This expression is not callable.

Question

This expression is not callable.

csulit opened this issue 3 years ago · comments

Christian Angelo M Sulit commented 3 years ago

src/main.ts:48:11 - error TS2349: This expression is not callable.
Type 'typeof import("C:/Users/ChristianAngeloSulit/Documents/GitHub/hris_system/hris-backend/node_modules/helmet/dist/index")' has no call signatures.

48 app.use(helmet());

Evan Hahn · Answer 1 · Mon Jan 03 2022 08:37:54 GMT+0800 (China Standard Time)

Sorry about this!

Could you create a small sample app that demonstrates the problem? Also, what version of Helmet are you using?

Christian Angelo M Sulit · Answer 2 · Mon Jan 03 2022 08:45:27 GMT+0800 (China Standard Time)

Sorry about this!

Could you create a small sample app that demonstrates the problem? Also, what version of Helmet are you using?

v5.0.0

Could you create a small sample app that demonstrates the problem?: sure will upload it later.

import { ValidationPipe } from '@nestjs/common';
import { NestFactory } from '@nestjs/core';
import { NestExpressApplication } from '@nestjs/platform-express';
import * as compression from 'compression';
import * as cookieParser from 'cookie-parser';
import * as helmet from 'helmet';
import * as hpp from 'hpp';
import * as xss from 'xss-clean';
import { AppModule } from './app.module';
import TransformInterceptor from './common/interceptor/transform.interceptor';
import HttpExceptionFilter from './common/serializer/exception/http.exception';
import PrismaExceptionFilter from './common/serializer/exception/prisma.exception';
import { PrismaClientService } from './prisma-client/prisma-client.service';

async function bootstrap() {
  const app = await NestFactory.create<NestExpressApplication>(AppModule);

  app.useGlobalFilters(new HttpExceptionFilter());
  app.useGlobalFilters(new PrismaExceptionFilter());
  app.useGlobalInterceptors(new TransformInterceptor());

  if (process.env.NODE_ENV === 'development') {
    app.setGlobalPrefix('api');
  }

  app.useGlobalPipes(
    new ValidationPipe({
      whitelist: true,
      transform: true,
      forbidNonWhitelisted: true,
    }),
  );

  app.enableCors({
    origin: ['http://localhost:3000'],
    methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS', 'HEAD'],
    credentials: true,
  });

  app.use(
    hpp({
      whitelist: [],
    }),
  );

  app.use(cookieParser());

  app.use(helmet());

  app.use(xss());
  app.use(compression());

  const prismaClientService: PrismaClientService = app.get(PrismaClientService);

  prismaClientService.enableShutdownHooks(app);

  await app.listen(process.env.PORT || 4001);
}
bootstrap();

Christian Angelo M Sulit · Answer 3 · Mon Jan 03 2022 12:17:06 GMT+0800 (China Standard Time)

@EvanHahn this solves the issue.

Lars Hvam · Answer 4 · Mon Jan 03 2022 15:01:37 GMT+0800 (China Standard Time)

Same problem here, using typescript, following the quick start, https://helmetjs.github.io with app.use(helmet());

Evan Hahn · Answer 5 · Mon Jan 03 2022 23:05:31 GMT+0800 (China Standard Time)

tl;dr: change your import.

-import * as helmet from 'helmet';
+import helmet from 'helmet';

 // ...

 app.use(helmet());

I believe this is working as expected. This kind of import should never work:

// This should not work:
import * as foo from 'my-example-import';
foo();

That's because import * imports the whole package as a namespace. TypeScript sometimes lets you get away with this, but it's not technically valid JavaScript as far as I understand.

You can fix it in one of two ways:

Import Helmet's default export:

import helmet from 'helmet';

// ...

app.use(helmet());

Import Helmet as a namespace, then use its subpackages. Be careful not to forget any! (This is the same as what @csulit suggested.)

import * as helmet from 'helmet';

// ...

app.use(helmet.contentSecurityPolicy());
app.use(helmet.dnsPrefetchControl());
// ...

I'm going to close this issue because I think things are working as intended, but let me know if that's wrong and I can reopen.