Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
npm install koa-csrf
Typescript
Module System
Min. Node Version
Node Version
NPM Version
JavaScript (97.31%)
Shell (2.69%)
Total Downloads
13,287,634
Last Day
1,677
Last Week
4,894
Last Month
24,943
Last Year
999,585
MIT License
264 Stars
103 Commits
31 Forks
9 Watchers
2 Branches
24 Contributors
Updated on Jul 08, 2025
Latest Version
5.0.1
Package Id
koa-csrf@5.0.1
Unpacked Size
7.71 kB
Size
3.31 kB
File Count
4
NPM Version
8.11.0
Node Version
16.15.1
Cumulative downloads
Total Downloads
Last Day
156.4%
1,677
Compared to previous day
Last Week
0.8%
4,894
Compared to previous week
Last Month
-19.8%
24,943
Compared to previous month
Last Year
-51.1%
999,585
Compared to previous year
CSRF tokens for Koa
NOTE: As of v5.0.0+
ctx.csrf
,ctx_csrf
, andctx.response.csrf
are removed – instead usectx.state._csrf
. Furthermore we have droppedinvalidTokenMessage
andinvalidTokenStatusCode
in favor of anerrorHandler
function option.
npm:
1npm install koa-csrf
Add middleware in Koa app (see options below):
1const Koa = require('koa'); 2const bodyParser = require('koa-bodyparser'); 3const session = require('koa-generic-session'); 4const convert = require('koa-convert'); 5const CSRF = require('koa-csrf'); 6 7const app = new Koa(); 8 9// set the session keys 10app.keys = [ 'a', 'b' ]; 11 12// add session support 13app.use(convert(session())); 14 15// add body parsing 16app.use(bodyParser()); 17 18// add the CSRF middleware 19app.use(new CSRF()); 20 21// your middleware here (e.g. parse a form submit) 22app.use((ctx, next) => { 23 if (![ 'GET', 'POST' ].includes(ctx.method)) 24 return next(); 25 if (ctx.method === 'GET') { 26 ctx.body = ctx.state._csrf; 27 return; 28 } 29 ctx.body = 'OK'; 30}); 31 32app.listen();
Add the CSRF token in your template forms:
Jade Template:
1form(action='/register', method='POST') 2 input(type='hidden', name='_csrf', value=_csrf) 3 input(type='email', name='email', placeholder='Email') 4 input(type='password', name='password', placeholder='Password') 5 button(type='submit') Register
EJS Template:
1<form action="/register" method="POST"> 2 <input type="hidden" name="_csrf" value="<%= _csrf %>" /> 3 <input type="email" name="email" placeholder="Email" /> 4 <input type="password" name="password" placeholder="Password" /> 5 <button type="submit">Register</button> 6</form>
errorHandler
(Function) - defaults to a function that returns ctx.throw(403, 'Invalid CSRF token')
excludedMethods
(Array) - defaults to [ 'GET', 'HEAD', 'OPTIONS' ]
disableQuery
(Boolean) - defaults to false
ignoredPathGlobs
(Array) - defaults to an empty Array, but you can pass an Array of glob paths to ignoreName | Website |
---|---|
Nick Baugh | https://github.com/niftylettuce |
Imed Jaberi | https://www.3imed-jaberi.com/ |
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
Found 2/13 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More