Security News
Inside Lodash’s Security Reset and Maintenance Reboot
Lodash 4.17.23 marks a security reset, with maintainers rebuilding governance and infrastructure to support long-term, sustainable maintenance.
By Sarah Gooding - Jan 31, 2026
Latest Socket ResearchMalicious Chrome Extension Performs Hidden Affiliate Hijacking.Details →
root
A super lightweight web framework with routing and prototype mixin support.
It's available through npm:
npm install root
Usage
Usage is simple
var root = require('root');
var app = root();
app.get('/', function(request, response) {
response.send({hello:'world'});
});
app.post('/echo', function(request, response) {
request.on('json', function(body) {
response.send(body);
});
});
app.listen(8080);
You can extend the request and response with your own methods
app.use('response.time', function() {
this.send({time:this.request.time});
});
app.use('request.time', {getter:true}, function() {
return Date.now();
});
app.get(function(request, response) {
response.time();
});
Routing
Routing is done using murl.
Use the get, post, put, del, patch or options method to specify the HTTP method you want to route
app.get('/hello/{world}', function(request, response) {
response.send({world:req.params.world});
});
app.get('/test', function(request, response, next) {
// call next to call the next matching route
next();
});
app.get('/test', function(request, response) {
response.send('ok');
});
URL normalization
Before routing an incoming url it is first decoded and normalized
/../../⇨//foo/bar/../baz⇨/foo/baz/foo%20bar⇨/foo bar/foo%2fbar⇨/foo/bar
This basicly means that you don't need to worry about /.. attacks when serving files or similar.
Error handling
You can specify an error handler for a specific error code by using the error function
app.get('/foo', function(request, response) {
response.error(400, 'bad request man');
});
app.error(404, function(request, response) {
response.send({error:'could not find route'});
});
app.error(function(req, res) {
response.send({error:'catch all other errors'});
});
Plugins
To create a plugin simply create a function that accepts an app
var plugin = function(app) {
app.get('/my-plugin', function(request, response) {
response.send('hello from plugin');
});
};
myApp.use(plugin);
Alternatively you can pass a another app instance to use.
var subApp = root();
subApp.get('/test', function(request, response) {
response.send('hello from sub app');
});
myApp.use(subApp); // route requests through subApp as well
Available plugins
- response.render - PEJS template support
- response.step - Easy flow and error control
License
MIT
Keywords
FAQs
a super lightweight web framework featuring prototype mixin support and routing
The npm package root receives a total of 1,556 weekly downloads. As such, root popularity was classified as popular.
We found that root demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 20 Sep 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
n8n Tops 2025 JavaScript Rising Stars as Workflow Platforms Gain Momentum
n8n led JavaScript Rising Stars 2025 by a wide margin, with workflow platforms seeing the largest growth across categories.
By Sarah Gooding - Jan 29, 2026
Security News
Federal Government Rescinds Software Supply Chain Mandates, Makes SBOMs Optional
The U.S. government is rolling back software supply chain mandates, shifting from mandatory SBOMs and attestations to a risk-based approach.
By Sarah Gooding - Jan 28, 2026