screenshot of Hpp


Express middleware to protect against HTTP Parameter Pollution attacks


The HPPExpress middleware is designed to protect against HTTP Parameter Pollution attacks. It helps prevent exploits that may bypass input validation or lead to denial of service. By selecting the last parameter value in array parameters of req.query and req.body, HPP effectively mitigates these risks.


  • Protection Against HTTP Parameter Pollution Attacks: Prevents potential exploits and ensures security.
  • Selective Parameter Value Extraction: Selects the last parameter value in array parameters for enhanced security.
  • Whitelisting Specific Parameters: Allows users to specify parameters exempt from HPP processing for customized protection.
  • Performance-Oriented Design: Developed with a focus on minimizing CPU cycles for efficient operation.
  • Contribution Guidelines: Provides a structured setup for developers to contribute to the project.


To install the HPPExpress middleware, follow these steps using npm:

npm install hpp

Add the HPP middleware to your Node.js or io.js project as shown below:

const express = require('express');
const hpp = require('hpp');

const app = express();

You can further customize the middleware by specifying options such as whitelisting specific parameters and controlling the checking of req.query and req.body.


The HPPExpress middleware offers a simple yet effective solution to protect web applications against HTTP Parameter Pollution attacks. By intelligently handling array parameters in request queries and bodies, it enhances security and reduces the risk of exploits. With its performance-oriented design and customizable features like whitelisting parameters, HPP provides a robust defense mechanism for developers working with Node.js and io.js projects.


Express.js is a simple Node.js framework for single, multi-page, and hybrid web applications.


Gulp.js is an old but popular site building tool that automates various repetitive development tasks in web development, such as compiling Sass, minifying JavaScript, and optimizing images.