Joitor is a middleware that helps validate body, headers, cookies, params and query in express application using joi validation.

Usage no npm install needed!

<script type="module">
  import joitor from '';


Joitor · GitHub license npm version Build Status NPM downloadscodecov

Joitor is a middleware that helps validate body, headers, cookies, params and query in express application using Joi validation.

Table of Contents


npm install joitor


  • body
  • cookies
  • headers
  • query
  • params


const express = require('express');
const bodyParser = require('body-parser');
const http = require('http');
const cookieParser = require('cookie-parser');
const validate = require('joitor');
const Joi = require('@hapi/joi');

const app = express();

app.use(bodyParser.urlencoded({ extended: false }));

const signupValidation = {
  body: {
    email: Joi.string().email().required(),

    password: Joi.string().min(6).max(256).required(),
};'/signup', validate(signupValidation), (req, res) => res.status(200).send());

const server = http.createServer(app);
server.listen(3000, () => console.log(`Server is running on http://localhost:3000`));

module.exports = app;


By default, Joi don't allow object to contain unknown keys which, they are ignored. If an object can contain unknown keys, pass the following keys: allowUnknown: true. See an example below:

const signupValidation = {
  body: {
    allowUnknown: true,

    email: Joi.string().email().required(),

    password: Joi.string().min(6).max(256).required(),


npm install
npm test


Custom error status

By default, Joitor returns 400 error status and Bad Request text. If you want to change them you can pass the second argument to the validate function, For example:

// some code
  validate(signupValidation, { status: 409, statusText: 'Conflict' }),
  (req, res) => res.status(200).send(),

// some code

Custom handler

Joitor provides his own type of error. With it you can manually handle the error. For example:

// some code

const validate = require('joitor');

// some code

app.use(function (err, req, res, next) {
  if (err instanceof validate.JoitorError) {
    // handler for the error
    return res.status(err.status || 400).json(err);


Examples of errors

  status: 400,
  statusText: 'Bad Request',
  errors: {
    body: {
      email: '"email" is required',
      password: '"password" is required'