Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
MinorJS
MinorJS is an unopinionated, ultra-minimal web framework that alleviates the pain of routing, testing, and deployment clustering for Node.js applications.
Why MinorJS?
By starting with MinorJS you maintain the freedom to develop your application with whichever technologies and philosophies you find appropriate for your Node.js project. MinorJS only handles routing, testing, and deployment clustering, ensuring that you have the tools to develop with speed and ship with confidence.
Installation
This package is available on npm as:
npm install minorjs
Features
- Clustered to support fault tolerance and load balancing.
- Zero-downtime rolling restarts.
- Framework-level error handling and logging to keep your site running.
- Per-environment configurations.
- Automatic route wiring; just create a controller module!
- Run filters before each request.
- Request profiling.
- Automatically reload changed modules (controllers/templates/etc) in development with no manual restarting. Save and refresh your browser!
- Express-style request middleware.
- Template mixins: execute Javascript from your templates.
Functional testing
You can easily write functional tests of your MinorJS application using the MinorJS testing framework.
You can make requests to your site with a headless browser, access data in the DOM with jQuery-style selectors and build your tests with standard tools like Mocha and Should.
CoffeeScript-friendly
While MinorJS is written in Javascript, the framework happily works with CoffeeScript.
Node.js versions
To support updated packages, minorjs version 7 and up works with Node.js 10 and up. Minorjs versions 2-7 works with Node.js 4 and up. If you need to run minorjs on Node.js 0.10 you can install minorjs version 1.4.0.
License
Copyright 2014 Skytap Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Contributors
- Scott Brady (Maintainer)
- Matt Mehlhope
FAQs
Clustered web framework that favors convention over configuration.
We found that minorjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 11 Mar 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026