Gathering detailed insights and metrics for qs-to-mongo
Gathering detailed insights and metrics for qs-to-mongo
Parse and convert query parameters into MongoDB query criteria and options.
Installations
npm install qs-to-mongoDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
20.11.1
NPM Version
10.2.4
Releases
2
Languages
1
TypeScript
TypeScript (100%)
Developer
fox1t
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
11 Stars
46 Commits
2 Forks
2 Watchers
5 Branches
2 Contributors
Updated on Jun 20, 2025
Maintainers
1
Package Meta Information
Latest Version
4.0.1
Package Id
qs-to-mongo@4.0.1
Unpacked Size
30.53 kB
Size
9.56 kB
File Count
21
NPM Version
10.2.4
Node Version
20.11.1
Published on
May 20, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
8
Thanks to this package, you can parse and convert query parameters into MongoDB query criteria and options.
Install
npm install qs-to-mongo
Usage
1import qs2m from 'qs-to-mongo' // or const qs2m = require('qs-to-mongo') 2const result = qs2m('name=john&age>21&fields=name,age&sort=name,-age&offset=10&limit=10')
The result will be
1{ 2 criteria: { 3 name: 'john', 4 age: { $gt: 21 } 5 }, 6 options: { 7 fields: { name: true, age: true }, 8 sort: { name: 1, age: -1 }, 9 offset: 10, 10 limit: 10 11 } 12}
Resulting object props (criteria and options) are usable as parameters for any MongoDB driver or ODM. For example:
1import qs2m from 'qs-to-mongo' 2import { MongoClient } from 'mongodb' 3 4;(async function() { 5 const { db } = await MongoClient.connect(connectionString) 6 const result = qs2m('name=john&age>21&fields=name,age&sort=name,-age&offset=10&limit=10') 7 const documents = await db('dbName') 8 .collection('collectionName') 9 .find(result.criteria, result.options) 10})().catch(console.log)
API
Main function
1qs2m(query: string, options: { 2 ignoredFields?: string | string[] 3 parser?: { 4 parse(query: string, options?: any): any 5 stringify(obj: object, options?: any): string 6 } 7 parserOptions?: object 8 dateFields?: string | string[] 9 objectIdFields?: string | string[] 10 fullTextFields?: string | string[] 11 parameters?: Partial<typeof defaultParameters> 12 maxLimit?: number 13})
Options
ignoredFields: array of query parameters that are ignored, in addition to default ones: "fields", "omit", "sort", "offset", "limit", "q";parser: custom query parser, must implementparse(query: string, options?: any): anyandstringify(obj: object, options?: any): string. The default parser is qs;parserOptions: options to pass to the query parser;dateFields: fields that will be converted toDate. If no fields are passed, any valid date string will be converted to ISOString;objectIdFields: fields that will be converted to ObjectId;fullTextFields: fields that will be used as criteria when passing theqquery parameter;parameters: override default parameters used as query options ("fields", "omit", "sort", "offset", "limit", "q"). For example: {fields:'$fields', omit:'$omit', sort:'$sort', offset:'$offset', limit:'$limit'};maxLimit: maximum limit that could be passed to thelimitoption.
Returned object
1{ 2 criteria: { 3 [key: string]: any 4 } 5 options: { 6 projection: { 7 [key: string]: 0 | 1 8 } 9 sort: { 10 [key: string]: 1 | -1 11 } 12 skip: number 13 limit: number 14 } 15 links: (url: string, totalCount: number) => { 16 prev: string 17 first: string 18 next: string 19 last: string 20 } | null 21}
links method examples
1import qs2m from 'qs-to-mongo' //or const qs2m = require('qs-to-mongo') 2const query = qs2m('name=john&age>21&offset=20&limit=10') 3query.links('http://localhost/api/v1/users', 100)
This will generate an object that could be used by the Express res.links(http://expressjs.com/en/4x/api.html#res.links) method.
1{ prev: 'http://localhost/api/v1/users?name=john&age%3E21=&offset=10&limit=10', 2 first: 'http://localhost/api/v1/users?name=john&age%3E21=&offset=0&limit=10', 3 next: 'http://localhost/api/v1/users?name=john&age%3E21=&offset=30&limit=10', 4 last: 'http://localhost/api/v1/users?name=john&age%3E21=&offset=90&limit=10' }
Filtering
Any query parameters other than the special parameters fields, omit, sort, offset, limit, and q are interpreted as query criteria. For example name=john&age>21 results in a criteria value of:
{
'name': 'john',
'age': { $gt: 21 }
}
- Supports standard comparison operations (=, !=, >, <, >=, <=).
- Numeric values, where
Number(value) != NaN, are compared as numbers (i.e.,field=10yields{field:10}). - Values of true and false are compared as booleans (ie.
{field: true}) - ObjectId hex strings can be compared as ObjectId instances if `objectIdFields`` is passed.
- Values that are dates are compared as dates (except for YYYY, which matches the number rule) if
dateFieldsis passed. If not, they will be converted to Date ISOString. nullvalues are compared asnull. For examplebar=nullyields{bar: null}- special
qquery parameter could be used to perform a full-text search on fields passed in thefullTextFieldsargument. - Multiple equals comparisons are merged into a
$inoperator. For example,id=a&id=byields{id:{$in:['a','b']}}. - Multiple not-equals comparisons are merged into a
$ninoperator. For example,id!=a&id!=byields{id:{$nin:['a','b']}}. Comma-separated values in equals or not-equals yield an$inor$ninoperator. For example,id=a,byields{id:{$in:['a','b']}}`. - Regex patterns. For example,
name=/^john/iyields{id: /^john/i}. - Parameters without a value check that the field is present. For example,
foo&bar=10yields{foo: {$exists: true}, bar: 10}. - Parameters prefixed with a not (!) and without a value check that the field is not present. For example,
!foo&bar=10yields{foo: {$exists: false}, bar: 10}. - Supports some of the named comparison operators ($type, $size and $all). For example,
foo:type=string, yeilds{ foo: {$type: 'string} }. - Support for forced string comparison; value in single or double quotes (
field='10'orfield="10") would force a string compare. Allows for a string with an embedded comma (field="a,b") and quotes (field="that's all folks").
Embedded documents
Comparisons on embedded documents should use mongo's dot notation instead of qs (Use foo.bar=value instead of foo[bar]=value) 'extended' syntax.
Although exact matches are handled for either method, comparisons (such as foo[bar]!=value) are not supported because the qs parser expects an equals sign after the nested object reference; if it's not an equals, the remainder is discarded.
Overriding parameters
You can adjust the default parameters (fields, omit, sort, offset, limit and q) by providing an alternate set as an option. For example:
1const parameters = { 2 fields:'$fields', 3 omit:'$omit', 4 sort:'$sort', 5 offset:'$offset', 6 limit:'$limit', 7 q: '$q', 8} 9 10const query = q2m(res.query, { parameters: parameters });
This will then interpret the default parameters as query parameters instead of options. For example a query of age>21&omit=false&$omit=a results in a criteria value of:
1query.criteria = { 2 'age': { $gt: 21 }, 3 'omit': false 4}
and an option value of:
1query.option = { 2 fields: { a: false } 3}
Frameworks integration
This module also takes parsed query as input, so that it could be used by Fastify or express routes without any further addition.
1const querystring = require('querystring') 2const qs2m = require('qs-to-mongo') 3const query = 'name=john&age>21&fields=name,age&sort=name,-age&offset=10&limit=10' 4const q = q2m(querystring.parse(query))
This makes it easy to use it in fastify route:
1fastify.get('/api/v1/mycollection', (req, reply) =>{ 2 const q = q2m(req.query); 3 ... 4}
or in express one:
1router.get('/api/v1/mycollection', function(req, res, next) { 2 const q = q2m(res.query); 3 ... 4}
The format and names for query parameters were inspired by this article about best practices for RESTful APIs.
Background
This package started as a hard fork of https://github.com/pbatey/query-to-mongo. This is a TypeScript port, with some fixes and many improvements. However, this is not a drop-in replacement because of the changes to the public API.
Notable differences with query-to-mongo
- uses qs instead of querystring for default query parsing
- adds support for
nullandObjectIdhex string values - adds passing options to parser with
parserOptionsparameter - adds support for fulltext search on predefined fields (using
fullTextFieldsparameter) - opt-ins date-string conversion to Date with
dateFieldsparameter - opt-ins hexstring ObjectId parsing with
objectIdFieldsparameter - renames
keywordsparameter toparameters - renames
ignoretoignoredFields - renames
fieldstoprojectionin returnd mongo options - removes unused and old code
- written in TypeScript, typed out of the box
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel permissions set to 'read-all': .github/workflows/build.yaml:12
- Info: topLevel permissions set to 'read-all': .github/workflows/test.yaml:13
- Info: no jobLevel write permissions found
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yaml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/fox1t/qs-to-mongo/test.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/build.yaml:42
- Info: 6 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 5 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/14 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
4.9
/10
Last Scanned on 2025-07-14
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More