How to use helmet.js from typescript?

Question

It is pretty easy to use helmet from pure js per documentation:

const express = require('express')
const helmet = require('helmet')

const app = express()

app.use(helmet())

But how can I use it from typescript? Typings file exports a bunch of stuff, one of which is helmet interface, which cannot be called as a function.. I can import it like this, but have no idea what to do next, what should I pass to app.use?

import * as helmet from 'helmet'

I have imported the latest version of both helmet and typings:

"@types/helmet": "0.0.43",
"helmet": "^3.18.0"

I'm [in the process of rewriting Helmet in TypeScript](https://github.com/orgs/helmetjs/projects/2). It'll be a little while before I'm done, but keep this in mind if you're looking at this question in a few months or later. — Evan Hahn, May 13 '19 at 18:46

Eyal Israel · Answer 1 · 2019-12-22T19:11:28.490

16

terminal:

npm install helmet
npm install @types/helmet --save-dev

app.ts:

import Helmet from "helmet";

const app = express();
app.use(Helmet());

helmet middleware should be the first thing you activate once you initialized express application object. Also note the titlecase name

edited Dec 22 '19 at 19:11

answered Dec 22 '19 at 18:58

Eyal Israel

257
4
9

2

I am getting `TypeError: helmet_1.default is not a function` helmet@4.1.1 and @types/helmet@0.0.48 – hi im zvaehn Oct 13 '20 at 12:05
1

`npm WARN deprecated @types/helmet@4.0.0: This is a stub types definition. helmet provides its own type definitions, so you do not need this installed.` – Lee Goddard May 05 '23 at 13:07

ddsultan · Answer 2 · 2022-07-18T09:48:16.653

10

As of 08.05.2021 with helmet 4.6.0 I am able to do the following in a Typescript project without any types installation:

import helmet from 'helmet';
...

app.use(helmet());

Just in case for anyone struggling like me.

edited Jul 18 '22 at 09:48

answered May 08 '21 at 13:46

ddsultan

2,027
1
19
19

1

Hmm, I'm getting in `4.6.1`: TS2769: No overload matches this call. The last overload gave the following error. Argument of type '(req: IncomingMessage, res: ServerResponse, next: (err?: unknown) => void) => void' is not assignable to parameter of type 'PathParams' – agoldev Jul 07 '21 at 12:20
@agoldev, could you please provide some context with more details? Maybe something reproducible – ddsultan Jul 07 '21 at 12:50
I fixed it. For me it was deleting the `yarn.lock` and re-install using `yarn`. Previous attempts to delete node_modules folder and `yarn` didn't succeed. Thanks for your help. – agoldev Jul 07 '21 at 13:04
Happy for you! My pleasure :) – ddsultan Jul 07 '21 at 13:08

score 5 · Accepted Answer · answered May 13 '19 at 16:54

5

Its exactly how you can use, just call helmet in the app.use method

import * as helmet from "helmet"; // Security

....


    /**
     * Create our app w/ express
     */
    this.app = express();
    this.app.use(helmet());

For more details visit this link for a express application with typescript

answered May 13 '19 at 16:54

Murtaza Hussain

3,851
24
30

Thanks, that worked! Still getting my head around js and typescript, calling interface as a function is an interesting concept. – eugenekr May 13 '19 at 17:42
4

Have things changed with helmet v 4.0.0 or @types/helmet v 0.0.47? I upgraded my helmet version from v 3.23.3 and now I get a compile error "This expression is not callable." for the "helmet()" – Aug 11 '20 at 02:14

score 4 · Answer 4 · answered Nov 26 '22 at 08:09

4

npm install helmet
npm install @types/helmet --save-dev

I imported as

import * as helmet from 'helmet';

and later added it as

app.use(helmet.default());

helmet.default() seemed to do the trick instead of helmet()

answered Nov 26 '22 at 08:09

Marcio

612
6
20

This does work. One may refer to this thread for why: https://github.com/helmetjs/helmet/issues/343#issuecomment-1006259994 – Khushal Vyas Jan 27 '23 at 13:26

score 3 · Answer 5 · answered May 07 '21 at 03:53

According to @types/helmet, the package has been deprecated because helmet now has its own type definitions. So I won't advise you to install the @types/helmet package.

To fix the issue, remove the helmet dependency from your package.json file, then install the latest version of helmet by running:

npm i helmet

Dmitriy Grape · Answer 6 · 2022-01-09T17:05:36.333

2

Enable the esModuleInterop option in tsconfig.json and the warning will disappear.

After that, you don't need to import * as helmet.

edited Jan 09 '22 at 17:05

answered Jan 09 '22 at 14:04

Dmitriy Grape

23
5

1

As it’s currently written, your answer is unclear. Please [edit] to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 09 '22 at 15:17

score 2 · Answer 7 · answered Jul 15 '22 at 04:31

2

For helmet version 5.1.0, you need to import it this way:

import helmet from 'helmet'

in order to avoid the following warning:

This expression is not callable.

answered Jul 15 '22 at 04:31

Mark W.

25
2

this was the solution for me. – Byron2017 Apr 13 '23 at 16:46

score 0 · Answer 8 · answered Apr 09 '21 at 22:11

0

import helmet this way:

import * as helmet from 'helmet';

to avoid the following warning:

TypeError: helmet_1.default is not a function

answered Apr 09 '21 at 22:11

Fraberg

1

How to use helmet.js from typescript?

8 Answers8