express
Advanced tools
Comparing version 5.0.0-beta.1 to 5.0.0-beta.2
@@ -29,2 +29,9 @@ /*! | ||
var setPrototypeOf = require('setprototypeof') | ||
/** | ||
* Module variables. | ||
* @private | ||
*/ | ||
var hasOwnProperty = Object.prototype.hasOwnProperty | ||
var slice = Array.prototype.slice; | ||
@@ -350,3 +357,13 @@ | ||
// app.get(setting) | ||
return this.settings[setting]; | ||
var settings = this.settings | ||
while (settings && settings !== Object.prototype) { | ||
if (hasOwnProperty.call(settings, setting)) { | ||
return settings[setting] | ||
} | ||
settings = Object.getPrototypeOf(settings) | ||
} | ||
return undefined | ||
} | ||
@@ -353,0 +370,0 @@ |
@@ -17,2 +17,4 @@ /*! | ||
var contentDisposition = require('content-disposition'); | ||
var createError = require('http-errors') | ||
var deprecate = require('depd')('express'); | ||
var encodeUrl = require('encodeurl'); | ||
@@ -36,2 +38,3 @@ var escapeHtml = require('escape-html'); | ||
var vary = require('vary'); | ||
var urlParse = require('url').parse; | ||
@@ -61,2 +64,5 @@ /** | ||
res.status = function status(code) { | ||
if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) { | ||
deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead') | ||
} | ||
this.statusCode = code; | ||
@@ -186,2 +192,9 @@ return this; | ||
// alter headers for 205 | ||
if (this.statusCode === 205) { | ||
this.set('Content-Length', '0') | ||
this.removeHeader('Transfer-Encoding') | ||
chunk = '' | ||
} | ||
if (req.method === 'HEAD') { | ||
@@ -300,3 +313,3 @@ // skip body for HEAD | ||
res.sendStatus = function sendStatus(statusCode) { | ||
var body = statuses[statusCode] || String(statusCode) | ||
var body = statuses.message[statusCode] || String(statusCode) | ||
@@ -397,3 +410,3 @@ this.statusCode = statusCode; | ||
* when the data transfer is complete, or when an error has | ||
* ocurred. Be sure to check `res.headersSent` if you plan to respond. | ||
* occurred. Be sure to check `res.headersSent` if you plan to respond. | ||
* | ||
@@ -425,2 +438,9 @@ * Optionally providing an `options` object to use with `res.sendFile()`. | ||
// support optional filename, where options may be in it's place | ||
if (typeof filename === 'object' && | ||
(typeof options === 'function' || options === undefined)) { | ||
name = null | ||
opts = filename | ||
} | ||
// set Content-Disposition when file is sent | ||
@@ -447,3 +467,5 @@ var headers = { | ||
// Resolve the full path for sendFile | ||
var fullPath = resolve(path); | ||
var fullPath = !opts.root | ||
? resolve(path) | ||
: path | ||
@@ -543,5 +565,4 @@ // send file | ||
var fn = obj.default; | ||
if (fn) delete obj.default; | ||
var keys = Object.keys(obj); | ||
var keys = Object.keys(obj) | ||
.filter(function (v) { return v !== 'default' }) | ||
@@ -557,9 +578,8 @@ var key = keys.length > 0 | ||
obj[key](req, this, next); | ||
} else if (fn) { | ||
fn(); | ||
} else if (obj.default) { | ||
obj.default(req, this, next) | ||
} else { | ||
var err = new Error('Not Acceptable'); | ||
err.status = err.statusCode = 406; | ||
err.types = normalizeTypes(keys).map(function(o){ return o.value }); | ||
next(err); | ||
next(createError(406, { | ||
types: normalizeTypes(keys).map(function (o) { return o.value }) | ||
})) | ||
} | ||
@@ -730,5 +750,9 @@ | ||
if ('maxAge' in opts) { | ||
opts.expires = new Date(Date.now() + opts.maxAge); | ||
opts.maxAge /= 1000; | ||
if (opts.maxAge != null) { | ||
var maxAge = opts.maxAge - 0 | ||
if (!isNaN(maxAge)) { | ||
opts.expires = new Date(Date.now() + maxAge) | ||
opts.maxAge = Math.floor(maxAge / 1000) | ||
} | ||
} | ||
@@ -763,3 +787,3 @@ | ||
res.location = function location(url) { | ||
var loc = url; | ||
var loc = String(url); | ||
@@ -771,4 +795,21 @@ // "back" is an alias for the referrer | ||
var lowerLoc = loc.toLowerCase(); | ||
var encodedUrl = encodeUrl(loc); | ||
if (lowerLoc.indexOf('https://') === 0 || lowerLoc.indexOf('http://') === 0) { | ||
try { | ||
var parsedUrl = urlParse(loc); | ||
var parsedEncodedUrl = urlParse(encodedUrl); | ||
// Because this can encode the host, check that we did not change the host | ||
if (parsedUrl.host !== parsedEncodedUrl.host) { | ||
// If the host changes after encodeUrl, return the original url | ||
return this.set('Location', loc); | ||
} | ||
} catch (e) { | ||
// If parse fails, return the original url | ||
return this.set('Location', loc); | ||
} | ||
} | ||
// set location | ||
return this.set('Location', encodeUrl(loc)); | ||
return this.set('Location', encodedUrl); | ||
}; | ||
@@ -811,3 +852,3 @@ | ||
text: function(){ | ||
body = statuses[status] + '. Redirecting to ' + address | ||
body = statuses.message[status] + '. Redirecting to ' + address | ||
}, | ||
@@ -817,3 +858,3 @@ | ||
var u = escapeHtml(address); | ||
body = '<p>' + statuses[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>' | ||
body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>' | ||
}, | ||
@@ -987,3 +1028,3 @@ | ||
* @param {*} value | ||
* @param {function} replaces | ||
* @param {function} replacer | ||
* @param {number} spaces | ||
@@ -990,0 +1031,0 @@ * @param {boolean} escape |
@@ -80,3 +80,2 @@ /*! | ||
* object with `.value`, `.quality` and `.params`. | ||
* also includes `.originalIndex` for stable sorting | ||
* | ||
@@ -88,5 +87,5 @@ * @param {String} str | ||
function acceptParams(str, index) { | ||
function acceptParams (str) { | ||
var parts = str.split(/ *; */); | ||
var ret = { value: parts[0], quality: 1, params: {}, originalIndex: index }; | ||
var ret = { value: parts[0], quality: 1, params: {} } | ||
@@ -192,3 +191,4 @@ for (var i = 1; i < parts.length; ++i) { | ||
// Support comma-separated values | ||
val = val.split(/ *, */); | ||
val = val.split(',') | ||
.map(function (v) { return v.trim() }) | ||
} | ||
@@ -245,2 +245,3 @@ | ||
* | ||
* @param {String} str | ||
* @return {Object} | ||
@@ -247,0 +248,0 @@ * @private |
@@ -77,3 +77,3 @@ /*! | ||
// load engine | ||
var mod = this.ext.substr(1) | ||
var mod = this.ext.slice(1) | ||
debug('require "%s"', mod) | ||
@@ -80,0 +80,0 @@ |
{ | ||
"name": "express", | ||
"description": "Fast, unopinionated, minimalist web framework", | ||
"version": "5.0.0-beta.1", | ||
"version": "5.0.0-beta.2", | ||
"author": "TJ Holowaychuk <tj@vision-media.ca>", | ||
@@ -31,31 +31,32 @@ "contributors": [ | ||
"dependencies": { | ||
"accepts": "~1.3.7", | ||
"accepts": "~1.3.8", | ||
"array-flatten": "3.0.0", | ||
"body-parser": "2.0.0-beta.1", | ||
"body-parser": "2.0.0-beta.2", | ||
"content-disposition": "0.5.4", | ||
"content-type": "~1.0.4", | ||
"cookie": "0.4.1", | ||
"cookie": "0.6.0", | ||
"cookie-signature": "1.0.6", | ||
"debug": "3.1.0", | ||
"depd": "~1.1.2", | ||
"depd": "2.0.0", | ||
"encodeurl": "~1.0.2", | ||
"escape-html": "~1.0.3", | ||
"etag": "~1.8.1", | ||
"finalhandler": "~1.1.2", | ||
"finalhandler": "1.2.0", | ||
"fresh": "0.5.2", | ||
"http-errors": "2.0.0", | ||
"merge-descriptors": "1.0.1", | ||
"methods": "~1.1.2", | ||
"mime-types": "~2.1.34", | ||
"on-finished": "~2.3.0", | ||
"on-finished": "2.4.1", | ||
"parseurl": "~1.3.3", | ||
"path-is-absolute": "1.0.1", | ||
"proxy-addr": "~2.0.7", | ||
"qs": "6.9.6", | ||
"qs": "6.11.0", | ||
"range-parser": "~1.2.1", | ||
"router": "2.0.0-beta.1", | ||
"router": "2.0.0-beta.2", | ||
"safe-buffer": "5.2.1", | ||
"send": "1.0.0-beta.1", | ||
"serve-static": "2.0.0-beta.1", | ||
"send": "1.0.0-beta.2", | ||
"serve-static": "2.0.0-beta.2", | ||
"setprototypeof": "1.2.0", | ||
"statuses": "~1.5.0", | ||
"statuses": "2.0.1", | ||
"type-is": "~1.6.18", | ||
@@ -70,15 +71,13 @@ "utils-merge": "1.0.1", | ||
"cookie-session": "2.0.0", | ||
"ejs": "3.1.6", | ||
"eslint": "7.32.0", | ||
"ejs": "3.1.9", | ||
"eslint": "8.47.0", | ||
"express-session": "1.17.2", | ||
"hbs": "4.2.0", | ||
"istanbul": "0.4.5", | ||
"marked": "0.7.0", | ||
"method-override": "3.0.0", | ||
"mocha": "9.1.3", | ||
"mocha": "10.2.0", | ||
"morgan": "1.10.0", | ||
"multiparty": "4.2.2", | ||
"nyc": "15.1.0", | ||
"pbkdf2-password": "1.2.1", | ||
"should": "13.2.3", | ||
"supertest": "6.1.6", | ||
"supertest": "6.3.0", | ||
"vhost": "~3.0.2" | ||
@@ -99,6 +98,6 @@ }, | ||
"test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/", | ||
"test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/", | ||
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/", | ||
"test-ci": "nyc --reporter=lcovonly --reporter=text npm test", | ||
"test-cov": "nyc --reporter=html --reporter=text npm test", | ||
"test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/" | ||
} | ||
} |
[![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/) | ||
Fast, unopinionated, minimalist web framework for [node](http://nodejs.org). | ||
Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org). | ||
[![NPM Version][npm-image]][npm-url] | ||
[![NPM Downloads][downloads-image]][downloads-url] | ||
[![Linux Build][ci-image]][ci-url] | ||
[![Windows Build][appveyor-image]][appveyor-url] | ||
[![Test Coverage][coveralls-image]][coveralls-url] | ||
[![NPM Version][npm-version-image]][npm-url] | ||
[![NPM Install Size][npm-install-size-image]][npm-install-size-url] | ||
[![NPM Downloads][npm-downloads-image]][npm-downloads-url] | ||
@@ -36,3 +34,3 @@ ```js | ||
```bash | ||
```console | ||
$ npm install express | ||
@@ -57,3 +55,3 @@ ``` | ||
* [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)] | ||
* [#express](https://webchat.freenode.net/?channels=express) on freenode IRC | ||
* [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC | ||
* [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules | ||
@@ -66,6 +64,2 @@ * Visit the [Wiki](https://github.com/expressjs/express/wiki) | ||
### Security Issues | ||
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md). | ||
## Quick Start | ||
@@ -77,3 +71,3 @@ | ||
```bash | ||
```console | ||
$ npm install -g express-generator@4 | ||
@@ -84,3 +78,3 @@ ``` | ||
```bash | ||
```console | ||
$ express /tmp/foo && cd /tmp/foo | ||
@@ -91,3 +85,3 @@ ``` | ||
```bash | ||
```console | ||
$ npm install | ||
@@ -98,3 +92,3 @@ ``` | ||
```bash | ||
```console | ||
$ npm start | ||
@@ -119,4 +113,4 @@ ``` | ||
```bash | ||
$ git clone git://github.com/expressjs/express.git --depth 1 | ||
```console | ||
$ git clone https://github.com/expressjs/express.git --depth 1 | ||
$ cd express | ||
@@ -128,11 +122,27 @@ $ npm install | ||
```bash | ||
```console | ||
$ node examples/content-negotiation | ||
``` | ||
## Tests | ||
## Contributing | ||
To run the test suite, first install the dependencies, then run `npm test`: | ||
[![Linux Build][github-actions-ci-image]][github-actions-ci-url] | ||
[![Windows Build][appveyor-image]][appveyor-url] | ||
[![Test Coverage][coveralls-image]][coveralls-url] | ||
```bash | ||
The Express.js project welcomes all constructive contributions. Contributions take many forms, | ||
from code for bug fixes and enhancements, to additions and fixes to documentation, additional | ||
tests, triaging incoming pull requests and issues, and more! | ||
See the [Contributing Guide](Contributing.md) for more technical details on contributing. | ||
### Security Issues | ||
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md). | ||
### Running Tests | ||
To run the test suite, first install the dependencies, then run `npm test`: | ||
```console | ||
$ npm install | ||
@@ -142,6 +152,2 @@ $ npm test | ||
## Contributing | ||
[Contributing Guide](Contributing.md) | ||
## People | ||
@@ -159,11 +165,13 @@ | ||
[ci-image]: https://img.shields.io/github/workflow/status/expressjs/express/ci/master.svg?label=linux | ||
[ci-url]: https://github.com/expressjs/express/actions?query=workflow%3Aci | ||
[npm-image]: https://img.shields.io/npm/v/express.svg | ||
[npm-url]: https://npmjs.org/package/express | ||
[downloads-image]: https://img.shields.io/npm/dm/express.svg | ||
[downloads-url]: https://npmcharts.com/compare/express?minimal=true | ||
[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows | ||
[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows | ||
[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express | ||
[coveralls-image]: https://img.shields.io/coveralls/expressjs/express/master.svg | ||
[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master | ||
[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master | ||
[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux | ||
[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml | ||
[npm-downloads-image]: https://badgen.net/npm/dm/express | ||
[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true | ||
[npm-install-size-image]: https://badgen.net/packagephobia/install/express | ||
[npm-install-size-url]: https://packagephobia.com/result?p=express | ||
[npm-url]: https://npmjs.org/package/express | ||
[npm-version-image]: https://badgen.net/npm/v/express |
Sorry, the diff of this file is too big to display
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
189412
16
2331
167
33
5
0
+ Addedhttp-errors@2.0.0
+ Addedbody-parser@2.0.0-beta.2(transitive)
+ Addedbytes@3.1.2(transitive)
+ Addedcall-bind@1.0.7(transitive)
+ Addedcookie@0.6.0(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addeddepd@2.0.0(transitive)
+ Addeddestroy@1.2.0(transitive)
+ Addedes-define-property@1.0.0(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedfinalhandler@1.2.0(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.4(transitive)
+ Addedgopd@1.0.1(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-proto@1.0.3(transitive)
+ Addedhas-symbols@1.0.3(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhttp-errors@2.0.0(transitive)
+ Addediconv-lite@0.5.2(transitive)
+ Addedis-promise@4.0.0(transitive)
+ Addedobject-inspect@1.13.1(transitive)
+ Addedon-finished@2.4.1(transitive)
+ Addedqs@6.11.0(transitive)
+ Addedraw-body@3.0.0-beta.1(transitive)
+ Addedrouter@2.0.0-beta.2(transitive)
+ Addedsend@1.0.0-beta.2(transitive)
+ Addedserve-static@2.0.0-beta.2(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedside-channel@1.0.6(transitive)
+ Addedstatuses@2.0.1(transitive)
- Removedbody-parser@2.0.0-beta.1(transitive)
- Removedbytes@3.1.1(transitive)
- Removedcookie@0.4.1(transitive)
- Removeddepd@1.1.2(transitive)
- Removeddestroy@1.0.4(transitive)
- Removedfinalhandler@1.1.2(transitive)
- Removedhttp-errors@1.8.1(transitive)
- Removediconv-lite@0.4.24(transitive)
- Removedon-finished@2.3.0(transitive)
- Removedqs@6.9.6(transitive)
- Removedraw-body@2.4.2(transitive)
- Removedrouter@2.0.0-beta.1(transitive)
- Removedsend@1.0.0-beta.1(transitive)
- Removedserve-static@2.0.0-beta.1(transitive)
- Removedstatuses@1.5.0(transitive)
Updatedaccepts@~1.3.8
Updatedbody-parser@2.0.0-beta.2
Updatedcookie@0.6.0
Updateddepd@2.0.0
Updatedfinalhandler@1.2.0
Updatedon-finished@2.4.1
Updatedqs@6.11.0
Updatedrouter@2.0.0-beta.2
Updatedsend@1.0.0-beta.2
Updatedserve-static@2.0.0-beta.2
Updatedstatuses@2.0.1