Socket
Socket
Sign inDemoInstall

express

Package Overview
Dependencies
Maintainers
3
Versions
279
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

express - npm Package Compare versions

Comparing version 4.17.1 to 4.18.2

21

lib/application.js

@@ -32,2 +32,9 @@ /*!

var setPrototypeOf = require('setprototypeof')
/**
* Module variables.
* @private
*/
var hasOwnProperty = Object.prototype.hasOwnProperty
var slice = Array.prototype.slice;

@@ -280,3 +287,3 @@

* though note that it aliases this method as `ejs.__express` internally
* so if you're using ".ejs" extensions you dont need to do anything.
* so if you're using ".ejs" extensions you don't need to do anything.
*

@@ -357,3 +364,13 @@ * Some template engines do not follow this convention, the

// app.get(setting)
return this.settings[setting];
var settings = this.settings
while (settings && settings !== Object.prototype) {
if (hasOwnProperty.call(settings, setting)) {
return settings[setting]
}
settings = Object.getPrototypeOf(settings)
}
return undefined
}

@@ -360,0 +377,0 @@

2

lib/request.js

@@ -254,3 +254,3 @@ /*!

* Check if the incoming request contains the "Content-Type"
* header field, and it contains the give mime `type`.
* header field, and it contains the given mime `type`.
*

@@ -257,0 +257,0 @@ * Examples:

87

lib/response.js

@@ -17,2 +17,3 @@ /*!

var contentDisposition = require('content-disposition');
var createError = require('http-errors')
var deprecate = require('depd')('express');

@@ -68,2 +69,5 @@ var encodeUrl = require('encodeurl');

res.status = function status(code) {
if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) {
deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead')
}
this.statusCode = code;

@@ -140,3 +144,3 @@ return this;

this.statusCode = chunk;
chunk = statuses[chunk]
chunk = statuses.message[chunk]
}

@@ -219,2 +223,9 @@

// alter headers for 205
if (this.statusCode === 205) {
this.set('Content-Length', '0')
this.removeHeader('Transfer-Encoding')
chunk = ''
}
if (req.method === 'HEAD') {

@@ -291,5 +302,5 @@ // skip body for HEAD

if (arguments.length === 2) {
// res.json(body, status) backwards compat
// res.jsonp(body, status) backwards compat
if (typeof arguments[1] === 'number') {
deprecate('res.jsonp(obj, status): Use res.status(status).json(obj) instead');
deprecate('res.jsonp(obj, status): Use res.status(status).jsonp(obj) instead');
this.statusCode = arguments[1];

@@ -330,6 +341,11 @@ } else {

// replace chars not allowed in JavaScript that are in JSON
body = body
.replace(/\u2028/g, '\\u2028')
.replace(/\u2029/g, '\\u2029');
if (body === undefined) {
// empty argument
body = ''
} else if (typeof body === 'string') {
// replace chars not allowed in JavaScript that are in JSON
body = body
.replace(/\u2028/g, '\\u2028')
.replace(/\u2029/g, '\\u2029')
}

@@ -360,3 +376,3 @@ // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"

res.sendStatus = function sendStatus(statusCode) {
var body = statuses[statusCode] || String(statusCode)
var body = statuses.message[statusCode] || String(statusCode)

@@ -374,3 +390,3 @@ this.statusCode = statusCode;

* The callback `callback(err)` is invoked when the transfer is complete
* or when an error occurs. Be sure to check `res.sentHeader`
* or when an error occurs. Be sure to check `res.headersSent`
* if you wish to attempt responding, as the header and some data

@@ -457,3 +473,3 @@ * may have already been transferred.

* The callback `callback(err)` is invoked when the transfer is complete
* or when an error occurs. Be sure to check `res.sentHeader`
* or when an error occurs. Be sure to check `res.headersSent`
* if you wish to attempt responding, as the header and some data

@@ -531,3 +547,3 @@ * may have already been transferred.

* when the data transfer is complete, or when an error has
* ocurred. Be sure to check `res.headersSent` if you plan to respond.
* occurred. Be sure to check `res.headersSent` if you plan to respond.
*

@@ -559,2 +575,9 @@ * Optionally providing an `options` object to use with `res.sendFile()`.

// support optional filename, where options may be in it's place
if (typeof filename === 'object' &&
(typeof options === 'function' || options === undefined)) {
name = null
opts = filename
}
// set Content-Disposition when file is sent

@@ -581,3 +604,5 @@ var headers = {

// Resolve the full path for sendFile
var fullPath = resolve(path);
var fullPath = !opts.root
? resolve(path)
: path

@@ -638,3 +663,3 @@ // send file

*
* 'appliation/json': function(){
* 'application/json': function () {
* res.send({ message: 'hey' });

@@ -676,5 +701,4 @@ * }

var fn = obj.default;
if (fn) delete obj.default;
var keys = Object.keys(obj);
var keys = Object.keys(obj)
.filter(function (v) { return v !== 'default' })

@@ -690,9 +714,8 @@ var key = keys.length > 0

obj[key](req, this, next);
} else if (fn) {
fn();
} else if (obj.default) {
obj.default(req, this, next)
} else {
var err = new Error('Not Acceptable');
err.status = err.statusCode = 406;
err.types = normalizeTypes(keys).map(function(o){ return o.value });
next(err);
next(createError(406, {
types: normalizeTypes(keys).map(function (o) { return o.value })
}))
}

@@ -744,3 +767,3 @@

: Array.isArray(val) ? [prev].concat(val)
: [prev, val];
: [prev, val]
}

@@ -864,5 +887,9 @@

if ('maxAge' in opts) {
opts.expires = new Date(Date.now() + opts.maxAge);
opts.maxAge /= 1000;
if (opts.maxAge != null) {
var maxAge = opts.maxAge - 0
if (!isNaN(maxAge)) {
opts.expires = new Date(Date.now() + maxAge)
opts.maxAge = Math.floor(maxAge / 1000)
}
}

@@ -948,3 +975,3 @@

text: function(){
body = statuses[status] + '. Redirecting to ' + address
body = statuses.message[status] + '. Redirecting to ' + address
},

@@ -954,3 +981,3 @@

var u = escapeHtml(address);
body = '<p>' + statuses[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
},

@@ -1130,3 +1157,3 @@

* @param {*} value
* @param {function} replaces
* @param {function} replacer
* @param {number} spaces

@@ -1145,3 +1172,3 @@ * @param {boolean} escape

if (escape) {
if (escape && typeof json === 'string') {
json = json.replace(/[<>&]/g, function (c) {

@@ -1148,0 +1175,0 @@ switch (c.charCodeAt(0)) {

39

lib/router/index.js

@@ -111,4 +111,4 @@ /*!

if (name[0] === ':') {
deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.substr(1)) + ', fn) instead');
name = name.substr(1);
deprecate('router.param(' + JSON.stringify(name) + ', fn): Use router.param(' + JSON.stringify(name.slice(1)) + ', fn) instead')
name = name.slice(1)
}

@@ -146,2 +146,3 @@

var slashAdded = false;
var sync = 0
var paramcalled = {};

@@ -185,3 +186,3 @@

if (slashAdded) {
req.url = req.url.substr(1);
req.url = req.url.slice(1)
slashAdded = false;

@@ -193,3 +194,3 @@ }

req.baseUrl = parentUrl;
req.url = protohost + removed + req.url.substr(protohost.length);
req.url = protohost + removed + req.url.slice(protohost.length)
removed = '';

@@ -210,2 +211,7 @@ }

// max sync stack
if (++sync > 100) {
return setImmediate(next, err)
}
// get pathname of request

@@ -259,3 +265,2 @@ var path = getPathname(req);

match = false;
continue;
}

@@ -283,10 +288,10 @@ }

if (err) {
return next(layerError || err);
next(layerError || err)
} else if (route) {
layer.handle_request(req, res, next)
} else {
trim_prefix(layer, layerError, layerPath, path)
}
if (route) {
return layer.handle_request(req, res, next);
}
trim_prefix(layer, layerError, layerPath, path);
sync = 0
});

@@ -297,2 +302,8 @@ }

if (layerPath.length !== 0) {
// Validate path is a prefix match
if (layerPath !== path.slice(0, layerPath.length)) {
next(layerError)
return
}
// Validate path breaks on a path separator

@@ -306,3 +317,3 @@ var c = path[layerPath.length]

removed = layerPath;
req.url = protohost + req.url.substr(protohost.length + removed.length);
req.url = protohost + req.url.slice(protohost.length + removed.length)

@@ -553,6 +564,6 @@ // Ensure leading slash

: url.length
var fqdnIndex = url.substr(0, pathLength).indexOf('://')
var fqdnIndex = url.slice(0, pathLength).indexOf('://')
return fqdnIndex !== -1
? url.substr(0, url.indexOf('/', 3 + fqdnIndex))
? url.substring(0, url.indexOf('/', 3 + fqdnIndex))
: undefined

@@ -559,0 +570,0 @@ }

21

lib/router/route.js

@@ -101,2 +101,4 @@ /*!

var stack = this.stack;
var sync = 0
if (stack.length === 0) {

@@ -126,12 +128,17 @@ return done();

var layer = stack[idx++];
// max sync stack
if (++sync > 100) {
return setImmediate(next, err)
}
var layer = stack[idx++]
// end of layers
if (!layer) {
return done(err);
return done(err)
}
if (layer.method && layer.method !== method) {
return next(err);
}
if (err) {
next(err)
} else if (err) {
layer.handle_error(err, req, res, next);

@@ -141,2 +148,4 @@ } else {

}
sync = 0
}

@@ -143,0 +152,0 @@ };

12

lib/utils.js

@@ -123,2 +123,3 @@ /*!

* @param {String} str
* @param {Number} index
* @return {Object}

@@ -161,2 +162,3 @@ * @api private

case true:
case 'weak':
fn = exports.wetag;

@@ -169,5 +171,2 @@ break;

break;
case 'weak':
fn = exports.wetag;
break;
default:

@@ -197,2 +196,3 @@ throw new TypeError('unknown value for etag function: ' + val);

case true:
case 'simple':
fn = querystring.parse;

@@ -206,5 +206,2 @@ break;

break;
case 'simple':
fn = querystring.parse;
break;
default:

@@ -240,3 +237,4 @@ throw new TypeError('unknown value for query parser function: ' + val);

// Support comma-separated values
val = val.split(/ *, */);
val = val.split(',')
.map(function (v) { return v.trim() })
}

@@ -243,0 +241,0 @@

2

lib/view.js

@@ -77,3 +77,3 @@ /*!

// load engine
var mod = this.ext.substr(1)
var mod = this.ext.slice(1)
debug('require "%s"', mod)

@@ -80,0 +80,0 @@

63

package.json
{
"name": "express",
"description": "Fast, unopinionated, minimalist web framework",
"version": "4.17.1",
"version": "4.18.2",
"author": "TJ Holowaychuk <tj@vision-media.ca>",

@@ -23,2 +23,3 @@ "contributors": [

"web",
"http",
"rest",

@@ -31,29 +32,30 @@ "restful",

"dependencies": {
"accepts": "~1.3.7",
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
"body-parser": "1.19.0",
"content-disposition": "0.5.3",
"body-parser": "1.20.1",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
"cookie": "0.4.0",
"cookie": "0.5.0",
"cookie-signature": "1.0.6",
"debug": "2.6.9",
"depd": "~1.1.2",
"depd": "2.0.0",
"encodeurl": "~1.0.2",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
"finalhandler": "~1.1.2",
"finalhandler": "1.2.0",
"fresh": "0.5.2",
"http-errors": "2.0.0",
"merge-descriptors": "1.0.1",
"methods": "~1.1.2",
"on-finished": "~2.3.0",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
"path-to-regexp": "0.1.7",
"proxy-addr": "~2.0.5",
"qs": "6.7.0",
"proxy-addr": "~2.0.7",
"qs": "6.11.0",
"range-parser": "~1.2.1",
"safe-buffer": "5.1.2",
"send": "0.17.1",
"serve-static": "1.14.1",
"setprototypeof": "1.1.1",
"statuses": "~1.5.0",
"safe-buffer": "5.2.1",
"send": "0.18.0",
"serve-static": "1.15.0",
"setprototypeof": "1.2.0",
"statuses": "2.0.1",
"type-is": "~1.6.18",

@@ -65,18 +67,17 @@ "utils-merge": "1.0.1",

"after": "0.8.2",
"connect-redis": "3.4.1",
"cookie-parser": "~1.4.4",
"cookie-session": "1.3.3",
"ejs": "2.6.1",
"eslint": "2.13.1",
"express-session": "1.16.1",
"hbs": "4.0.4",
"istanbul": "0.4.5",
"marked": "0.6.2",
"connect-redis": "3.4.2",
"cookie-parser": "1.4.6",
"cookie-session": "2.0.0",
"ejs": "3.1.8",
"eslint": "8.24.0",
"express-session": "1.17.2",
"hbs": "4.2.0",
"marked": "0.7.0",
"method-override": "3.0.0",
"mocha": "5.2.0",
"morgan": "1.9.1",
"multiparty": "4.2.1",
"mocha": "10.0.0",
"morgan": "1.10.0",
"multiparty": "4.2.3",
"nyc": "15.1.0",
"pbkdf2-password": "1.2.1",
"should": "13.2.3",
"supertest": "3.3.0",
"supertest": "6.3.0",
"vhost": "~3.0.2"

@@ -97,6 +98,6 @@ },

"test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
"test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/",
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
"test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
"test-cov": "nyc --reporter=html --reporter=text npm test",
"test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
}
}

79

Readme.md
[![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/)
Fast, unopinionated, minimalist web framework for [node](http://nodejs.org).
Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org).
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Linux Build][travis-image]][travis-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Test Coverage][coveralls-image]][coveralls-url]
[![NPM Version][npm-version-image]][npm-url]
[![NPM Install Size][npm-install-size-image]][npm-install-size-url]
[![NPM Downloads][npm-downloads-image]][npm-downloads-url]

@@ -30,6 +28,9 @@ ```js

If this is a brand new project, make sure to create a `package.json` first with
the [`npm init` command](https://docs.npmjs.com/creating-a-package-json-file).
Installation is done using the
[`npm install` command](https://docs.npmjs.com/getting-started/installing-npm-packages-locally):
```bash
```console
$ npm install express

@@ -54,3 +55,3 @@ ```

* [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)]
* [#express](https://webchat.freenode.net/?channels=express) on freenode IRC
* [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC
* [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules

@@ -63,6 +64,2 @@ * Visit the [Wiki](https://github.com/expressjs/express/wiki)

### Security Issues
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
## Quick Start

@@ -74,3 +71,3 @@

```bash
```console
$ npm install -g express-generator@4

@@ -81,3 +78,3 @@ ```

```bash
```console
$ express /tmp/foo && cd /tmp/foo

@@ -88,3 +85,3 @@ ```

```bash
```console
$ npm install

@@ -95,3 +92,3 @@ ```

```bash
```console
$ npm start

@@ -105,3 +102,3 @@ ```

The Express philosophy is to provide small, robust tooling for HTTP servers, making
it a great solution for single page applications, web sites, hybrids, or public
it a great solution for single page applications, websites, hybrids, or public
HTTP APIs.

@@ -117,3 +114,3 @@

```bash
```console
$ git clone git://github.com/expressjs/express.git --depth 1

@@ -126,11 +123,27 @@ $ cd express

```bash
```console
$ node examples/content-negotiation
```
## Tests
## Contributing
To run the test suite, first install the dependencies, then run `npm test`:
[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Test Coverage][coveralls-image]][coveralls-url]
```bash
The Express.js project welcomes all constructive contributions. Contributions take many forms,
from code for bug fixes and enhancements, to additions and fixes to documentation, additional
tests, triaging incoming pull requests and issues, and more!
See the [Contributing Guide](Contributing.md) for more technical details on contributing.
### Security Issues
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
### Running Tests
To run the test suite, first install the dependencies, then run `npm test`:
```console
$ npm install

@@ -140,6 +153,2 @@ $ npm test

## Contributing
[Contributing Guide](Contributing.md)
## People

@@ -157,11 +166,13 @@

[npm-image]: https://img.shields.io/npm/v/express.svg
[npm-url]: https://npmjs.org/package/express
[downloads-image]: https://img.shields.io/npm/dm/express.svg
[downloads-url]: https://npmjs.org/package/express
[travis-image]: https://img.shields.io/travis/expressjs/express/master.svg?label=linux
[travis-url]: https://travis-ci.org/expressjs/express
[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows
[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows
[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
[coveralls-image]: https://img.shields.io/coveralls/expressjs/express/master.svg
[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux
[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
[npm-downloads-image]: https://badgen.net/npm/dm/express
[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
[npm-install-size-image]: https://badgen.net/packagephobia/install/express
[npm-install-size-url]: https://packagephobia.com/result?p=express
[npm-url]: https://npmjs.org/package/express
[npm-version-image]: https://badgen.net/npm/v/express
History.md

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc