Fast, unopinionated, minimalist web framework for node.
Installations
npm install expressDeveloper Guide
Typescript
No
Module System
N/A
Min. Node Version
>= 0.10.0
Node Version
20.16.0
NPM Version
10.8.1
Score
59
Supply Chain
96.6
Quality
90.8
Maintenance
100
Vulnerability
100
License
Releases
Contributors
Languages
JavaScript (99.89%)
Makefile (0.07%)
Shell (0.05%)
Developer
Download Statistics
Total Downloads
4,502,938,155
Last Day
1,495,784
Last Week
32,836,752
Last Month
137,946,014
Last Year
1,567,170,656
GitHub Statistics
65,938 Stars
6,003 Commits
16,754 Forks
1,696 Watching
15 Branches
327 Contributors
Bundle Size
580.32 kB
Minified
231.50 kB
Minified + Gzipped
Sponsor this package
Maintainers
Package Meta Information
Latest Version
4.21.2
Package Id
express@4.21.2
Unpacked Size
216.04 kB
Size
56.66 kB
File Count
16
NPM Version
10.8.1
Node Version
20.16.0
Publised On
05 Dec 2024
Total Downloads
Cumulative downloads
Total Downloads
4,502,938,155
Last day
-7.7%
1,495,784
Compared to previous day
Last week
-3.7%
32,836,752
Compared to previous week
Last month
-8.4%
137,946,014
Compared to previous month
Last year
8.5%
1,567,170,656
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
31
Fast, unopinionated, minimalist web framework for Node.js.
This project has a Code of Conduct.
Table of contents
- Installation
- Features
- Docs & Community
- Quick Start
- Running Tests
- Philosophy
- Examples
- Contributing to Express
- TC (Technical Committee)
- Triagers
- License
1const express = require('express') 2const app = express() 3 4app.get('/', function (req, res) { 5 res.send('Hello World') 6}) 7 8app.listen(3000)
Installation
This is a Node.js module available through the npm registry.
Before installing, download and install Node.js. Node.js 0.10 or higher is required.
If this is a brand new project, make sure to create a package.json first with
the npm init command.
Installation is done using the
npm install command:
1$ npm install express
Follow our installing guide for more information.
Features
- Robust routing
- Focus on high performance
- Super-high test coverage
- HTTP helpers (redirection, caching, etc)
- View system supporting 14+ template engines
- Content negotiation
- Executable for generating applications quickly
Docs & Community
- Website and Documentation - [website repo]
- #express on Libera Chat IRC
- GitHub Organization for Official Middleware & Modules
- Visit the Wiki
- Google Group for discussion
- Gitter for support and discussion
PROTIP Be sure to read Migrating from 3.x to 4.x as well as New features in 4.x.
Quick Start
The quickest way to get started with express is to utilize the executable express(1) to generate an application as shown below:
Install the executable. The executable's major version will match Express's:
1$ npm install -g express-generator@4
Create the app:
1$ express /tmp/foo && cd /tmp/foo
Install dependencies:
1$ npm install
Start the server:
1$ npm start
View the website at: http://localhost:3000
Philosophy
The Express philosophy is to provide small, robust tooling for HTTP servers, making it a great solution for single page applications, websites, hybrids, or public HTTP APIs.
Express does not force you to use any specific ORM or template engine. With support for over 14 template engines via Consolidate.js, you can quickly craft your perfect framework.
Examples
To view the examples, clone the Express repo and install the dependencies:
1$ git clone https://github.com/expressjs/express.git --depth 1 2$ cd express 3$ npm install
Then run whichever example you want:
1$ node examples/content-negotiation
Contributing
The Express.js project welcomes all constructive contributions. Contributions take many forms, from code for bug fixes and enhancements, to additions and fixes to documentation, additional tests, triaging incoming pull requests and issues, and more!
See the Contributing Guide for more technical details on contributing.
Security Issues
If you discover a security vulnerability in Express, please see Security Policies and Procedures.
Running Tests
To run the test suite, first install the dependencies, then run npm test:
1$ npm install 2$ npm test
People
The original author of Express is TJ Holowaychuk
TC (Technical Committee)
- UlisesGascon - Ulises Gascón (he/him)
- jonchurch - Jon Church
- wesleytodd - Wes Todd
- LinusU - Linus Unnebäck
- blakeembrey - Blake Embrey
- sheplu - Jean Burellier
- crandmck - Rand McKinney
- ctcpip - Chris de Almeida
TC emeriti members
TC emeriti members
- dougwilson - Douglas Wilson
- hacksparrow - Hage Yaapa
- jonathanong - jongleberry
- niftylettuce - niftylettuce
- troygoode - Troy Goode
Triagers
- aravindvnair99 - Aravind Nair
- carpasse - Carlos Serrano
- CBID2 - Christine Belzie
- enyoghasim - David Enyoghasim
- UlisesGascon - Ulises Gascón (he/him)
- mertcanaltin - Mert Can Altin
- 0ss - Salah
- import-brain - Eric Cheng (he/him)
- 3imed-jaberi - Imed Jaberi
- dakshkhetan - Daksh Khetan (he/him)
- lucasraziel - Lucas Soares Do Rego
- IamLizu - S M Mahmudul Hasan (he/him)
- Sushmeet - Sushmeet Sunger
Triagers emeriti members
Emeritus Triagers
- AuggieH - Auggie Hudak
- G-Rath - Gareth Jones
- MohammadXroid - Mohammad Ayashi
- NawafSwe - Nawaf Alsharqi
- NotMoni - Moni
- VigneshMurugan - Vignesh Murugan
- davidmashe - David Ashe
- digitaIfabric - David
- e-l-i-s-e - Elise Bonner
- fed135 - Frederic Charette
- firmanJS - Firman Abdul Hakim
- getspooky - Yasser Ameur
- ghinks - Glenn
- ghousemohamed - Ghouse Mohamed
- gireeshpunathil - Gireesh Punathil
- jake32321 - Jake Reed
- jonchurch - Jon Church
- lekanikotun - Troy Goode
- marsonya - Lekan Ikotun
- mastermatt - Matt R. Wilson
- maxakuru - Max Edell
- mlrawlings - Michael Rawlings
- rodion-arr - Rodion Abdurakhimov
- sheplu - Jean Burellier
- tarunyadav1 - Tarun yadav
- tunniclm - Mike Tunnicliffe
License
No vulnerabilities found.
Reason
23 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: Security.md:1
- Info: Found linked content: Security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: Security.md:1
- Info: Found text in security policy: Security.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 23 commits out of 30 are checked with a SAST tool
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:32
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:24
- Warn: no topLevel permission defined: .github/workflows/legacy.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:105: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:115: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/legacy.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/legacy.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/expressjs/express/legacy.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:37
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:69
- Warn: npmCommand not pinned by hash: .github/workflows/legacy.yml:52
- Info: 3 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7.2
/10
Last Scanned on 2024-12-16
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More