Gathering detailed insights and metrics for http-errors
Gathering detailed insights and metrics for http-errors
Installations
npm install http-errorsDeveloper Guide
BETA
Typescript
No
Module System
N/A
Min. Node Version
>= 0.8
Node Version
16.7.0
NPM Version
7.20.3
Score
99.1
Supply Chain
99.5
Quality
80.5
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
jshttp
Download Statistics
Total Downloads
14,468,997,020
Last Day
3,666,296
Last Week
63,959,543
Last Month
279,303,760
Last Year
2,924,375,590
GitHub Statistics
MIT License
1,531 Stars
308 Commits
116 Forks
25 Watchers
7 Branches
36 Contributors
Updated on Jul 03, 2025
Bundle Size
6.14 kB
Minified
2.40 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
2.0.0
Package Id
http-errors@2.0.0
Unpacked Size
18.37 kB
Size
6.19 kB
File Count
5
NPM Version
7.20.3
Node Version
16.7.0
Published on
Dec 18, 2021
Total Downloads
Cumulative downloads
Total Downloads
14,468,997,020
http-errors
Create HTTP errors for Express, Koa, Connect, etc. with ease.
Install
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
1$ npm install http-errors
Example
1var createError = require('http-errors') 2var express = require('express') 3var app = express() 4 5app.use(function (req, res, next) { 6 if (!req.user) return next(createError(401, 'Please login to view this page.')) 7 next() 8})
API
This is the current API, currently extracted from Koa and subject to change.
Error Properties
expose- can be used to signal ifmessageshould be sent to the client, defaulting tofalsewhenstatus>= 500headers- can be an object of header names to values to be sent to the client, defaulting toundefined. When defined, the key names should all be lower-casedmessage- the traditional error message, which should be kept short and all single linestatus- the status code of the error, mirroringstatusCodefor general compatibilitystatusCode- the status code of the error, defaulting to500
createError([status], [message], [properties])
Create a new error object with the given message msg.
The error object inherits from createError.HttpError.
1var err = createError(404, 'This video does not exist!')status: 500- the status code as a numbermessage- the message of the error, defaulting to node's text for that status code.properties- custom properties to attach to the object
createError([status], [error], [properties])
Extend the given error object with createError.HttpError
properties. This will not alter the inheritance of the given
error object, and the modified error object is the
return value.
1fs.readFile('foo.txt', function (err, buf) {
2 if (err) {
3 if (err.code === 'ENOENT') {
4 var httpError = createError(404, err, { expose: false })
5 } else {
6 var httpError = createError(500, err)
7 }
8 }
9})status- the status code as a numbererror- the error object to extendproperties- custom properties to attach to the object
createError.isHttpError(val)
Determine if the provided val is an HttpError. This will return true
if the error inherits from the HttpError constructor of this module or
matches the "duck type" for an error this module creates. All outputs from
the createError factory will return true for this function, including
if an non-HttpError was passed into the factory.
new createError[code || name]([msg]))
Create a new error object with the given message msg.
The error object inherits from createError.HttpError.
1var err = new createError.NotFound()
code- the status code as a numbername- the name of the error as a "bumpy case", i.e.NotFoundorInternalServerError.
List of all constructors
| Status Code | Constructor Name |
|---|---|
| 400 | BadRequest |
| 401 | Unauthorized |
| 402 | PaymentRequired |
| 403 | Forbidden |
| 404 | NotFound |
| 405 | MethodNotAllowed |
| 406 | NotAcceptable |
| 407 | ProxyAuthenticationRequired |
| 408 | RequestTimeout |
| 409 | Conflict |
| 410 | Gone |
| 411 | LengthRequired |
| 412 | PreconditionFailed |
| 413 | PayloadTooLarge |
| 414 | URITooLong |
| 415 | UnsupportedMediaType |
| 416 | RangeNotSatisfiable |
| 417 | ExpectationFailed |
| 418 | ImATeapot |
| 421 | MisdirectedRequest |
| 422 | UnprocessableEntity |
| 423 | Locked |
| 424 | FailedDependency |
| 425 | TooEarly |
| 426 | UpgradeRequired |
| 428 | PreconditionRequired |
| 429 | TooManyRequests |
| 431 | RequestHeaderFieldsTooLarge |
| 451 | UnavailableForLegalReasons |
| 500 | InternalServerError |
| 501 | NotImplemented |
| 502 | BadGateway |
| 503 | ServiceUnavailable |
| 504 | GatewayTimeout |
| 505 | HTTPVersionNotSupported |
| 506 | VariantAlsoNegotiates |
| 507 | InsufficientStorage |
| 508 | LoopDetected |
| 509 | BandwidthLimitExceeded |
| 510 | NotExtended |
| 511 | NetworkAuthenticationRequired |
License
No vulnerabilities found.
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:13
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:189
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
project has 13 contributing companies or organizations
Details
- Info: found contributions from: ExpressGateway, GlobalAppInitiative, LyfeCycle, crypto-utils, expressjs, houzz, jshttp, koajs, mysqljs, nodejs, pillarjs, repo-utils, stream-utils
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/jshttp/.github/SECURITY.md:1
- Info: Found linked content: github.com/jshttp/.github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: github.com/jshttp/.github/SECURITY.md:1
Reason
9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8
Reason
13 out of 16 merged PRs checked by a CI test -- score normalized to 8
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 9 commits out of 26 are checked with a SAST tool
Reason
Found 10/15 approved changesets -- score normalized to 6
Reason
dependency not pinned by hash detected -- score normalized to 6
Details
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:140
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:156
- Info: 8 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'
- Info: 'stale review dismissal' is required to merge on branch 'master'
- Warn: required approving review count is 1 on branch 'master'
- Warn: codeowners review is not required on branch 'master'
- Warn: 'last push approval' is disabled on branch 'master'
- Warn: 'up-to-date branches' is disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7.7
/10
Last Scanned on 2025-06-30T21:30:27Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More