secure-express-setup/lib/sanitization.js

Military-grade one-command security setup for Express.js applications

const mongoSanitize = require('express-mongo-sanitize');
const xss = require('xss-clean');

function setupSanitization(app) {
  // Prevent NoSQL injection
  app.use(mongoSanitize({
    replaceWith: '_',
    onSanitize: ({ req, key }) => {
      console.warn(`⚠️  NoSQL injection attempt detected in ${key}`);
    }
  }));

  // Prevent XSS attacks
  app.use(xss());
}

module.exports = setupSanitization;