chore(express): Deprecate requireAuth() helper

[wobsoriano]

Description

The requireAuth() middleware is confusing. Developers use it expecting a 401 response for unauthenticated API requests, but it actually redirects to a configured sign-in page, producing a different response code. This mismatch leads to unexpected behavior, especially for API routes.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Deprecations

  • The requireAuth() middleware is now deprecated and will be removed in the next major version. Migrate to clerkMiddleware() combined with getAuth() for handling unauthenticated requests explicitly.

• Documentation

  • Added migration guidance with code examples showing the recommended authentication pattern.

[changeset-bot]

🦋 Changeset detected

Latest commit: b705127

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/express	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Apr 6, 2026 3:52pm

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: ASSERTIVE

Plan: Pro

Run ID: 28d7084f-9942-43c3-bb16-8064d275a055

📥 Commits

Reviewing files that changed from the base of the PR and between 26692e1 and b705127.

📒 Files selected for processing (7)

• .changeset/deprecate-require-auth.md
• packages/express/src/__tests__/clerkMiddleware.test.ts
• packages/express/src/__tests__/exports.test.ts
• packages/express/src/__tests__/getAuth.test.ts
• packages/express/src/__tests__/helpers.ts
• packages/express/src/__tests__/requireAuth.test.ts
• packages/express/src/requireAuth.ts

---

📝 Walkthrough

Walkthrough

A new Changesets entry declares a minor release for @clerk/express that deprecates the requireAuth() middleware, with removal planned for the next major version. The requireAuth.ts file is updated to emit a deprecation warning at runtime via a call to deprecated() and its JSDoc documentation is revised with a recommended alternative using clerkMiddleware() combined with getAuth(). Multiple test files are refactored to add explicit Vitest imports (describe, expect, it, beforeEach, afterEach) instead of relying on globals. A new test case is added to requireAuth.test.ts to verify the deprecation warning is triggered when requireAuth() is invoked.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: deprecating the requireAuth() middleware in the Express package. It is concise, specific, and clearly summarizes the primary objective of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@8241

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@8241

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@8241

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@8241

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@8241

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@8241

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@8241

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@8241

@clerk/express

npm i https://pkg.pr.new/@clerk/express@8241

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@8241

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@8241

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@8241

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@8241

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@8241

@clerk/react

npm i https://pkg.pr.new/@clerk/react@8241

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@8241

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@8241

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@8241

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@8241

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@8241

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@8241

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@8241

commit: b705127