Gathering detailed insights and metrics for express
Gathering detailed insights and metrics for express
Gathering detailed insights and metrics for express
Gathering detailed insights and metrics for express
Express
This package was published as a result of a bug, please use the [express](https://www.npmjs.com/package/express) package instead.
@types/express
TypeScript definitions for express
@types/express-serve-static-core
TypeScript definitions for express-serve-static-core
conventional-changelog-express
Express preset for conventional-changelog.
Fast, unopinionated, minimalist web framework for node.
npm install express
Typescript
Module System
Min. Node Version
Node Version
NPM Version
59
Supply Chain
96.6
Quality
89.5
Maintenance
100
Vulnerability
100
License
Updated on 05 Dec 2024
Minified
Minified + Gzipped
JavaScript (99.89%)
Makefile (0.07%)
Shell (0.05%)
Cumulative downloads
Total Downloads
Last day
7.4%
Compared to previous day
Last week
-10.6%
Compared to previous week
Last month
6.4%
Compared to previous month
Last year
7.3%
Compared to previous year
31
Fast, unopinionated, minimalist web framework for Node.js.
This project has a Code of Conduct.
1const express = require('express') 2const app = express() 3 4app.get('/', function (req, res) { 5 res.send('Hello World') 6}) 7 8app.listen(3000)
This is a Node.js module available through the npm registry.
Before installing, download and install Node.js. Node.js 0.10 or higher is required.
If this is a brand new project, make sure to create a package.json
first with
the npm init
command.
Installation is done using the
npm install
command:
1$ npm install express
Follow our installing guide for more information.
PROTIP Be sure to read Migrating from 3.x to 4.x as well as New features in 4.x.
The quickest way to get started with express is to utilize the executable express(1)
to generate an application as shown below:
Install the executable. The executable's major version will match Express's:
1$ npm install -g express-generator@4
Create the app:
1$ express /tmp/foo && cd /tmp/foo
Install dependencies:
1$ npm install
Start the server:
1$ npm start
View the website at: http://localhost:3000
The Express philosophy is to provide small, robust tooling for HTTP servers, making it a great solution for single page applications, websites, hybrids, or public HTTP APIs.
Express does not force you to use any specific ORM or template engine. With support for over 14 template engines via Consolidate.js, you can quickly craft your perfect framework.
To view the examples, clone the Express repo and install the dependencies:
1$ git clone https://github.com/expressjs/express.git --depth 1 2$ cd express 3$ npm install
Then run whichever example you want:
1$ node examples/content-negotiation
The Express.js project welcomes all constructive contributions. Contributions take many forms, from code for bug fixes and enhancements, to additions and fixes to documentation, additional tests, triaging incoming pull requests and issues, and more!
See the Contributing Guide for more technical details on contributing.
If you discover a security vulnerability in Express, please see Security Policies and Procedures.
To run the test suite, first install the dependencies, then run npm test
:
1$ npm install 2$ npm test
The original author of Express is TJ Holowaychuk
Stable Version
5
4/10
Summary
Express ressource injection
Affected Versions
<= 3.21.4
Patched Versions
6.1/10
Summary
Express.js Open Redirect in malformed URLs
Affected Versions
>= 5.0.0-alpha.1, < 5.0.0-beta.3
Patched Versions
5.0.0-beta.3
6.1/10
Summary
Express.js Open Redirect in malformed URLs
Affected Versions
< 4.19.2
Patched Versions
4.19.2
6.1/10
Summary
No Charset in Content-Type Header in express
Affected Versions
>= 4.0.0, < 4.5.0
Patched Versions
4.5.0
6.1/10
Summary
No Charset in Content-Type Header in express
Affected Versions
< 3.11.0
Patched Versions
3.11.0
3
4.7/10
Summary
Express Open Redirect vulnerability
Affected Versions
>= 3.4.5, < 4.0.0-rc1
Patched Versions
4.0.0-rc1
5/10
Summary
express vulnerable to XSS via response.redirect()
Affected Versions
>= 5.0.0-alpha.1, < 5.0.0
Patched Versions
5.0.0
5/10
Summary
express vulnerable to XSS via response.redirect()
Affected Versions
< 4.20.0
Patched Versions
4.20.0
Reason
30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
Reason
all changesets reviewed
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
Reason
SAST tool detected but not run on all commits
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More