{"id":27779909,"url":"https://github.com/klemenkozelj/fastify-mongodb-sanitizer","last_synced_at":"2025-09-10T02:38:03.927Z","repository":{"id":38033002,"uuid":"440240153","full_name":"KlemenKozelj/fastify-mongodb-sanitizer","owner":"KlemenKozelj","description":"Fastify plugin that sanitizes client input to prevent potential MongoDB query injection attacks. 💽🥽","archived":false,"fork":false,"pushed_at":"2025-02-21T09:00:38.000Z","size":151,"stargazers_count":8,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-10T21:45:26.567Z","etag":null,"topics":["fastify","fastify-plugin","javascript","mongodb","nodejs","nodejs-server"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KlemenKozelj.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"MIT-LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-12-20T16:41:13.000Z","updated_at":"2025-02-21T08:58:06.000Z","dependencies_parsed_at":"2025-04-30T10:56:43.447Z","dependency_job_id":"d42a2c91-e222-41d2-b894-b78098af2109","html_url":"https://github.com/KlemenKozelj/fastify-mongodb-sanitizer","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/KlemenKozelj/fastify-mongodb-sanitizer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KlemenKozelj%2Ffastify-mongodb-sanitizer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KlemenKozelj%2Ffastify-mongodb-sanitizer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KlemenKozelj%2Ffastify-mongodb-sanitizer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KlemenKozelj%2Ffastify-mongodb-sanitizer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KlemenKozelj","download_url":"https://codeload.github.com/KlemenKozelj/fastify-mongodb-sanitizer/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KlemenKozelj%2Ffastify-mongodb-sanitizer/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274402260,"owners_count":25278337,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fastify","fastify-plugin","javascript","mongodb","nodejs","nodejs-server"],"created_at":"2025-04-30T10:56:19.368Z","updated_at":"2025-09-10T02:38:03.915Z","avatar_url":"https://github.com/KlemenKozelj.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# fastify-mongodb-sanitizer\n\n![CI/CD](https://github.com/KlemenKozelj/fastify-mongodb-sanitizer/actions/workflows/main.yml/badge.svg) ![Vulnerabilities](https://snyk.io/test/github/KlemenKozelj/fastify-mongodb-sanitizer/badge.svg)\n\nSlim, well tested and zero dependencies Fastify plugin which through middleware sanitizes all user server inputs to increase overall security by preventing potential MongoDB database query injection attacks.\nTo further tighten the security please consider disabling server-side execution of JavaScript code or be extra cautious when running `$where` and `MapReduce` commands, taken from [MongoDB FAQ](https://www.mongodb.com/docs/manual/faq/fundamentals/#javascript).\n\n\n## Install\n```\nnpm install --save fastify-mongodb-sanitizer\n```\n\n## Usage\nPackage `fastify-mongodb-sanitizer` will in `preHandler` middleware hook remove all client server inputs (request URL parameters, query strings and body) starting with \"$\".\n\n```js\nconst fastify = require('fastify')();\nconst fastifyMongoDbSanitizer = require('fastify-mongodb-sanitizer');\n\nconst fastifyMongodbsanitizerOptions = {\n    params: true,\n    query: true,\n    body: true,\n};\n\nfastify\n    .register(fastifyMongoDbSanitizer, fastifyMongodbsanitizerOptions)\n    .get('/', (req, res) =\u003e res.send({ hello: 'world' }))\n    .listen({ port: 3000 });\n```\n\n#### Example\nIn following POST request\n```js\nserver.inject({\n    method: 'POST',\n    url: `/$aaaa?$bbbb=10\u0026cccc=$gte\u0026dddd=3`,\n    payload: {\n        a: 1,\n        $eq: 2,\n        c: ['$lte', 'd', true],\n        e: {\n            f: 1,\n            $ge: true\n        }\n    },\n})\n```\nsanatizer will remove all keys and values starting with $, expected result in handler function will be:\n```js\nfunction requestHandler(req, res) {\n    req.params // {}\n    req.query  // { dddd: 3 }\n    req.body   // { a: 1, c: ['d', true], e: { f: 1 } }\n}\n```\nstay safe :)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklemenkozelj%2Ffastify-mongodb-sanitizer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fklemenkozelj%2Ffastify-mongodb-sanitizer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklemenkozelj%2Ffastify-mongodb-sanitizer/lists"}