Socket
Socket
Sign inDemoInstall

express

Package Overview
Dependencies
64
Maintainers
6
Versions
276
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 5.0.0-beta.1 to 5.0.0-beta.2

19

lib/application.js

@@ -29,2 +29,9 @@ /*!

var setPrototypeOf = require('setprototypeof')
/**
* Module variables.
* @private
*/
var hasOwnProperty = Object.prototype.hasOwnProperty
var slice = Array.prototype.slice;

@@ -350,3 +357,13 @@

// app.get(setting)
return this.settings[setting];
var settings = this.settings
while (settings && settings !== Object.prototype) {
if (hasOwnProperty.call(settings, setting)) {
return settings[setting]
}
settings = Object.getPrototypeOf(settings)
}
return undefined
}

@@ -353,0 +370,0 @@

81

lib/response.js

@@ -17,2 +17,4 @@ /*!

var contentDisposition = require('content-disposition');
var createError = require('http-errors')
var deprecate = require('depd')('express');
var encodeUrl = require('encodeurl');

@@ -36,2 +38,3 @@ var escapeHtml = require('escape-html');

var vary = require('vary');
var urlParse = require('url').parse;

@@ -61,2 +64,5 @@ /**

res.status = function status(code) {
if ((typeof code === 'string' || Math.floor(code) !== code) && code > 99 && code < 1000) {
deprecate('res.status(' + JSON.stringify(code) + '): use res.status(' + Math.floor(code) + ') instead')
}
this.statusCode = code;

@@ -186,2 +192,9 @@ return this;

// alter headers for 205
if (this.statusCode === 205) {
this.set('Content-Length', '0')
this.removeHeader('Transfer-Encoding')
chunk = ''
}
if (req.method === 'HEAD') {

@@ -300,3 +313,3 @@ // skip body for HEAD

res.sendStatus = function sendStatus(statusCode) {
var body = statuses[statusCode] || String(statusCode)
var body = statuses.message[statusCode] || String(statusCode)

@@ -397,3 +410,3 @@ this.statusCode = statusCode;

* when the data transfer is complete, or when an error has
* ocurred. Be sure to check `res.headersSent` if you plan to respond.
* occurred. Be sure to check `res.headersSent` if you plan to respond.
*

@@ -425,2 +438,9 @@ * Optionally providing an `options` object to use with `res.sendFile()`.

// support optional filename, where options may be in it's place
if (typeof filename === 'object' &&
(typeof options === 'function' || options === undefined)) {
name = null
opts = filename
}
// set Content-Disposition when file is sent

@@ -447,3 +467,5 @@ var headers = {

// Resolve the full path for sendFile
var fullPath = resolve(path);
var fullPath = !opts.root
? resolve(path)
: path

@@ -543,5 +565,4 @@ // send file

var fn = obj.default;
if (fn) delete obj.default;
var keys = Object.keys(obj);
var keys = Object.keys(obj)
.filter(function (v) { return v !== 'default' })

@@ -557,9 +578,8 @@ var key = keys.length > 0

obj[key](req, this, next);
} else if (fn) {
fn();
} else if (obj.default) {
obj.default(req, this, next)
} else {
var err = new Error('Not Acceptable');
err.status = err.statusCode = 406;
err.types = normalizeTypes(keys).map(function(o){ return o.value });
next(err);
next(createError(406, {
types: normalizeTypes(keys).map(function (o) { return o.value })
}))
}

@@ -730,5 +750,9 @@

if ('maxAge' in opts) {
opts.expires = new Date(Date.now() + opts.maxAge);
opts.maxAge /= 1000;
if (opts.maxAge != null) {
var maxAge = opts.maxAge - 0
if (!isNaN(maxAge)) {
opts.expires = new Date(Date.now() + maxAge)
opts.maxAge = Math.floor(maxAge / 1000)
}
}

@@ -763,3 +787,3 @@

res.location = function location(url) {
var loc = url;
var loc = String(url);

@@ -771,4 +795,21 @@ // "back" is an alias for the referrer

var lowerLoc = loc.toLowerCase();
var encodedUrl = encodeUrl(loc);
if (lowerLoc.indexOf('https://') === 0 || lowerLoc.indexOf('http://') === 0) {
try {
var parsedUrl = urlParse(loc);
var parsedEncodedUrl = urlParse(encodedUrl);
// Because this can encode the host, check that we did not change the host
if (parsedUrl.host !== parsedEncodedUrl.host) {
// If the host changes after encodeUrl, return the original url
return this.set('Location', loc);
}
} catch (e) {
// If parse fails, return the original url
return this.set('Location', loc);
}
}
// set location
return this.set('Location', encodeUrl(loc));
return this.set('Location', encodedUrl);
};

@@ -811,3 +852,3 @@

text: function(){
body = statuses[status] + '. Redirecting to ' + address
body = statuses.message[status] + '. Redirecting to ' + address
},

@@ -817,3 +858,3 @@

var u = escapeHtml(address);
body = '<p>' + statuses[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
body = '<p>' + statuses.message[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>'
},

@@ -987,3 +1028,3 @@

* @param {*} value
* @param {function} replaces
* @param {function} replacer
* @param {number} spaces

@@ -990,0 +1031,0 @@ * @param {boolean} escape

9

lib/utils.js

@@ -80,3 +80,2 @@ /*!

* object with `.value`, `.quality` and `.params`.
* also includes `.originalIndex` for stable sorting
*

@@ -88,5 +87,5 @@ * @param {String} str

function acceptParams(str, index) {
function acceptParams (str) {
var parts = str.split(/ *; */);
var ret = { value: parts[0], quality: 1, params: {}, originalIndex: index };
var ret = { value: parts[0], quality: 1, params: {} }

@@ -192,3 +191,4 @@ for (var i = 1; i < parts.length; ++i) {

// Support comma-separated values
val = val.split(/ *, */);
val = val.split(',')
.map(function (v) { return v.trim() })
}

@@ -245,2 +245,3 @@

*
* @param {String} str
* @return {Object}

@@ -247,0 +248,0 @@ * @private

2

lib/view.js

@@ -77,3 +77,3 @@ /*!

// load engine
var mod = this.ext.substr(1)
var mod = this.ext.slice(1)
debug('require "%s"', mod)

@@ -80,0 +80,0 @@

41

package.json
{
"name": "express",
"description": "Fast, unopinionated, minimalist web framework",
"version": "5.0.0-beta.1",
"version": "5.0.0-beta.2",
"author": "TJ Holowaychuk <tj@vision-media.ca>",

@@ -31,31 +31,32 @@ "contributors": [

"dependencies": {
"accepts": "~1.3.7",
"accepts": "~1.3.8",
"array-flatten": "3.0.0",
"body-parser": "2.0.0-beta.1",
"body-parser": "2.0.0-beta.2",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
"cookie": "0.4.1",
"cookie": "0.6.0",
"cookie-signature": "1.0.6",
"debug": "3.1.0",
"depd": "~1.1.2",
"depd": "2.0.0",
"encodeurl": "~1.0.2",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
"finalhandler": "~1.1.2",
"finalhandler": "1.2.0",
"fresh": "0.5.2",
"http-errors": "2.0.0",
"merge-descriptors": "1.0.1",
"methods": "~1.1.2",
"mime-types": "~2.1.34",
"on-finished": "~2.3.0",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
"path-is-absolute": "1.0.1",
"proxy-addr": "~2.0.7",
"qs": "6.9.6",
"qs": "6.11.0",
"range-parser": "~1.2.1",
"router": "2.0.0-beta.1",
"router": "2.0.0-beta.2",
"safe-buffer": "5.2.1",
"send": "1.0.0-beta.1",
"serve-static": "2.0.0-beta.1",
"send": "1.0.0-beta.2",
"serve-static": "2.0.0-beta.2",
"setprototypeof": "1.2.0",
"statuses": "~1.5.0",
"statuses": "2.0.1",
"type-is": "~1.6.18",

@@ -70,15 +71,13 @@ "utils-merge": "1.0.1",

"cookie-session": "2.0.0",
"ejs": "3.1.6",
"eslint": "7.32.0",
"ejs": "3.1.9",
"eslint": "8.47.0",
"express-session": "1.17.2",
"hbs": "4.2.0",
"istanbul": "0.4.5",
"marked": "0.7.0",
"method-override": "3.0.0",
"mocha": "9.1.3",
"mocha": "10.2.0",
"morgan": "1.10.0",
"multiparty": "4.2.2",
"nyc": "15.1.0",
"pbkdf2-password": "1.2.1",
"should": "13.2.3",
"supertest": "6.1.6",
"supertest": "6.3.0",
"vhost": "~3.0.2"

@@ -99,6 +98,6 @@ },

"test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/ test/acceptance/",
"test-ci": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/",
"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
"test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
"test-cov": "nyc --reporter=html --reporter=text npm test",
"test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/"
}
}

76

Readme.md
[![Express Logo](https://i.cloudup.com/zfY6lL7eFa-3000x3000.png)](http://expressjs.com/)
Fast, unopinionated, minimalist web framework for [node](http://nodejs.org).
Fast, unopinionated, minimalist web framework for [Node.js](http://nodejs.org).
[![NPM Version][npm-image]][npm-url]
[![NPM Downloads][downloads-image]][downloads-url]
[![Linux Build][ci-image]][ci-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Test Coverage][coveralls-image]][coveralls-url]
[![NPM Version][npm-version-image]][npm-url]
[![NPM Install Size][npm-install-size-image]][npm-install-size-url]
[![NPM Downloads][npm-downloads-image]][npm-downloads-url]

@@ -36,3 +34,3 @@ ```js

```bash
```console
$ npm install express

@@ -57,3 +55,3 @@ ```

* [Website and Documentation](http://expressjs.com/) - [[website repo](https://github.com/expressjs/expressjs.com)]
* [#express](https://webchat.freenode.net/?channels=express) on freenode IRC
* [#express](https://web.libera.chat/#express) on [Libera Chat](https://libera.chat) IRC
* [GitHub Organization](https://github.com/expressjs) for Official Middleware & Modules

@@ -66,6 +64,2 @@ * Visit the [Wiki](https://github.com/expressjs/express/wiki)

### Security Issues
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
## Quick Start

@@ -77,3 +71,3 @@

```bash
```console
$ npm install -g express-generator@4

@@ -84,3 +78,3 @@ ```

```bash
```console
$ express /tmp/foo && cd /tmp/foo

@@ -91,3 +85,3 @@ ```

```bash
```console
$ npm install

@@ -98,3 +92,3 @@ ```

```bash
```console
$ npm start

@@ -119,4 +113,4 @@ ```

```bash
$ git clone git://github.com/expressjs/express.git --depth 1
```console
$ git clone https://github.com/expressjs/express.git --depth 1
$ cd express

@@ -128,11 +122,27 @@ $ npm install

```bash
```console
$ node examples/content-negotiation
```
## Tests
## Contributing
To run the test suite, first install the dependencies, then run `npm test`:
[![Linux Build][github-actions-ci-image]][github-actions-ci-url]
[![Windows Build][appveyor-image]][appveyor-url]
[![Test Coverage][coveralls-image]][coveralls-url]
```bash
The Express.js project welcomes all constructive contributions. Contributions take many forms,
from code for bug fixes and enhancements, to additions and fixes to documentation, additional
tests, triaging incoming pull requests and issues, and more!
See the [Contributing Guide](Contributing.md) for more technical details on contributing.
### Security Issues
If you discover a security vulnerability in Express, please see [Security Policies and Procedures](Security.md).
### Running Tests
To run the test suite, first install the dependencies, then run `npm test`:
```console
$ npm install

@@ -142,6 +152,2 @@ $ npm test

## Contributing
[Contributing Guide](Contributing.md)
## People

@@ -159,11 +165,13 @@

[ci-image]: https://img.shields.io/github/workflow/status/expressjs/express/ci/master.svg?label=linux
[ci-url]: https://github.com/expressjs/express/actions?query=workflow%3Aci
[npm-image]: https://img.shields.io/npm/v/express.svg
[npm-url]: https://npmjs.org/package/express
[downloads-image]: https://img.shields.io/npm/dm/express.svg
[downloads-url]: https://npmcharts.com/compare/express?minimal=true
[appveyor-image]: https://img.shields.io/appveyor/ci/dougwilson/express/master.svg?label=windows
[appveyor-image]: https://badgen.net/appveyor/ci/dougwilson/express/master?label=windows
[appveyor-url]: https://ci.appveyor.com/project/dougwilson/express
[coveralls-image]: https://img.shields.io/coveralls/expressjs/express/master.svg
[coveralls-image]: https://badgen.net/coveralls/c/github/expressjs/express/master
[coveralls-url]: https://coveralls.io/r/expressjs/express?branch=master
[github-actions-ci-image]: https://badgen.net/github/checks/expressjs/express/master?label=linux
[github-actions-ci-url]: https://github.com/expressjs/express/actions/workflows/ci.yml
[npm-downloads-image]: https://badgen.net/npm/dm/express
[npm-downloads-url]: https://npmcharts.com/compare/express?minimal=true
[npm-install-size-image]: https://badgen.net/packagephobia/install/express
[npm-install-size-url]: https://packagephobia.com/result?p=express
[npm-url]: https://npmjs.org/package/express
[npm-version-image]: https://badgen.net/npm/v/express
History.md

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc