/* https://www.npmjs.com/package/hpp */
npm install hpp --save
// ...
var hpp = require('hpp');
// ...
app.use(bodyParser.urlencoded()); // Make sure the body is parsed beforehand.
app.use(hpp()); // <- THIS IS THE NEW LINE
// Add your own middlewares afterwards, e.g.:
app.get('/search', function (req, res, next) { /* ... */ });
// They are safe from HTTP Parameter Pollution now.