Hono v4.5.0 is now available!

We have added three new built-in middleware. Now Hono is bringing 20 built-in middleware!

1. Basic Authentication
2. Bearer Authentication
3. Body Limit
4. Cache
5. Combine
6. Compress
7. CORS
8. CSRF Protection
9. ETag
10. IP Restriction
11. JSX Renderer
12. JWT
13. Logger
14. Method Override
15. Pretty JSON
16. Request ID
17. Secure Headers
18. Timeout
19. Timing
20. Trailing Slash

Amazing! These truly make Hono batteries-included framework.

Let's go through the new features in this release.

IP Restrict Middleware

Introducing IP Restrict Middleware. This middleware limits access to resources based on the IP address of the user.

import { Hono } from 'hono'
import { getConnInfo } from 'hono/bun'
import { ipRestriction } from 'hono/ip-restriction'

const app = new Hono()

app.use(
  '*',
  ipRestriction(getConnInfo, {
    denyList: [],
    allowList: ['127.0.0.1', '::1']
  })
)

Thanks @nakasyou!

Combine Middleware

Introducing Combine Middleware. This middleware combines multiple middleware functions into a single middleware, allowing you to create complex access controls by combining it with middleware like IP Restriction.

import { Hono } from 'hono'
import { bearerAuth } from 'hono/bearer-auth'
import { getConnInfo } from 'hono/cloudflare-workers'
import { every, some } from 'hono/combine'
import { ipRestriction } from 'hono/ip-restriction'
import { rateLimit } from '@/my-rate-limit'

const app = new Hono()

app.use(
  '*',
  some(
    every(ipRestriction(getConnInfo, { allowList: ['192.168.0.2'] }), bearerAuth({ token })),
    // If both conditions are met, rateLimit will not execute.
    rateLimit()
  )
)

app.get('/', (c) => c.text('Hello Hono!'))

Thanks @usualoma!

Request ID Middleware

Introducing Request ID Middleware. This middleware generates a unique ID for each request, which you can use in your handlers.

import { Hono } from 'hono'
import { requestId } from 'hono/request-id'

const app = new Hono()

app.use('*', requestId())

app.get('/', (c) => {
  return c.text(`Your request id is ${c.get('requestId')}`)
})

Thanks @ryuapp!

Service Worker Adapter

A Service Worker adapter has been added, making it easier to run Hono applications as Service Workers.

For example, the following code works perfectly in a browser!

import { Hono } from 'hono'
import { handle } from 'hono/service-worker'

const app = new Hono().basePath('/sw')
app.get('/', (c) => c.text('Hello World'))

self.addEventListener('fetch', handle(app))

Thanks @nakasyou!

Cloudflare Pages Middleware

The Cloudflare Pages adapter now includes a handleMiddleware function, allowing many Hono middleware to run as Cloudflare Pages middleware.

For example, to apply basic authentication, you can use the built-in middleware as shown below.

// functions/_middleware.ts
import { handleMiddleware } from 'hono/cloudflare-pages'
import { basicAuth } from 'hono/basic-auth'

export const onRequest = handleMiddleware(
  basicAuth({
    username: 'hono',
    password: 'acoolproject'
  })
)

Thanks @BarryThePenguin!

React 19 Compatibility

Hono JSX now supports React 19 compatible APIs.

For example, the following hooks have been added:

• useFormStatus()
• useActionState()
• useOptimistic()

Additionally, rendering metadata within the <head /> tag is now supported. You can include elements like <title>, <meta>, and <link> within your components.

import { Hono } from 'hono'
import { jsxRenderer } from 'hono/jsx-renderer'

const app = new Hono()

app.use(
  jsxRenderer(({ children }) => {
    return (
      <html>
        <head></head>
        <body>{children}</body>
      </html>
    )
  })
)

app.get('/top-page', (c) => {
  return c.render(
    <article>
      <title>Top Page!</title>
      <link rel="canonical" href="https://hono.dev/top-page" />
      <h1>Top Page</h1>
      <p>Hono is a great framework!</p>
    </article>
  )
})

The above will render the following HTML:

<!DOCTYPE html>
<html>
  <head>
    <title>Top Page!</title>
    <link rel="canonical" href="https://hono.dev/top-page" />
  </head>
  <body>
    <article>
      <h1>Top Page</h1>
      <p>Hono is a great framework!</p>
    </article>
  </body>
</html>

See all changes in this PR: #2960

Thanks @usualoma!

@hono/react-compat

Plus, with the new @hono/react-compat, you can alias the react or react-dom used in your project to hono/jsx without any configuration.

npm install react@npm:@hono/react-compat react-dom@npm:@hono/react-compat

Passing interface as Bindings/Variables

You can now pass interface to Bindings or Variables. This allows you to use the type definitions generated by the wrangler types command directly.

interface Env {
  MY_KV_NAMESPACE: KVNamespace
  MY_VAR: string
  MY_DB: D1Database
}

Previously, only type definitions using type could be passed to Bindings. Now, interfaces like the Env example above can be used with generics.

const app = new Hono<{
  Bindings: Env
}>()

Thanks @ottomated!

Other features

• JWT - use Signed Cookie in JWT Middleware #2989
• Vercel - add getConnInfo for Vercel Adapter #3085
• Lambda@Edge - add getConnInfo helper for Lambda@Edge #3099

All Updates

• feat(jsx/dom): export createRoot and hydrateRoot from jsx/dom/client as default by @usualoma in #2929
• feat(jsx/server): introduce jsx/dom/server module for compatibility with react-dom/server by @usualoma in #2930
• feat(jsx/dom): Improve compatibility React (useCallback, React.StrictMode) by @usualoma in #2944
• feat(jwt): Use Signed Cookie in JWT Middleware by @newarifrh in #2989
• React 19 compat by @yusukebe in #3048
• feat(adaptor): Remove unknown from AddressType by @yasuaki640 in #2958
• test(adapter/bun): fixed conninfo.test.ts by @yusukebe in #3059
• feat(jsx/dom): skip calculate children if props are the same by @usualoma in #3049
• feat(cloudflare-pages): Add Cloudflare Pages middleware handler by @BarryThePenguin in #3028
• fix(cloudflare-pages): Expose Cloudflare Pages type parameters by @BarryThePenguin in #3065
• fix(helper/conninfo): add undefined for AddressType by @yusukebe in #3112
• feat(middleware): Introduce IP Restriction Middleware by @nakasyou in #2813
• fix(ip-restriction): return the named function by @yusukebe in #3113
• feat(vercel): add getConnInfo for vercel adapter by @promer94 in #3085
• fix(vercel): remove deprecated address type by @ryuapp in #3115
• feat(lambda-edge): add getConnInfo helper for Lambda@Edge by @yasuaki640 in #3099
• feat: Introduce Service Worker Adapter by @nakasyou in #3062
• feat(middleware): introduce Request ID middleware by @ryuapp in #3082
• feat(middleware/combine): Introduce combine middleware by @usualoma in #2941
• feat(types): allow passing interfaces as Bindings / Variables by @ottomated in #3136
• chore: update comments in codes by @yusukebe in #3145
• fix(types): use ContextVariableMap in Context<any> by @yusukebe in #3134
• feat(jsx): add global attributes to interface definition by @yasuaki640 in #3142
• fix(types): remove slow types by @yusukebe in #3147
• Next by @yusukebe in #3144

New Contributors

• @newarifrh made their first contribution in #2989
• @BarryThePenguin made their first contribution in #3028
• @promer94 made their first contribution in #3085
• @ottomated made their first contribution in #3136

Full Changelog: v4.4.13...v4.5.0

What's Changed

• chore: update benchmark by @yusukebe in #3102
• chore: replace tsx with Bun by @nakasyou in #3103
• refactor(http-status): remove unnecessary line of types and use common types by @EdamAme-x in #3110
• fix(jsx): redefine scope attribute as enum type by @yasuaki640 in #3118
• fix(types): allow string[] | File[] for RPC form value by @yusukebe in #3117
• fix(validator-types): type Alignment with Web Standards by @EdamAme-x in #3120
• fix(types): app.use(path, mw) return correct schema type by @yusukebe in #3128

Full Changelog: v4.4.12...v4.4.13

What's Changed

• fix(aws-lambda): set cookies with comma is bugged by @NamesMT in #3084
• fix(types): infer path when chaining after use by @yusukebe in #3087
• chore: update outdated links in JSDoc by @ryuapp in #3089
• fix(jsx): changes behavior when download attribute is set to a boolean value. by @oon00b in #3094
• chore: add the triage label by @mvares in #3092
• feat(types): improve JSONParsed by @m-shaka in #3074
• fix(helper/streaming): remove slow types by @yusukebe in #3100
• chore(utils/jwt): add @module docs by @yusukebe in #3101

New Contributors

• @oon00b made their first contribution in #3094

Full Changelog: v4.4.11...v4.4.12

What's Changed

• refactor: remove unnecessary async keyword from router tests by @K-tecchan in #3061
• fix(validator): don't return a FormData if formData is cached by @yusukebe in #3067
• fix(client): Add Query Parameter Support to WebSocket Client in hono/client by @naporin0624 in #3066
• refactor(types): move HandlerInterface's (path, handler)s overloads down by @NamesMT in #3072
• test(helper/dev): fix typo of test case name by @yasuaki640 in #3073
• fix(stream): Fixed a problem that onAbort() is called even if request is normally closed in deno by @usualoma in #3079

New Contributors

• @K-tecchan made their first contribution in #3061

Full Changelog: v4.4.10...v4.4.11

What's Changed

• chore(jsr): export JWT utils by @ryuapp in #3056
• fix(streaming): call stream.abort() explicitly when request is aborted by @usualoma in #3042
• fix(client): set Path as the default of Original by @m-shaka in #3058

New Contributors

• @m-shaka made their first contribution in #3058

Full Changelog: v4.4.9...v4.4.10

This is a pre-release.

What's Changed

• perf(context): improve initializing Context by @yusukebe in #3046
• fix(types): correct inferring env when routes channing by @yusukebe in #3051
• docs: update the description of package.json and README by @yusukebe in #3052
• fix(timing): prevent duplicate applications by @yusukebe in #3054

Full Changelog: v4.4.8...v4.4.9

What's Changed

• fix(jsx): add an explicit type by @yusukebe in #3007
• ci: use env for codecov GitHub Actions by @yusukebe in #3010
• chore: Fix typos in JSDoc by @NicoPlyley in #3002
• fix: change to allow use of websocket options by @EdamAme-x in #2999
• perf: parseAccept without spread operator by @Jayllyz in #3003
• test: add tests for buffer.ts by @yasuaki640 in #3004
• chore: upload bun test coverage to CodeCov by @exoego in #3022
• refactor: remove unneeded import statements by @EdamAme-x in #3014
• perf(utils/buffer): use promise all for better performance by @yasuaki640 in #3031

Full Changelog: v4.4.7...v4.4.8

What's Changed

• use correct return type for c.html depending on input by @asmadsen in #2973
• test: test uncovered return statement by @yasuaki640 in #2985
• test: Update request.test.ts to remove duplicate checks by @JoaquimLey in #2984
• fix(types): env variables override ContextVariableMap by @KaelWD in #2987

New Contributors

• @asmadsen made their first contribution in #2973
• @JoaquimLey made their first contribution in #2984
• @KaelWD made their first contribution in #2987

Full Changelog: v4.4.6...v4.4.7

What's Changed

• fix(aws-lambda): handle multiple cookies in streaming responses by @KnisterPeter in #2926

Full Changelog: v4.4.5...v4.4.6