce the requests count.
passport Authentication using “strategies” such as OAuth, OpenID and many others. See for more information.
static-expiry Fingerprint URLs or caching headers for static assets.
view-helpers Common helper methods for views.
sriracha-admin Dynamically generate an admin site for Mongoose.

For more middleware modules, see http-framework.