npm hono 2.3.0
v2.3.0
on Node.js NPM

latest releases: 4.6.2, 4.6.1, 4.6.0...
23 months ago

Security update & Breaking change

This release includes SECURITY UPDATE and associated BREAKING CHANGES.

  • Targets: "Basic Auth Middleware" and "Bearer Auth Middleware".
  • Vulnerability detail: Even if "unauthorized", the Handler will be executed.

If you are using an older version of Basic Auth Middleware and Bearer Auth Middleware, please use this version. See the release notes on GitHub for version updates.

With it, there is Breaking Change.

If you are using Basic Auth and Bearer Auth in your Handler (nested), change as follows: 

app.use('/auth/*', async (c, next) => {
  const auth = basicAuth({ username: c.env.USERNAME, password: c.env.PASSWORD })
  return auth(c, next) // Older: `await auth(c, next)`
})

New features

Validator Middleware supports nested validation

For example, there is a nested object like below: 

const data = {
  posts: [
    {
      id: 123,
      title: 'JavaScript',
      tags: ['Workers', 'Deno', 'Bun'],
    },
  ],
  pager: {
    prev: true,
    next: false,
  },
}

It will be validated with v.array() and v.object(): 

app.post(
  '/posts',
  validator((v) => ({
    posts: v.array('posts', (v) => ({
      id: v.json('id').asNumber().isRequired(),
      title: v.json('title'),
      tags: v.json('tags').asArray(),
    })),
    pager: v.object('pager', (v) => ({
      prev: v.json('prev').asBoolean(),
      next: v.json('next').asBoolean(),
    })),
  })),
  (c) => {
    return c.text('Valid!')
  }
)

And it also has types:

SS

Isn't it cool?

Validator Middleware supports friendly error messages

For example, an error message will become more friendly. 

'Invalid Value: the request body "title" is invalid - abcdefg'

will be: 

'Invalid Value [abcdef]: the request body "title" is invalid - isLength'

All updates

  • perf: remove unrequired cloning of ctx.res by @JakeChampion in #589
  • fix(deno): fixed the bug calling next() multiple times in Serve Static by @yusukebe in #594
  • test(bun): add more tests for serve static middleware by @yusukebe in #595
  • perf(serve-static): return immediately if c.finalized by @yusukebe in #596
  • feat(validator): introduce nested validation by @yusukebe in #592
  • feat(validator): has the error message per rule by @yusukebe in #603
  • fix(bearer-auth, basic-auth): handler should not be executed when unauthorized by @NOBLES5E in #608
  • fix(basic/bearer): support "nested" middleware by @yusukebe in #610
  • refactor(jwt): refactor code and add more tests by @yusukebe in #611

New Contributors

Full Changelog: v2.2.5...v2.3.0

Check out latest releases or
releases around hono 2.3.0

Don't miss a new hono release

NewReleases is sending notifications on new releases.

Get notifications