express
4.8/51.9K

express

npm i express

270 Versions

4.18.2

latest
4 months ago

4.18.1

9 months ago
  • Fix hanging on large stack of sync routes

4.18.0

9 months ago

4.17.3

1 year ago

5.0.0-beta.1

next
1 year ago

This is the first Express 5.0 beta release, based off 4.17.2 and includes changes from 5.0.0-alpha.8.

  • change:
    • Default "query parser" setting to 'simple'
    • Requires Node.js 4+
    • Use mime-types for file to content type mapping
  • deps: array-flatten@3.0.0
  • deps: body-parser@2.0.0-beta.1
    • req.body is no longer always initialized to {}
    • urlencoded parser now defaults extended to false
    • Use on-finished to determine when body read
  • deps: router@2.0.0-beta.1
    • Add new ?, *, and + parameter modifiers
    • Internalize private router.process_params method
    • Matching group expressions are only RegExp syntax
    • Named matching groups no longer available by position in req.params
    • Regular expressions can only be used in a matching group
    • Remove debug dependency
    • Special * path segment behavior removed
    • deps: array-flatten@3.0.0
    • deps: parseurl@~1.3.3
    • deps: path-to-regexp@3.2.0
    • deps: setprototypeof@1.2.0
  • deps: send@1.0.0-beta.1
    • Change dotfiles option default to 'ignore'
    • Remove hidden option; use dotfiles option instead
    • Use mime-types for file to content type mapping
    • deps: debug@3.1.0
  • deps: serve-static@2.0.0-beta.1
    • Change dotfiles option default to 'ignore'
    • Remove hidden option; use dotfiles option instead
    • Use mime-types for file to content type mapping
    • deps: send@1.0.0-beta.1

4.17.2

1 year ago

5.0.0-alpha.8

3 years ago

This is the sixth Express 5.0 alpha release, based off 4.17.1 and includes changes from 5.0.0-alpha.7.


4.17.1

4 years ago
  • Revert "Improve error message for null/undefined to res.status"

4.17.0

4 years ago
  • Add express.raw to parse bodies into Buffer
  • Add express.text to parse bodies into string
  • Improve error message for non-strings to res.sendFile
  • Improve error message for null/undefined to res.status
  • Support multiple hosts in X-Forwarded-Host
  • deps: accepts@~1.3.7
  • deps: body-parser@1.19.0
  • deps: content-disposition@0.5.3
  • deps: cookie@0.4.0
    • Add SameSite=None support
  • deps: finalhandler@~1.1.2
    • Set stricter Content-Security-Policy header
    • deps: parseurl@~1.3.3
    • deps: statuses@~1.5.0
  • deps: parseurl@~1.3.3
  • deps: proxy-addr@~2.0.5
  • deps: qs@6.7.0
    • Fix parsing array brackets after index
  • deps: range-parser@~1.2.1
  • deps: send@0.17.1
    • Set stricter CSP header in redirect & error responses
    • deps: http-errors@~1.7.2
    • deps: mime@1.6.0
    • deps: ms@2.1.1
    • deps: range-parser@~1.2.1
    • deps: statuses@~1.5.0
    • perf: remove redundant path.normalize call
  • deps: serve-static@1.14.1
    • Set stricter CSP header in redirect response
    • deps: parseurl@~1.3.3
    • deps: send@0.17.1
  • deps: setprototypeof@1.1.1
  • deps: statuses@~1.5.0
    • Add 103 Early Hints
  • deps: type-is@~1.6.18
    • deps: mime-types@~2.1.24
    • perf: prevent internal throw on invalid type

5.0.0-alpha.7

4 years ago

This is the seventh Express 5.0 alpha release, based off 4.16.4 and includes changes from 5.0.0-alpha.6.

The major change with this alpha is the basic support for returned, rejected Promises in the router.

  • remove:
    • path-to-regexp dependency
  • deps: debug@3.1.0
    • Add DEBUG_HIDE_DATE environment variable
    • Change timer to per-namespace instead of global
    • Change non-TTY date format
    • Remove DEBUG_FD environment variable support
    • Support 256 namespace colors
  • deps: router@2.0.0-alpha.1

4.16.4

4 years ago

4.16.3

5 years ago
  • deps: accepts@~1.3.5
    • deps: mime-types@~2.1.18
  • deps: depd@~1.1.2
    • perf: remove argument reassignment
  • deps: encodeurl@~1.0.2
    • Fix encoding % as last character
  • deps: finalhandler@1.1.1
    • Fix 404 output for bad / missing pathnames
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: proxy-addr@~2.0.3
  • deps: send@0.16.2
    • Fix incorrect end tag in default error & redirects
    • deps: depd@~1.1.2
    • deps: encodeurl@~1.0.2
    • deps: statuses@~1.4.0
  • deps: serve-static@1.13.2
    • Fix incorrect end tag in redirects
    • deps: encodeurl@~1.0.2
    • deps: send@0.16.2
  • deps: statuses@~1.4.0
  • deps: type-is@~1.6.16
    • deps: mime-types@~2.1.18

4.16.2

5 years ago
  • Fix TypeError in res.send when given Buffer and ETag header set
  • perf: skip parsing of entire X-Forwarded-Proto header

4.16.1

5 years ago

4.16.0

5 years ago
  • Add "json escape" setting for res.json and res.jsonp
  • Add express.json and express.urlencoded to parse bodies
  • Add options argument to res.download
  • Improve error message when autoloading invalid view engine
  • Improve error messages when non-function provided as middleware
  • Skip Buffer encoding when not generating ETag for small response
  • Use safe-buffer for improved Buffer API
  • deps: accepts@~1.3.4
    • deps: mime-types@~2.1.16
  • deps: content-type@~1.0.4
    • perf: remove argument reassignment
    • perf: skip parameter parsing when no parameters
  • deps: etag@~1.8.1
    • perf: replace regular expression with substring
  • deps: finalhandler@1.1.0
    • Use res.headersSent when available
  • deps: parseurl@~1.3.2
    • perf: reduce overhead for full URLs
    • perf: unroll the "fast-path" RegExp
  • deps: proxy-addr@~2.0.2
    • Fix trimming leading / trailing OWS in X-Forwarded-For
    • deps: forwarded@~0.1.2
    • deps: ipaddr.js@1.5.2
    • perf: reduce overhead when no X-Forwarded-For header
  • deps: qs@6.5.1
    • Fix parsing & compacting very deep objects
  • deps: send@0.16.0
    • Add 70 new types for file extensions
    • Add immutable option
    • Fix missing </html> in default error & redirects
    • Set charset as "UTF-8" for .js and .json
    • Use instance methods on steam to check for listeners
    • deps: mime@1.4.1
    • perf: improve path validation speed
  • deps: serve-static@1.13.0
    • Add 70 new types for file extensions
    • Add immutable option
    • Set charset as "UTF-8" for .js and .json
    • deps: send@0.16.0
  • deps: setprototypeof@1.1.0
  • deps: utils-merge@1.0.1
  • deps: vary@~1.1.2
    • perf: improve header token parsing speed
  • perf: re-use options object when generating ETags
  • perf: remove dead .charset set in res.jsonp

5.0.0-alpha.6

5 years ago

This is the sixth Express 5.0 alpha release, based off 4.15.5 and includes changes from 5.0.0-alpha.5.

  • remove:
    • res.redirect(url, status) signature - use res.redirect(status, url)
    • res.send(status, body) signature - use res.status(status).send(body)
  • deps: router@~1.3.1

4.15.5

5 years ago
  • deps: debug@2.6.9
  • deps: finalhandler@~1.0.6
  • deps: fresh@0.5.2
    • Fix handling of modified headers with invalid dates
    • perf: improve ETag match loop
    • perf: improve If-None-Match token parsing
  • deps: send@0.15.6
    • Fix handling of modified headers with invalid dates
    • deps: debug@2.6.9
    • deps: etag@~1.8.1
    • deps: fresh@0.5.2
    • perf: improve If-Match token parsing
  • deps: serve-static@1.12.6
    • deps: parseurl@~1.3.2
    • deps: send@0.15.6
    • perf: improve slash collapsing

4.15.4

5 years ago

4.15.3

6 years ago

5.0.0-alpha.5

6 years ago

This is the fifth Express 5.0 alpha release, based off 4.15.2 and includes changes from 5.0.0-alpha.4.


4.15.2

6 years ago
  • deps: qs@6.4.0
    • Fix regression parsing keys starting with [

4.15.1

6 years ago
  • deps: send@0.15.1
    • Fix issue when Date.parse does not return NaN on invalid date
    • Fix strict violation in broken environments
  • deps: serve-static@1.12.1
    • Fix issue when Date.parse does not return NaN on invalid date
    • deps: send@0.15.1

5.0.0-alpha.4

6 years ago

This is the fourth Express 5.0 alpha release, based off 4.15.0 and includes changes from 5.0.0-alpha.3.

  • remove:
    • Remove Express 3.x middleware error stubs
  • deps: router@~1.3.0
    • Add next("router") to exit from router
    • Fix case where router.use skipped requests routes did not
    • Skip routing when req.url is not set
    • Use %o in path debug to tell types apart
    • deps: debug@2.6.1
    • deps: setprototypeof@1.0.3
    • perf: add fast match path for * route

4.15.0

6 years ago
  • Add debug message when loading view engine
  • Add next("router") to exit from router
  • Fix case where router.use skipped requests routes did not
  • Remove usage of res._headers private field
    • Improves compatibility with Node.js 8 nightly
  • Skip routing when req.url is not set
  • Use %o in path debug to tell types apart
  • Use Object.create to setup request & response prototypes
  • Use setprototypeof module to replace __proto__ setting
  • Use statuses instead of http module for status messages
  • deps: debug@2.6.1
    • Allow colors in workers
    • Deprecated DEBUG_FD environment variable set to 3 or higher
    • Fix error when running under React Native
    • Use same color for same namespace
    • deps: ms@0.7.2
  • deps: etag@~1.8.0
    • Use SHA1 instead of MD5 for ETag hashing
    • Works with FIPS 140-2 OpenSSL configuration
  • deps: finalhandler@~1.0.0
    • Fix exception when err cannot be converted to a string
    • Fully URL-encode the pathname in the 404
    • Only include the pathname in the 404 message
    • Send complete HTML document
    • Set Content-Security-Policy: default-src 'self' header
    • deps: debug@2.6.1
  • deps: fresh@0.5.0
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • perf: delay reading header values until needed
    • perf: enable strict mode
    • perf: hoist regular expressions
    • perf: remove duplicate conditional
    • perf: remove unnecessary boolean coercions
    • perf: skip checking modified time if ETag check failed
    • perf: skip parsing If-None-Match when no ETag header
    • perf: use Date.parse instead of new Date
  • deps: qs@6.3.1
    • Fix array parsing from skipping empty values
    • Fix compacting nested arrays
  • deps: send@0.15.0
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: debug@2.6.1
    • deps: etag@~1.8.0
    • deps: fresh@0.5.0
    • deps: http-errors@~1.6.1
  • deps: serve-static@1.12.0
    • Fix false detection of no-cache request directive
    • Fix incorrect result when If-None-Match has both * and ETags
    • Fix weak ETag matching to match spec
    • Remove usage of res._headers private field
    • Send complete HTML document in redirect response
    • Set default CSP header in redirect response
    • Support If-Match and If-Unmodified-Since headers
    • Use res.getHeaderNames() when available
    • Use res.headersSent when available
    • deps: send@0.15.0
  • perf: add fast match path for * route
  • perf: improve req.ips performance

5.0.0-alpha.3

6 years ago

This is the third Express 5.0 alpha release, based off 4.14.1 and includes changes from 5.0.0-alpha.2.


4.14.1

6 years ago

4.14.0

7 years ago
  • Add acceptRanges option to res.sendFile/res.sendfile
  • Add cacheControl option to res.sendFile/res.sendfile
  • Add options argument to req.range
    • Includes the combine option
  • Encode URL in res.location/res.redirect if not already encoded
  • Fix some redirect handling in res.sendFile/res.sendfile
  • Fix Windows absolute path check using forward slashes
  • Improve error with invalid arguments to req.get()
  • Improve performance for res.json/res.jsonp in most cases
  • Improve Range header handling in res.sendFile/res.sendfile
  • deps: accepts@~1.3.3
    • Fix including type extensions in parameters in Accept parsing
    • Fix parsing Accept parameters with quoted equals
    • Fix parsing Accept parameters with quoted semicolons
    • Many performance improvments
    • deps: mime-types@~2.1.11
    • deps: negotiator@0.6.1
  • deps: content-type@~1.0.2
    • perf: enable strict mode
  • deps: cookie@0.3.1
    • Add sameSite option
    • Fix cookie Max-Age to never be a floating point number
    • Improve error message when encode is not a function
    • Improve error message when expires is not a Date
    • Throw better error for invalid argument to parse
    • Throw on invalid values provided to serialize
    • perf: enable strict mode
    • perf: hoist regular expression
    • perf: use for loop in parse
    • perf: use string concatination for serialization
  • deps: finalhandler@0.5.0
    • Change invalid or non-numeric status code to 500
    • Overwrite status message to match set status code
    • Prefer err.statusCode if err.status is invalid
    • Set response headers from err.headers object
    • Use statuses instead of http module for status messages
  • deps: proxy-addr@~1.1.2
    • Fix accepting various invalid netmasks
    • Fix IPv6-mapped IPv4 validation edge cases
    • IPv4 netmasks must be contingous
    • IPv6 addresses cannot be used as a netmask
    • deps: ipaddr.js@1.1.1
  • deps: qs@6.2.0
    • Add decoder option in parse function
  • deps: range-parser@~1.2.0
    • Add combine option to combine overlapping ranges
    • Fix incorrectly returning -1 when there is at least one valid range
    • perf: remove internal function
  • deps: send@0.14.1
    • Add acceptRanges option
    • Add cacheControl option
    • Attempt to combine multiple ranges into single range
    • Correctly inherit from Stream class
    • Fix Content-Range header in 416 responses when using start/end options
    • Fix Content-Range header missing from default 416 responses
    • Fix redirect error when path contains raw non-URL characters
    • Fix redirect when path starts with multiple forward slashes
    • Ignore non-byte Range headers
    • deps: http-errors@~1.5.0
    • deps: range-parser@~1.2.0
    • deps: statuses@~1.3.0
    • perf: remove argument reassignment
  • deps: serve-static@~1.11.1
    • Add acceptRanges option
    • Add cacheControl option
    • Attempt to combine multiple ranges into single range
    • Fix redirect error when req.url contains raw non-URL characters
    • Ignore non-byte Range headers
    • Use status code 301 for redirects
    • deps: send@0.14.1
  • deps: type-is@~1.6.13
    • Fix type error when given invalid type to match against
    • deps: mime-types@~2.1.11
  • deps: vary@~1.1.0
    • Only accept valid field names in the field argument
  • perf: use strict equality when possible

4.13.4

7 years ago
  • deps: content-disposition@0.5.1
    • perf: enable strict mode
  • deps: cookie@0.1.5
    • Throw on invalid values provided to serialize
  • deps: depd@~1.1.0
    • Support web browser loading
    • perf: enable strict mode
  • deps: escape-html@~1.0.3
    • perf: enable strict mode
    • perf: optimize string replacement
    • perf: use faster string coercion
  • deps: finalhandler@0.4.1
    • deps: escape-html@~1.0.3
  • deps: merge-descriptors@1.0.1
    • perf: enable strict mode
  • deps: methods@~1.1.2
    • perf: enable strict mode
  • deps: parseurl@~1.3.1
    • perf: enable strict mode
  • deps: proxy-addr@~1.0.10
  • deps: range-parser@~1.0.3
    • perf: enable strict mode
  • deps: send@0.13.1
    • deps: depd@~1.1.0
    • deps: destroy@~1.0.4
    • deps: escape-html@~1.0.3
    • deps: range-parser@~1.0.3
  • deps: serve-static@~1.10.2
    • deps: escape-html@~1.0.3
    • deps: parseurl@~1.3.0
    • deps: send@0.13.1

4.13.3

7 years ago
  • Fix infinite loop condition using mergeParams: true
  • Fix inner numeric indices incorrectly altering parent req.params

4.13.2

8 years ago
  • deps: accepts@~1.2.12
    • deps: mime-types@~2.1.4
  • deps: array-flatten@1.1.1
    • perf: enable strict mode
  • deps: path-to-regexp@0.1.7
    • Fix regression with escaped round brackets and matching groups
  • deps: type-is@~1.6.6
    • deps: mime-types@~2.1.4

3.21.2

8 years ago
  • deps: connect@2.30.2
    • deps: body-parser@~1.13.3
    • deps: compression@~1.5.2
    • deps: errorhandler@~1.4.2
    • deps: method-override@~2.3.5
    • deps: serve-index@~1.7.2
    • deps: type-is@~1.6.6
    • deps: vhost@~3.0.1
  • deps: vary@~1.0.1
    • Fix setting empty header from empty field
    • perf: enable strict mode
    • perf: remove argument reassignments

5.0.0-alpha.2

8 years ago

This is the second Express 5.0 alpha release, based off 4.13.1 and includes changes from 5.0.0-alpha.1.

  • remove:
    • app.param(fn)
    • req.param() -- use req.params, req.body, or req.query instead
  • change:
    • res.render callback is always async, even for sync view engines
    • The leading : character in name for app.param(name, fn) is no longer removed
    • Use router module for routing
    • Use path-is-absolute module for absolute path detection

4.13.1

8 years ago
  • deps: accepts@~1.2.10
    • deps: mime-types@~2.1.2
  • deps: qs@4.0.0
    • Fix dropping parameters like hasOwnProperty
    • Fix various parsing edge cases
  • deps: type-is@~1.6.4
    • deps: mime-types@~2.1.2
    • perf: enable strict mode
    • perf: remove argument reassignment

3.21.1

8 years ago
  • deps: basic-auth@~1.0.3
  • deps: connect@2.30.1
    • deps: body-parser@~1.13.2
    • deps: compression@~1.5.1
    • deps: errorhandler@~1.4.1
    • deps: morgan@~1.6.1
    • deps: pause@0.1.0
    • deps: qs@4.0.0
    • deps: serve-index@~1.7.1
    • deps: type-is@~1.6.4

4.13.0

8 years ago
  • Add settings to debug output
  • Fix res.format error when only default provided
  • Fix issue where next('route') in app.param would incorrectly skip values
  • Fix hiding platform issues with decodeURIComponent
    • Only URIErrors are a 400
  • Fix using * before params in routes
  • Fix using capture groups before params in routes
  • Simplify res.cookie to call res.append
  • Use array-flatten module for flattening arrays
  • deps: accepts@~1.2.9
    • deps: mime-types@~2.1.1
    • perf: avoid argument reassignment & argument slice
    • perf: avoid negotiator recursive construction
    • perf: enable strict mode
    • perf: remove unnecessary bitwise operator
  • deps: cookie@0.1.3
    • perf: deduce the scope of try-catch deopt
    • perf: remove argument reassignments
  • deps: escape-html@1.0.2
  • deps: etag@~1.7.0
    • Always include entity length in ETags for hash length extensions
    • Generate non-Stats ETags using MD5 only (no longer CRC32)
    • Improve stat performance by removing hashing
    • Improve support for JXcore
    • Remove base64 padding in ETags to shorten
    • Support "fake" stats objects in environments without fs
    • Use MD5 instead of MD4 in weak ETags over 1KB
  • deps: finalhandler@0.4.0
    • Fix a false-positive when unpiping in Node.js 0.8
    • Support statusCode property on Error objects
    • Use unpipe module for unpiping requests
    • deps: escape-html@1.0.2
    • deps: on-finished@~2.3.0
    • perf: enable strict mode
    • perf: remove argument reassignment
  • deps: fresh@0.3.0
    • Add weak ETag matching support
  • deps: on-finished@~2.3.0
    • Add defined behavior for HTTP CONNECT requests
    • Add defined behavior for HTTP Upgrade requests
    • deps: ee-first@1.1.1
  • deps: path-to-regexp@0.1.6
  • deps: send@0.13.0
    • Allow Node.js HTTP server to set Date response header
    • Fix incorrectly removing Content-Location on 304 response
    • Improve the default redirect response headers
    • Send appropriate headers on default error response
    • Use http-errors for standard emitted errors
    • Use statuses instead of http module for status messages
    • deps: escape-html@1.0.2
    • deps: etag@~1.7.0
    • deps: fresh@0.3.0
    • deps: on-finished@~2.3.0
    • perf: enable strict mode
    • perf: remove unnecessary array allocations
  • deps: serve-static@~1.10.0
    • Add fallthrough option
    • Fix reading options from options prototype
    • Improve the default redirect response headers
    • Malformed URLs now next() instead of 400
    • deps: escape-html@1.0.2
    • deps: send@0.13.0
    • perf: enable strict mode
    • perf: remove argument reassignment
  • deps: type-is@~1.6.3
    • deps: mime-types@~2.1.1
    • perf: reduce try block size
    • perf: remove bitwise operations
  • perf: enable strict mode
  • perf: isolate app.render try block
  • perf: remove argument reassignments in application
  • perf: remove argument reassignments in request prototype
  • perf: remove argument reassignments in response prototype
  • perf: remove argument reassignments in routing
  • perf: remove argument reassignments in View
  • perf: skip attempting to decode zero length string
  • perf: use saved reference to http.STATUS_CODES

3.21.0

8 years ago
  • deps: basic-auth@1.0.2
    • perf: enable strict mode
    • perf: hoist regular expression
    • perf: parse with regular expressions
    • perf: remove argument reassignment
  • deps: connect@2.30.0
    • deps: body-parser@~1.13.1
    • deps: bytes@2.1.0
    • deps: compression@~1.5.0
    • deps: cookie@0.1.3
    • deps: cookie-parser@~1.3.5
    • deps: csurf@~1.8.3
    • deps: errorhandler@~1.4.0
    • deps: express-session@~1.11.3
    • deps: finalhandler@0.4.0
    • deps: fresh@0.3.0
    • deps: morgan@~1.6.0
    • deps: serve-favicon@~2.3.0
    • deps: serve-index@~1.7.0
    • deps: serve-static@~1.10.0
    • deps: type-is@~1.6.3
  • deps: cookie@0.1.3
    • perf: deduce the scope of try-catch deopt
    • perf: remove argument reassignments
  • deps: escape-html@1.0.2
  • deps: etag@~1.7.0
    • Always include entity length in ETags for hash length extensions
    • Generate non-Stats ETags using MD5 only (no longer CRC32)
    • Improve stat performance by removing hashing
    • Improve support for JXcore
    • Remove base64 padding in ETags to shorten
    • Support "fake" stats objects in environments without fs
    • Use MD5 instead of MD4 in weak ETags over 1KB
  • deps: fresh@0.3.0
    • Add weak ETag matching support
  • deps: mkdirp@0.5.1
    • Work in global strict mode
  • deps: send@0.13.0
    • Allow Node.js HTTP server to set Date response header
    • Fix incorrectly removing Content-Location on 304 response
    • Improve the default redirect response headers
    • Send appropriate headers on default error response
    • Use http-errors for standard emitted errors
    • Use statuses instead of http module for status messages
    • deps: escape-html@1.0.2
    • deps: etag@~1.7.0
    • deps: fresh@0.3.0
    • deps: on-finished@~2.3.0
    • perf: enable strict mode
    • perf: remove unnecessary array allocations

4.12.4

8 years ago
  • deps: accepts@~1.2.7
  • deps: debug@~2.2.0
  • deps: depd@~1.0.1
  • deps: etag@~1.6.0
    • Improve support for JXcore
    • Support "fake" stats objects in environments without fs
  • deps: finalhandler@0.3.6
    • deps: debug@~2.2.0
    • deps: on-finished@~2.2.1
  • deps: on-finished@~2.2.1
    • Fix isFinished(req) when data buffered
  • deps: proxy-addr@~1.0.8
  • deps: qs@2.4.2
    • Fix allowing parameters like constructor
  • deps: send@0.12.3
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: etag@~1.6.0
    • deps: ms@0.7.1
    • deps: on-finished@~2.2.1
  • deps: serve-static@~1.9.3
  • deps: type-is@~1.6.2
    • deps: mime-types@~2.0.11

3.20.3

8 years ago
  • deps: connect@2.29.2
    • deps: body-parser@~1.12.4
    • deps: compression@~1.4.4
    • deps: connect-timeout@~1.6.2
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: errorhandler@~1.3.6
    • deps: finalhandler@0.3.6
    • deps: method-override@~2.3.3
    • deps: morgan@~1.5.3
    • deps: qs@2.4.2
    • deps: response-time@~2.3.1
    • deps: serve-favicon@~2.2.1
    • deps: serve-index@~1.6.4
    • deps: serve-static@~1.9.3
    • deps: type-is@~1.6.2
  • deps: debug@~2.2.0
  • deps: depd@~1.0.1
  • deps: proxy-addr@~1.0.8
  • deps: send@0.12.3
    • deps: debug@~2.2.0
    • deps: depd@~1.0.1
    • deps: etag@~1.6.0
    • deps: ms@0.7.1
    • deps: on-finished@~2.2.1

4.12.3

8 years ago
  • deps: accepts@~1.2.5
    • deps: mime-types@~2.0.10
  • deps: debug@~2.1.3
    • Fix high intensity foreground color for bold
    • deps: ms@0.7.0
  • deps: finalhandler@0.3.4
    • deps: debug@~2.1.3
  • deps: proxy-addr@~1.0.7
  • deps: qs@2.4.1
    • Fix error when parameter hasOwnProperty is present
  • deps: send@0.12.2
    • Throw errors early for invalid extensions or index options
    • deps: debug@~2.1.3
  • deps: serve-static@~1.9.2
  • deps: type-is@~1.6.1
    • deps: mime-types@~2.0.10

3.20.2

8 years ago
  • deps: connect@2.29.1
    • deps: body-parser@~1.12.2
    • deps: compression@~1.4.3
    • deps: connect-timeout@~1.6.1
    • deps: debug@~2.1.3
    • deps: errorhandler@~1.3.5
    • deps: express-session@~1.10.4
    • deps: finalhandler@0.3.4
    • deps: method-override@~2.3.2
    • deps: morgan@~1.5.2
    • deps: qs@2.4.1
    • deps: serve-index@~1.6.3
    • deps: serve-static@~1.9.2
    • deps: type-is@~1.6.1
  • deps: debug@~2.1.3
    • Fix high intensity foreground color for bold
    • deps: ms@0.7.0
  • deps: merge-descriptors@1.0.0
  • deps: proxy-addr@~1.0.7
  • deps: send@0.12.2
    • Throw errors early for invalid extensions or index options
    • deps: debug@~2.1.3

4.12.2

8 years ago
  • Fix regression where "Request aborted" is logged using res.sendFile

4.12.1

8 years ago
  • Fix constructing application with non-configurable prototype properties
  • Fix ECONNRESET errors from res.sendFile usage
  • Fix req.host when using "trust proxy" hops count
  • Fix req.protocol/req.secure when using "trust proxy" hops count
  • Fix wrong code on aborted connections from res.sendFile
  • deps: merge-descriptors@1.0.0

3.20.1

8 years ago
  • Fix req.host when using "trust proxy" hops count
  • Fix req.protocol/req.secure when using "trust proxy" hops count

4.12.0

8 years ago
  • Fix "trust proxy" setting to inherit when app is mounted
  • Generate ETags for all request responses
    • No longer restricted to only responses for GET and HEAD requests
  • Use content-type to parse Content-Type headers
  • deps: accepts@~1.2.4
    • Fix preference sorting to be stable for long acceptable lists
    • deps: mime-types@~2.0.9
    • deps: negotiator@0.5.1
  • deps: cookie-signature@1.0.6
  • deps: send@0.12.1
    • Always read the stat size from the file
    • Fix mutating passed-in options
    • deps: mime@1.3.4
  • deps: serve-static@~1.9.1
  • deps: type-is@~1.6.0
    • fix argument reassignment
    • fix false-positives in hasBody Transfer-Encoding check
    • support wildcard for both type and subtype (*/*)
    • deps: mime-types@~2.0.9

3.20.0

8 years ago
  • Fix "trust proxy" setting to inherit when app is mounted
  • Generate ETags for all request responses
    • No longer restricted to only responses for GET and HEAD requests
  • Use content-type to parse Content-Type headers
  • deps: connect@2.29.0
    • Use content-type to parse Content-Type headers
    • deps: body-parser@~1.12.0
    • deps: compression@~1.4.1
    • deps: connect-timeout@~1.6.0
    • deps: cookie-parser@~1.3.4
    • deps: cookie-signature@1.0.6
    • deps: csurf@~1.7.0
    • deps: errorhandler@~1.3.4
    • deps: express-session@~1.10.3
    • deps: http-errors@~1.3.1
    • deps: response-time@~2.3.0
    • deps: serve-index@~1.6.2
    • deps: serve-static@~1.9.1
    • deps: type-is@~1.6.0
  • deps: cookie-signature@1.0.6
  • deps: send@0.12.1
    • Always read the stat size from the file
    • Fix mutating passed-in options
    • deps: mime@1.3.4

4.11.2

8 years ago
  • Fix res.redirect double-calling res.end for HEAD requests
  • deps: accepts@~1.2.3
    • deps: mime-types@~2.0.8
  • deps: proxy-addr@~1.0.6
  • deps: type-is@~1.5.6
    • deps: mime-types@~2.0.8

3.19.2

8 years ago
  • deps: connect@2.28.3
    • deps: compression@~1.3.1
    • deps: csurf@~1.6.6
    • deps: errorhandler@~1.3.3
    • deps: express-session@~1.10.2
    • deps: serve-index@~1.6.1
    • deps: type-is@~1.5.6
  • deps: proxy-addr@~1.0.6

4.11.1

8 years ago
  • deps: send@0.11.1
    • Fix root path disclosure
  • deps: serve-static@~1.8.1
    • Fix redirect loop in Node.js 0.11.14
    • Fix root path disclosure
    • deps: send@0.11.1

3.19.1

8 years ago

4.11.0

8 years ago
  • Add res.append(field, val) to append headers
  • Deprecate leading : in name for app.param(name, fn)
  • Deprecate req.param() -- use req.params, req.body, or req.query instead
  • Deprecate app.param(fn)
  • Fix OPTIONS responses to include the HEAD method properly
  • Fix res.sendFile not always detecting aborted connection
  • Match routes iteratively to prevent stack overflows
  • deps: accepts@~1.2.2
  • deps: send@0.11.0
    • deps: debug@~2.1.1
    • deps: etag@~1.5.1
    • deps: ms@0.7.0
    • deps: on-finished@~2.2.0
  • deps: serve-static@~1.8.0

4.10.8

8 years ago
  • Fix crash from error within OPTIONS response handler
  • deps: proxy-addr@~1.0.5

3.19.0

8 years ago
  • Fix OPTIONS responses to include the HEAD method property
  • Use readline for prompt in express(1)
  • deps: commander@2.6.0
  • deps: connect@2.28.1
    • deps: body-parser@~1.10.1
    • deps: compression@~1.3.0
    • deps: connect-timeout@~1.5.0
    • deps: csurf@~1.6.4
    • deps: debug@~2.1.1
    • deps: errorhandler@~1.3.2
    • deps: express-session@~1.10.1
    • deps: finalhandler@0.3.3
    • deps: method-override@~2.3.1
    • deps: morgan@~1.5.1
    • deps: serve-favicon@~2.2.0
    • deps: serve-index@~1.6.0
    • deps: serve-static@~1.8.0
    • deps: type-is@~1.5.5
  • deps: debug@~2.1.1
  • deps: methods@~1.1.1
  • deps: proxy-addr@~1.0.5
  • deps: send@0.11.0
    • deps: debug@~2.1.1
    • deps: etag@~1.5.1
    • deps: ms@0.7.0
    • deps: on-finished@~2.2.0

4.10.7

8 years ago
  • Fix Allow header for OPTIONS to not contain duplicate methods
  • Fix incorrect "Request aborted" for res.sendFile when HEAD or 304
  • deps: debug@~2.1.1
  • deps: finalhandler@0.3.3
    • deps: debug@~2.1.1
    • deps: on-finished@~2.2.0
  • deps: methods@~1.1.1
  • deps: on-finished@~2.2.0
  • deps: serve-static@~1.7.2
    • Fix potential open redirect when mounted at root
  • deps: type-is@~1.5.5
    • deps: mime-types@~2.0.7

4.10.6

8 years ago
  • Fix exception in req.fresh/req.stale without response headers

3.18.6

8 years ago
  • Fix exception in req.fresh/req.stale without response headers

3.18.5

8 years ago
  • deps: connect@2.27.6
    • deps: compression@~1.2.2
    • deps: express-session@~1.9.3
    • deps: http-errors@~1.2.8
    • deps: serve-index@~1.5.3
    • deps: type-is@~1.5.4

4.10.5

8 years ago
  • Fix res.send double-calling res.end for HEAD requests
  • deps: accepts@~1.1.4
    • deps: mime-types@~2.0.4
  • deps: type-is@~1.5.4
    • deps: mime-types@~2.0.4

4.10.4

8 years ago
  • Fix res.sendfile logging standard write errors

4.10.3

8 years ago
  • Fix res.sendFile logging standard write errors
  • deps: etag@~1.5.1
  • deps: proxy-addr@~1.0.4
  • deps: qs@2.3.3
    • Fix arrayLimit behavior

3.18.4

8 years ago
  • deps: connect@2.27.4
    • deps: body-parser@~1.9.3
    • deps: compression@~1.2.1
    • deps: errorhandler@~1.2.3
    • deps: express-session@~1.9.2
    • deps: qs@2.3.3
    • deps: serve-favicon@~2.1.7
    • deps: serve-static@~1.5.1
    • deps: type-is@~1.5.3
  • deps: etag@~1.5.1
  • deps: proxy-addr@~1.0.4

4.10.2

8 years ago
  • Correctly invoke async router callback asynchronously
  • deps: accepts@~1.1.3
    • deps: mime-types@~2.0.3
  • deps: type-is@~1.5.3
    • deps: mime-types@~2.0.3

3.18.3

8 years ago
  • deps: connect@2.27.3
    • Correctly invoke async callback asynchronously
    • deps: csurf@~1.6.3

5.0.0-alpha.1

8 years ago
  • remove:
    • app.del - use app.delete
    • req.acceptsCharset - use req.acceptsCharsets
    • req.acceptsEncoding - use req.acceptsEncodings
    • req.acceptsLanguage - use req.acceptsLanguages
    • res.json(obj, status) signature - use res.json(status, obj)
    • res.jsonp(obj, status) signature - use res.jsonp(status, obj)
    • res.send(body, status) signature - use res.send(status, body)
    • res.send(status) signature - use res.sendStatus(status)
    • res.sendfile - use res.sendFile instead
    • express.query middleware
  • change:
    • req.host now returns host (hostname:port) - use req.hostname for only hostname
    • req.query is now a getter instead of a plain property
  • add:
    • app.router is a reference to the base router

4.10.1

8 years ago
  • Fix handling of URLs containing :// in the path
  • deps: qs@2.3.2
    • Fix parsing of mixed objects and values

3.18.2

8 years ago
  • deps: connect@2.27.2
    • Fix handling of URLs containing :// in the path
    • deps: body-parser@~1.9.2
    • deps: qs@2.3.2

4.10.0

8 years ago
  • Add support for app.set('views', array)
    • Views are looked up in sequence in array of directories
  • Fix res.send(status) to mention res.sendStatus(status)
  • Fix handling of invalid empty URLs
  • Use content-disposition module for res.attachment/res.download
    • Sends standards-compliant Content-Disposition header
    • Full Unicode support
  • Use path.resolve in view lookup
  • deps: debug@~2.1.0
    • Implement DEBUG_FD env variable support
  • deps: depd@~1.0.0
  • deps: etag@~1.5.0
    • Improve string performance
    • Slightly improve speed for weak ETags over 1KB
  • deps: finalhandler@0.3.2
    • Terminate in progress response only on error
    • Use on-finished to determine request status
    • deps: debug@~2.1.0
    • deps: on-finished@~2.1.1
  • deps: on-finished@~2.1.1
    • Fix handling of pipelined requests
  • deps: qs@2.3.0
    • Fix parsing of mixed implicit and explicit arrays
  • deps: send@0.10.1
    • deps: debug@~2.1.0
    • deps: depd@~1.0.0
    • deps: etag@~1.5.0
    • deps: on-finished@~2.1.1
  • deps: serve-static@~1.7.1

3.18.1

8 years ago

3.18.0

8 years ago
  • Use content-disposition module for res.attachment/res.download
    • Sends standards-compliant Content-Disposition header
    • Full Unicode support
  • Use etag module to generate ETag headers
  • deps: connect@2.27.0
    • Use http-errors module for creating errors
    • Use utils-merge module for merging objects
    • deps: body-parser@~1.9.0
    • deps: compression@~1.2.0
    • deps: connect-timeout@~1.4.0
    • deps: debug@~2.1.0
    • deps: depd@~1.0.0
    • deps: express-session@~1.9.0
    • deps: finalhandler@0.3.1
    • deps: method-override@~2.3.0
    • deps: morgan@~1.4.0
    • deps: response-time@~2.2.0
    • deps: serve-favicon@~2.1.6
    • deps: serve-index@~1.5.0
    • deps: serve-static@~1.7.0
  • deps: debug@~2.1.0
    • Implement DEBUG_FD env variable support
  • deps: depd@~1.0.0
  • deps: send@0.10.0
    • deps: debug@~2.1.0
    • deps: depd@~1.0.0
    • deps: etag@~1.5.0

4.9.8

8 years ago
  • Fix res.redirect body when redirect status specified
  • deps: accepts@~1.1.2

3.17.8

8 years ago
  • deps: connect@2.26.6
    • deps: compression@~1.1.2
    • deps: csurf@~1.6.2
    • deps: errorhandler@~1.2.2

4.9.7

8 years ago
  • Fix using same param name in array of paths

4.9.6

8 years ago
  • deps: accepts@~1.1.1
  • deps: serve-static@~1.6.4
    • Fix redirect loop when index file serving disabled
  • deps: type-is@~1.5.2
    • deps: mime-types@~2.0.2

3.17.7

8 years ago
  • deps: connect@2.26.5
    • Fix accepting non-object arguments to logger
    • deps: serve-static@~1.6.4

3.17.6

8 years ago

4.9.5

8 years ago
  • deps: etag@~1.4.0
  • deps: proxy-addr@~1.0.3
    • Use forwarded npm module
  • deps: send@0.9.3
    • deps: etag@~1.4.0
  • deps: serve-static@~1.6.3

3.17.5

8 years ago
  • deps: connect@2.26.3
    • deps: body-parser@~1.8.4
    • deps: serve-favicon@~2.1.5
    • deps: serve-static@~1.6.3
  • deps: proxy-addr@~1.0.3
    • Use forwarded npm module
  • deps: send@0.9.3
    • deps: etag@~1.4.0

4.9.4

8 years ago
  • deps: qs@2.2.4
    • Fix issue with object keys starting with numbers truncated

3.17.4

8 years ago

4.9.3

8 years ago
  • deps: proxy-addr@~1.0.2
    • Fix a global leak when multiple subnets are trusted
    • deps: ipaddr.js@0.1.3

3.17.3

8 years ago
  • deps: proxy-addr@~1.0.2
    • Fix a global leak when multiple subnets are trusted
    • deps: ipaddr.js@0.1.3

4.9.2

8 years ago
  • Fix regression for empty string path in app.use
  • Fix router.use to accept array of middleware without path
  • Improve error message for bad app.use arguments

4.9.1

8 years ago
  • Fix app.use to accept array of middleware without path
  • deps: depd@0.4.5
  • deps: etag@~1.3.1
  • deps: send@0.9.2
    • deps: depd@0.4.5
    • deps: etag@~1.3.1
    • deps: range-parser@~1.0.2
  • deps: serve-static@~1.6.2

3.17.2

8 years ago
  • Use crc instead of buffer-crc32 for speed
  • deps: connect@2.26.1
    • deps: body-parser@~1.8.2
    • deps: depd@0.4.5
    • deps: express-session@~1.8.2
    • deps: morgan@~1.3.1
    • deps: serve-favicon@~2.1.3
    • deps: serve-static@~1.6.2
  • deps: depd@0.4.5
  • deps: send@0.9.2
    • deps: depd@0.4.5
    • deps: etag@~1.3.1
    • deps: range-parser@~1.0.2

4.9.0

8 years ago
  • Add res.sendStatus
  • Invoke callback for sendfile when client aborts
    • Applies to res.sendFile, res.sendfile, and res.download
    • err will be populated with request aborted error
  • Support IP address host in req.subdomains
  • Use etag to generate ETag headers
  • deps: accepts@~1.1.0
    • update mime-types
  • deps: cookie-signature@1.0.5
  • deps: debug@~2.0.0
  • deps: finalhandler@0.2.0
    • Set X-Content-Type-Options: nosniff header
    • deps: debug@~2.0.0
  • deps: fresh@0.2.4
  • deps: media-typer@0.3.0
    • Throw error when parameter format invalid on parse
  • deps: qs@2.2.3
    • Fix issue where first empty value in array is discarded
  • deps: range-parser@~1.0.2
  • deps: send@0.9.1
    • Add lastModified option
    • Use etag to generate ETag header
    • deps: debug@~2.0.0
    • deps: fresh@0.2.4
  • deps: serve-static@~1.6.1
  • deps: type-is@~1.5.1
    • fix hasbody to be true for content-length: 0
    • deps: media-typer@0.3.0
    • deps: mime-types@~2.0.1
  • deps: vary@~1.0.0
    • Accept valid Vary header string as field

3.17.1

8 years ago
  • Fix error in req.subdomains on empty host

3.17.0

8 years ago
  • Support IP address host in req.subdomains
  • deps: connect@2.26.0
    • deps: body-parser@~1.8.1
    • deps: compression@~1.1.0
    • deps: connect-timeout@~1.3.0
    • deps: cookie-parser@~1.3.3
    • deps: cookie-signature@1.0.5
    • deps: csurf@~1.6.1
    • deps: debug@~2.0.0
    • deps: errorhandler@~1.2.0
    • deps: express-session@~1.8.1
    • deps: finalhandler@0.2.0
    • deps: fresh@0.2.4
    • deps: media-typer@0.3.0
    • deps: method-override@~2.2.0
    • deps: morgan@~1.3.0
    • deps: qs@2.2.3
    • deps: serve-favicon@~2.1.3
    • deps: serve-index@~1.2.1
    • deps: serve-static@~1.6.1
    • deps: type-is@~1.5.1
    • deps: vhost@~3.0.0
  • deps: cookie-signature@1.0.5
  • deps: debug@~2.0.0
  • deps: fresh@0.2.4
  • deps: media-typer@0.3.0
    • Throw error when parameter format invalid on parse
  • deps: range-parser@~1.0.2
  • deps: send@0.9.1
    • Add lastModified option
    • Use etag to generate ETag header
    • deps: debug@~2.0.0
    • deps: fresh@0.2.4
  • deps: vary@~1.0.0
    • Accept valid Vary header string as field

4.8.8

8 years ago
  • deps: send@0.8.5
    • Fix a path traversal issue when using root
    • Fix malicious path detection for empty string path
  • deps: serve-static@~1.5.4

3.16.10

8 years ago
  • deps: connect@2.25.10
    • deps: serve-static@~1.5.4
  • deps: send@0.8.5
    • Fix a path traversal issue when using root
    • Fix malicious path detection for empty string path

4.8.7

8 years ago
  • deps: qs@2.2.2
    • Remove unnecessary cloning

3.16.9

8 years ago

4.8.6

8 years ago
  • deps: qs@2.2.0
    • Array parsing fix
    • Performance improvements

3.16.8

8 years ago

4.8.5

8 years ago

3.16.7

8 years ago

4.8.4

8 years ago

3.16.6

8 years ago

3.16.5

8 years ago

4.8.3

8 years ago
  • deps: parseurl@~1.3.0
  • deps: qs@1.2.1
  • deps: serve-static@~1.5.1
    • Fix parsing of weird req.originalUrl values
    • deps: parseurl@~1.3.0
    • deps: utils-merge@1.0.0

3.16.4

8 years ago
  • Fix original URL parsing in res.location
  • deps: connect@2.25.4
    • Fix query middleware breaking with argument
    • deps: body-parser@~1.6.3
    • deps: compression@~1.0.11
    • deps: connect-timeout@~1.2.2
    • deps: express-session@~1.7.5
    • deps: method-override@~2.1.3
    • deps: on-headers@~1.0.0
    • deps: parseurl@~1.3.0
    • deps: qs@1.2.1
    • deps: response-time@~2.0.1
    • deps: serve-index@~1.1.6
    • deps: serve-static@~1.5.1
  • deps: parseurl@~1.3.0

3.16.3

8 years ago

270 Versions

TagPublished
4.18.2latest4mos ago
4.18.19mos ago
4.18.09mos ago
4.17.31yr ago
5.0.0-beta.1next1yr ago
4.17.21yr ago
5.0.0-alpha.83yrs ago
4.17.14yrs ago
4.17.04yrs ago
5.0.0-alpha.74yrs ago
4.16.44yrs ago
4.16.35yrs ago
4.16.25yrs ago
4.16.15yrs ago
4.16.05yrs ago
5.0.0-alpha.65yrs ago
4.15.55yrs ago
4.15.45yrs ago
4.15.36yrs ago
5.0.0-alpha.56yrs ago
4.15.26yrs ago
4.15.16yrs ago
5.0.0-alpha.46yrs ago
4.15.06yrs ago
5.0.0-alpha.36yrs ago
4.14.16yrs ago
4.14.07yrs ago
4.13.47yrs ago
4.13.37yrs ago
4.13.28yrs ago
3.21.28yrs ago
5.0.0-alpha.28yrs ago
4.13.18yrs ago
3.21.18yrs ago
4.13.08yrs ago
3.21.08yrs ago
4.12.48yrs ago
3.20.38yrs ago
4.12.38yrs ago
3.20.28yrs ago
4.12.28yrs ago
4.12.18yrs ago
3.20.18yrs ago
4.12.08yrs ago
3.20.08yrs ago
4.11.28yrs ago
3.19.28yrs ago
4.11.18yrs ago
3.19.18yrs ago
4.11.08yrs ago
4.10.88yrs ago
3.19.08yrs ago
4.10.78yrs ago
4.10.68yrs ago
3.18.68yrs ago
3.18.58yrs ago
4.10.58yrs ago
4.10.48yrs ago
4.10.38yrs ago
3.18.48yrs ago
4.10.28yrs ago
3.18.38yrs ago
5.0.0-alpha.18yrs ago
4.10.18yrs ago
3.18.28yrs ago
4.10.08yrs ago
3.18.18yrs ago
3.18.08yrs ago
4.9.88yrs ago
3.17.88yrs ago
4.9.78yrs ago
4.9.68yrs ago
3.17.78yrs ago
3.17.68yrs ago
4.9.58yrs ago
3.17.58yrs ago
4.9.48yrs ago
3.17.48yrs ago
4.9.38yrs ago
3.17.38yrs ago
4.9.28yrs ago
4.9.18yrs ago
3.17.28yrs ago
4.9.08yrs ago
3.17.18yrs ago
3.17.08yrs ago
4.8.88yrs ago
3.16.108yrs ago
4.8.78yrs ago
3.16.98yrs ago
4.8.68yrs ago
3.16.88yrs ago
4.8.58yrs ago
3.16.78yrs ago
4.8.48yrs ago
3.16.68yrs ago
3.16.58yrs ago
4.8.38yrs ago
3.16.48yrs ago
3.16.38yrs ago