Upgrade 4.x -> 5.x

aka "The ESM Only Update"

Version 5.x of Middy no longer supports Node.js versions 16.x. You are highly encouraged to move to Node.js 20.x.

Notable changes

Middy no longer support Common JS modules.
Update to use TypeScript v5 along with a refactor to most packages
Update all errors to be consistent new Error('message', { cause: { package:'@middy/***', data:*** } })
If using multiple http-*-body-parsers on the same endpoint you'll need to set disableContentTypeError:true

Why we deprecated CJS

ESM has been well supported in Lambda for almost 2 years now
ESM is almost 2x faster than CJS at p95 Using Node.js ES modules and top-level await in AWS Lambda
Maintainability; Maintaining a package to work with every transpilers and build tools that are constantly changing over time is hard and time consuming.

If you're not able to upgrade your codebase to using ESM yet, that's okay, v4.x is super stable and support CJS.

Core

Updated plugin.timeoutEarlyResponse(...) to throw new error with name TimeoutError to match new AbortSignal.timeout().

Util

No change

Middleware

appconfig

Update SDK to use newer appconfigdata client Breaking Change

cloudwatch-metrics

No change

do-not-wait-for-empty-event-loop

No change

error-logger

Change logger to have request passed in instead of request.error by default to allow access request.context and request.event Breaking Change

event-normalizer

No change

http-content-encoding

Use preferredLanguage from context instead of event (See http-content-negotiation). Breaking Change

http-content-negotiation

Moved preferred* from event to context Breaking Change

http-cors

No change

http-error-handler

Will return 500 for all unhandled errors thrown Breaking Change

http-event-normalizer

Will no longer throw an error when HTTP type can't be determined Breaking Change

http-header-normalizer

No change

http-json-body-parser

Change disableContentTypeError to false by default Breaking Change

http-multipart-body-parser

Change disableContentTypeError to false by default Breaking Change

http-partial-response

No change

http-response-serializer

Removed parsing of Accept header in favour of using @middy/http-content-negotiation Breaking Change

http-router

No change

http-security-headers

No change

http-urlencode-body-parser

Change disableContentTypeError to false by default Breaking Change

http-urlencode-path-parser

No change

input-output-logger

Updated to use structuredClone

rds-signer

No change

s3-object-response

Refactored to use fetch over https. context now returns s3ObjectFetch to allow more control over how it's used. Breaking Change

secrets-manager

No change

service-discovery

No change

sqs-partial-batch-failure

Will now catch unhandled errors and set all messages to failed, preventing infinite loops Breaking Change

ssm

No change

sts

No change

validator

Use preferredLanguage from context instead of event (See http-content-negotiation).
ajv-cmd is no longer a required dependency, if you're pre-transpiling you'll need to run npm i ajv-cmd.

warmup

No change

ws-json-body-parser

Remove inclusion of rawBody from event Breaking Change

ws-response

No change

ws-router

No change

Notes

None

Notable changes​

Why we deprecated CJS​

Core​

Util​

Middleware​

Notes​

Notable changes

Why we deprecated CJS

Core

Util

Middleware

Notes