Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
Gathering detailed insights and metrics for koa-csrf
npm install koa-csrf
Typescript
Module System
Min. Node Version
Node Version
NPM Version
JavaScript (97.31%)
Shell (2.69%)
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
MIT License
264 Stars
103 Commits
31 Forks
9 Watchers
2 Branches
24 Contributors
Updated on Jul 08, 2025
Latest Version
5.0.1
Package Id
koa-csrf@5.0.1
Unpacked Size
7.71 kB
Size
3.31 kB
File Count
4
NPM Version
8.11.0
Node Version
16.15.1
Cumulative downloads
Total Downloads
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
CSRF tokens for Koa
NOTE: As of v5.0.0+
ctx.csrf
,ctx_csrf
, andctx.response.csrf
are removed – instead usectx.state._csrf
. Furthermore we have droppedinvalidTokenMessage
andinvalidTokenStatusCode
in favor of anerrorHandler
function option.
npm:
1npm install koa-csrf
Add middleware in Koa app (see options below):
1const Koa = require('koa'); 2const bodyParser = require('koa-bodyparser'); 3const session = require('koa-generic-session'); 4const convert = require('koa-convert'); 5const CSRF = require('koa-csrf'); 6 7const app = new Koa(); 8 9// set the session keys 10app.keys = [ 'a', 'b' ]; 11 12// add session support 13app.use(convert(session())); 14 15// add body parsing 16app.use(bodyParser()); 17 18// add the CSRF middleware 19app.use(new CSRF()); 20 21// your middleware here (e.g. parse a form submit) 22app.use((ctx, next) => { 23 if (![ 'GET', 'POST' ].includes(ctx.method)) 24 return next(); 25 if (ctx.method === 'GET') { 26 ctx.body = ctx.state._csrf; 27 return; 28 } 29 ctx.body = 'OK'; 30}); 31 32app.listen();
Add the CSRF token in your template forms:
Jade Template:
1form(action='/register', method='POST') 2 input(type='hidden', name='_csrf', value=_csrf) 3 input(type='email', name='email', placeholder='Email') 4 input(type='password', name='password', placeholder='Password') 5 button(type='submit') Register
EJS Template:
1<form action="/register" method="POST"> 2 <input type="hidden" name="_csrf" value="<%= _csrf %>" /> 3 <input type="email" name="email" placeholder="Email" /> 4 <input type="password" name="password" placeholder="Password" /> 5 <button type="submit">Register</button> 6</form>
errorHandler
(Function) - defaults to a function that returns ctx.throw(403, 'Invalid CSRF token')
excludedMethods
(Array) - defaults to [ 'GET', 'HEAD', 'OPTIONS' ]
disableQuery
(Boolean) - defaults to false
ignoredPathGlobs
(Array) - defaults to an empty Array, but you can pass an Array of glob paths to ignoreName | Website |
---|---|
Nick Baugh | https://github.com/niftylettuce |
Imed Jaberi | https://www.3imed-jaberi.com/ |
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
Found 2/13 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More