Express middleware

The Express middleware modules listed here are maintained by the Expressjs team.

Middleware module Description Replaces built-in function (Express 3)
body-parser Parse HTTP request body. See also: body, co-body, and raw-body. express.bodyParser
compression Compress HTTP responses. express.compress
connect-rid Generate unique request ID. NA
cookie-parser Parse cookie header and populate req.cookies. See also cookies and keygrip. express.cookieParser
cookie-session Establish cookie-based sessions. express.cookieSession
cors Enable cross-origin resource sharing (CORS) with various options. NA
csurf Protect from CSRF exploits. express.csrf
errorhandler Development error-handling/debugging. express.errorHandler
method-override Override HTTP methods using header. express.methodOverride
morgan HTTP request logger. express.logger
multer Handle multi-part form data. express.bodyParser
response-time Record HTTP response time. express.responseTime
serve-favicon Serve a favicon. express.favicon
serve-index Serve directory listing for a given path. express.directory
serve-static Serve static files. express.static
session Establish server-based sessions (development only). express.session
timeout Set a timeout period for HTTP request processing. express.timeout
vhost Create virtual domains. express.vhost

Additional middleware modules

These are some additional popular middleware modules.

Warning: This information refers to third-party sites, products, or modules that are not maintained by the Expressjs team. Listing here does not constitute an endorsement or recommendation from the Expressjs project team.

Middleware module Description
connect-image-optimus Optimize image serving. Switches images to .webp or .jxr, if possible.
express-debug Development tool that adds information about template variables (locals), current session, and so on.
express-partial-response Filters out parts of JSON responses based on the fields query-string; by using Google API’s Partial Response.
express-simple-cdn Use a CDN for static assets, with multiple host support.
express-slash Handles routes with and without trailing slashes.
express-stormpath User storage, authentication, authorization, SSO, and data security.
express-uncapitalize Redirects HTTP requests containing uppercase to a canonical lowercase form.
helmet Helps secure your apps by setting various HTTP headers.
join-io Joins files on the fly to reduce the requests count.
passport Authentication using “strategies” such as OAuth, OpenID and many others. See http://passportjs.org/ for more information.
static-expiry Fingerprint URLs or caching headers for static assets.
view-helpers Common helper methods for views.
sriracha-admin Dynamically generate an admin site for Mongoose.

For more middleware modules, see http-framework.