Express
@expressjs.bsky.social
Fast, unopinionated, minimalist web framework for Node.js - The OG
The maintainer of one of our dependencies, debug, was the target of a phishing attack resulting in the release of [email protected] with malware.
Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps.
socket.dev/blog/npm-aut...
Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps.
socket.dev/blog/npm-aut...
npm Author Qix Compromised via Phishing Email in Major Suppl...
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
socket.dev
September 8, 2025 at 6:55 PM
The maintainer of one of our dependencies, debug, was the target of a phishing attack resulting in the release of [email protected] with malware.
Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps.
socket.dev/blog/npm-aut...
Supply chain security is all of our responsibilities. Be careful out there, and for today don't update your deps.
socket.dev/blog/npm-aut...
Reposted by Express
🔐 Is it a vulnerability, or just a misunderstood feature?
At #NodeCongress2025, I broke it down in my talk: "What is a Vulnerability and What’s Not"
Topics:
👉 Real vs. imagined risks in @nodejs.org and @expressjs.bsky.social
👉 Why #threatModels matter
🎥 Watch: gitnation.com/contents/wha...
At #NodeCongress2025, I broke it down in my talk: "What is a Vulnerability and What’s Not"
Topics:
👉 Real vs. imagined risks in @nodejs.org and @expressjs.bsky.social
👉 Why #threatModels matter
🎥 Watch: gitnation.com/contents/wha...
What is a Vulnerability and What’s Not? Making Sense of Node.js and Express Threat Models by Ulises Gascón
In this talk, we will discuss security, vulnerabilities, and how to improve your overall security. We will explore various vulnerabilities and the difference between developer errors and misconfigurat...
gitnation.com
May 19, 2025 at 6:11 AM
🔐 Is it a vulnerability, or just a misunderstood feature?
At #NodeCongress2025, I broke it down in my talk: "What is a Vulnerability and What’s Not"
Topics:
👉 Real vs. imagined risks in @nodejs.org and @expressjs.bsky.social
👉 Why #threatModels matter
🎥 Watch: gitnation.com/contents/wha...
At #NodeCongress2025, I broke it down in my talk: "What is a Vulnerability and What’s Not"
Topics:
👉 Real vs. imagined risks in @nodejs.org and @expressjs.bsky.social
👉 Why #threatModels matter
🎥 Watch: gitnation.com/contents/wha...
Reposted by Express
I’ve been maintaining @expressjs.bsky.social for over 11 months. I’m currently leading the integration of HTTP/2, as well as helping with the documentation redesign and performance improvements. If my work has helped you, consider supporting my open source work:
dub.sh/bjohansebas
dub.sh/bjohansebas
Sponsor @bjohansebas on GitHub Sponsors
Support bjohansebas's open source work
dub.sh
July 17, 2025 at 3:06 AM
I’ve been maintaining @expressjs.bsky.social for over 11 months. I’m currently leading the integration of HTTP/2, as well as helping with the documentation redesign and performance improvements. If my work has helped you, consider supporting my open source work:
dub.sh/bjohansebas
dub.sh/bjohansebas
Reposted by Express
😏 The Great Monkey-Patch Safari in @expressjs.bsky.social has begun. Join the adventure with critical hacks and hotfixes ahead!
github.com/expressjs/ex...
github.com/expressjs/ex...
The Great Monkey-Patch Safari · Issue #6669 · expressjs/express
We want to track down and document all instances of express and our core deps monkey-patching Node core, specifically it's the HTTP internals like IncomingMessage and ServerResponse where we do our...
github.com
July 31, 2025 at 9:34 AM
😏 The Great Monkey-Patch Safari in @expressjs.bsky.social has begun. Join the adventure with critical hacks and hotfixes ahead!
github.com/expressjs/ex...
github.com/expressjs/ex...
Reposted by Express
Say hello to my very old friend @expressjs.bsky.social running on @cloudflare.social workers!
August 1, 2025 at 11:37 PM
Say hello to my very old friend @expressjs.bsky.social running on @cloudflare.social workers!
Reposted by Express
Hi Express community!
We’d love your feedback on our website’s content.
✨ What topics or resources would you like us to add?
🔧 What existing content do you think we could improve?
Your input will help us make our docs even better, every idea matters!
github.com/expressjs/ex...
We’d love your feedback on our website’s content.
✨ What topics or resources would you like us to add?
🔧 What existing content do you think we could improve?
Your input will help us make our docs even better, every idea matters!
github.com/expressjs/ex...
🧑🍳 Ideas for new guides or improvements to existing content · expressjs expressjs.com · Discussion #2029
Hey folks, the Express team wants to know what content you’d like to see in the documentation — for example, topics for new guides at any level, or what content could be updated in the existing gui...
github.com
August 3, 2025 at 1:25 AM
Hi Express community!
We’d love your feedback on our website’s content.
✨ What topics or resources would you like us to add?
🔧 What existing content do you think we could improve?
Your input will help us make our docs even better, every idea matters!
github.com/expressjs/ex...
We’d love your feedback on our website’s content.
✨ What topics or resources would you like us to add?
🔧 What existing content do you think we could improve?
Your input will help us make our docs even better, every idea matters!
github.com/expressjs/ex...
Reposted by Express
We’ve cleaned up @expressjs.bsky.social ! 🧹
Deprecated some legacy packages:
🔥 csurf
🔥 connect-multiparty
🔥 path-match
More context: github.com/expressjs/di...
Blog post coming soon! 📘
Deprecated some legacy packages:
🔥 csurf
🔥 connect-multiparty
🔥 path-match
More context: github.com/expressjs/di...
Blog post coming soon! 📘
Clean up expressjs org · Issue #134 · expressjs/discussions
So while responding to #71 I also realized that there is something on the TC backlog that ideally should get done at some point: go through the repositories in the expressjs org (https://github.com...
github.com
May 14, 2025 at 6:46 PM
We’ve cleaned up @expressjs.bsky.social ! 🧹
Deprecated some legacy packages:
🔥 csurf
🔥 connect-multiparty
🔥 path-match
More context: github.com/expressjs/di...
Blog post coming soon! 📘
Deprecated some legacy packages:
🔥 csurf
🔥 connect-multiparty
🔥 path-match
More context: github.com/expressjs/di...
Blog post coming soon! 📘
Happening now!
Tomorrow we are going to have a first informal @expressjs.bsky.social Performance Working Group meeting.
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
2025-05-14 Express Performance Working Group Meeting · Issue #8 · expressjs/perf-wg
Date/Time Timezone Date/Time America/Los_Angeles Wed 14-May-2025 08:00 (08:00 AM) America/Denver Wed 14-May-2025 09:00 (09:00 AM) America/Chicago Wed 14-May-2025 10:00 (10:00 AM) America/New_York W...
github.com
May 14, 2025 at 3:12 PM
Happening now!
Reposted by Express
🥹 May is almost here, and it's officially #MaintainerMonth 🚀
I’ve helped release @expressjs.bsky.social 5.1, ship key @nodejs.org updates, lead #OpenSource security work, and reboot #Yeoman.
If you believe in supporting #devTools, consider sponsoring ❤️
👉 github.com/sponsors/Uli...
I’ve helped release @expressjs.bsky.social 5.1, ship key @nodejs.org updates, lead #OpenSource security work, and reboot #Yeoman.
If you believe in supporting #devTools, consider sponsoring ❤️
👉 github.com/sponsors/Uli...
April 30, 2025 at 1:11 PM
🥹 May is almost here, and it's officially #MaintainerMonth 🚀
I’ve helped release @expressjs.bsky.social 5.1, ship key @nodejs.org updates, lead #OpenSource security work, and reboot #Yeoman.
If you believe in supporting #devTools, consider sponsoring ❤️
👉 github.com/sponsors/Uli...
I’ve helped release @expressjs.bsky.social 5.1, ship key @nodejs.org updates, lead #OpenSource security work, and reboot #Yeoman.
If you believe in supporting #devTools, consider sponsoring ❤️
👉 github.com/sponsors/Uli...
Reposted by Express
@expressjs.bsky.social has officially surpassed 40 million weekly downloads on npm⚡
May 11, 2025 at 3:03 PM
@expressjs.bsky.social has officially surpassed 40 million weekly downloads on npm⚡
Reposted by Express
Tomorrow we are going to have a first informal @expressjs.bsky.social Performance Working Group meeting.
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
2025-05-14 Express Performance Working Group Meeting · Issue #8 · expressjs/perf-wg
Date/Time Timezone Date/Time America/Los_Angeles Wed 14-May-2025 08:00 (08:00 AM) America/Denver Wed 14-May-2025 09:00 (09:00 AM) America/Chicago Wed 14-May-2025 10:00 (10:00 AM) America/New_York W...
github.com
May 13, 2025 at 3:37 PM
Tomorrow we are going to have a first informal @expressjs.bsky.social Performance Working Group meeting.
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
If you are interested in this work, especially longer term, please come and chat. Since it was last minute we are not having an agenda, just an informal discussion.
github.com/expressjs/pe...
Reposted by Express
Finally getting around to the Performance WG setup for @expressjs.bsky.social. Anyone who is interested, please feel free to start opening issues and participating in the kickoff.
github.com/expressjs/pe...
github.com/expressjs/pe...
Working Group Charter · Issue #3 · expressjs/perf-wg
We need to outline the goals, scope, and membership guide. I can pull from the other WG's for some of the language, but we need to define the goals for the WG for sure. Here are the things I was th...
github.com
April 22, 2025 at 3:35 PM
Finally getting around to the Performance WG setup for @expressjs.bsky.social. Anyone who is interested, please feel free to start opening issues and participating in the kickoff.
github.com/expressjs/pe...
github.com/expressjs/pe...
Reposted by Express
When I started contributing to the @expressjs.bsky.social site, there were barely any PRs for docs or design.
Today, even though there’s still a lot to improve on the design side, we’ve got a great contributor base, similar to when the site’s development was sponsored by a company back in 2015
Today, even though there’s still a lot to improve on the design side, we’ve got a great contributor base, similar to when the site’s development was sponsored by a company back in 2015
April 6, 2025 at 3:49 AM
When I started contributing to the @expressjs.bsky.social site, there were barely any PRs for docs or design.
Today, even though there’s still a lot to improve on the design side, we’ve got a great contributor base, similar to when the site’s development was sponsored by a company back in 2015
Today, even though there’s still a lot to improve on the design side, we’ve got a great contributor base, similar to when the site’s development was sponsored by a company back in 2015
🚀 Exciting Announcement today!
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
[email protected]: Now the Default on npm with LTS Timeline
Express 5.1.0 is now the default on npm, and we're introducing an official LTS schedule for the v4 and v5 release lines.
expressjs.com
March 31, 2025 at 2:10 PM
🚀 Exciting Announcement today!
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Express v5 is officially "latest" and we have started the maintenance period for v4. Read more about the release and our LTS plans in our blog post: expressjs.com/2025/03/31/v...
Reposted by Express
Also hoping to call this out in our blog post. Got great reviews (thanks @naugtur.pl 🚀) by posting here yesterday, hope maybe the same will work for the blog post. Reviews welcome!
github.com/expressjs/ex...
github.com/expressjs/ex...
March 29, 2025 at 6:04 PM
Also hoping to call this out in our blog post. Got great reviews (thanks @naugtur.pl 🚀) by posting here yesterday, hope maybe the same will work for the blog post. Reviews welcome!
github.com/expressjs/ex...
github.com/expressjs/ex...
Reposted by Express
If you have a chance, please take a look at this PR which proposes some concrete details and dates.
github.com/expressjs/di...
github.com/expressjs/di...
feat(ADR): LTS Strategy by wesleytodd · Pull Request #352 · expressjs/discussions
A proposal for an LTS strategy with committed dates and next steps. Please see the goals/non-goals for this ADR.
I attempted to copy/paste without edits from all the sources we had. I admit there w...
github.com
March 28, 2025 at 10:17 PM
If you have a chance, please take a look at this PR which proposes some concrete details and dates.
github.com/expressjs/di...
github.com/expressjs/di...
Reposted by Express
With the upcoming release of @expressjs.bsky.social v5 and promoting it to latest on npm, we needed to finalize some of our support and schedule plans. Would love feedback on this plan from the ecosystem so we can do better than we have in the past on keeping folks informed and aware of the plans.
March 28, 2025 at 10:17 PM
With the upcoming release of @expressjs.bsky.social v5 and promoting it to latest on npm, we needed to finalize some of our support and schedule plans. Would love feedback on this plan from the ecosystem so we can do better than we have in the past on keeping folks informed and aware of the plans.
Reposted by Express
I want to especially thank @bjohansebas.bsky.social for all his work these past months! Not only is a lot of his work in these releases, he has also become our top contributor across the @expressjs.bsky.social project.
expressjs.github.io/statusboard/
expressjs.github.io/statusboard/
March 27, 2025 at 1:44 AM
I want to especially thank @bjohansebas.bsky.social for all his work these past months! Not only is a lot of his work in these releases, he has also become our top contributor across the @expressjs.bsky.social project.
expressjs.github.io/statusboard/
expressjs.github.io/statusboard/
Reposted by Express
For over 6 months, I've been supporting the @expressjs.bsky.social project, improving documentation and maintaining packages like compression. If my contributions have been helpful, it would be great if you could support me:
github.com/sponsors/bjo...
#OpenSource
github.com/sponsors/bjo...
#OpenSource
Sponsor @bjohansebas on GitHub Sponsors
Support bjohansebas's open source work
github.com
March 11, 2025 at 8:16 PM
For over 6 months, I've been supporting the @expressjs.bsky.social project, improving documentation and maintaining packages like compression. If my contributions have been helpful, it would be great if you could support me:
github.com/sponsors/bjo...
#OpenSource
github.com/sponsors/bjo...
#OpenSource
Reposted by Express
🚨 What's REALLY a Vulnerability? 🚨
Join me at #NodeCongress as we break down the @nodejs.org & @expressjs.bsky.social threat models 🔒✨
✅ Real-world examples
✅ Security myths busted
✅ How threat models shape bug bounties & fixes
Let’s rethink #security together! 🚀
gitnation.com/contents/wha...
Join me at #NodeCongress as we break down the @nodejs.org & @expressjs.bsky.social threat models 🔒✨
✅ Real-world examples
✅ Security myths busted
✅ How threat models shape bug bounties & fixes
Let’s rethink #security together! 🚀
gitnation.com/contents/wha...
What is a Vulnerability and What’s Not? Making Sense of Node.js and Express Threat Models by Ulises Gascón
Security isn’t just about fixing bugs; it’s about understanding the assumptions we make (and avoiding unnecessary panic). In this talk, we’ll dive into the Node.js and Express threat models, which I c...
gitnation.com
March 14, 2025 at 4:34 PM
🚨 What's REALLY a Vulnerability? 🚨
Join me at #NodeCongress as we break down the @nodejs.org & @expressjs.bsky.social threat models 🔒✨
✅ Real-world examples
✅ Security myths busted
✅ How threat models shape bug bounties & fixes
Let’s rethink #security together! 🚀
gitnation.com/contents/wha...
Join me at #NodeCongress as we break down the @nodejs.org & @expressjs.bsky.social threat models 🔒✨
✅ Real-world examples
✅ Security myths busted
✅ How threat models shape bug bounties & fixes
Let’s rethink #security together! 🚀
gitnation.com/contents/wha...
[email protected] published 🚀
The most notable change is that application/octet-stream is now marked as compressible. When we update this in the compression middleware this will mean some nice savings over the wire in your express apps.
github.com/jshttp/mime-...
The most notable change is that application/octet-stream is now marked as compressible. When we update this in the compression middleware this will mean some nice savings over the wire in your express apps.
github.com/jshttp/mime-...
Release v1.54.0 · jshttp/mime-db
What's Changed
Add some MS-related extensions and types by @ipetrouchtchak-fi in #336
Update custom-types.json by @robertsky in #343
docs: notice about semver and data sources by @wesleytodd in #3...
github.com
March 18, 2025 at 3:18 PM
[email protected] published 🚀
The most notable change is that application/octet-stream is now marked as compressible. When we update this in the compression middleware this will mean some nice savings over the wire in your express apps.
github.com/jshttp/mime-...
The most notable change is that application/octet-stream is now marked as compressible. When we update this in the compression middleware this will mean some nice savings over the wire in your express apps.
github.com/jshttp/mime-...