After ten years the version 5 pull request for Express has been merged. The original pull request was created back in July 2014 and from speaking to a lot of software engineers had been considered dead.
This release is intentionally boring with the focus being security enhancements and improvements to the core foundations to enable faster development in the future. This has parallels to Node prior to the more frequent release cadence after being pushed by iojs. Express v5 will only support newer versions of Node, with the oldest supported version being 18 (maintenance LTS, released 2022). Security concerns and refinement of patterns are core to the release as is simplifying maintenance.
Key Changes in v5: – Path matching and regular expressions have been updated, with parameters now requiring explicit naming – Improved promise support, particularly for error handling in middleware – Several deprecated method signatures have been removed – Security improvements include updates to body parsing and input validation
This release is sitting on the “next” tag and is not in “latest” yet. The Express team says v5 is good to go but if you only want to use an LTS version you will need to wait a bit longer. The release is not a huge change but has not been battle tested in production yet and if you or your company is averse to bugs or patching dependencies then give it a miss for now.
For developers looking to contribute to open source, Express now has a substantial backlog of tasks and PRs. This presents an excellent opportunity for JavaScript developers wanting to build their open source profile while working on one of the most widely-used Node.js frameworks.
If you are a Javascript developer interested in contributing to an open-source framework then Express v5 and future versions is an opportunity waiting to be explored. There is a growing backlog of tasks and bugs reported by users of v5 that are waiting to be solved.
Overall I am happy to see v5 of Express get released and the renewed commitment from the Express team to keep the framework moving forward since it underpins so much of the Javascript and web ecosystem. If you’re working with Express and want to discuss the implications of these changes for your applications I would love to hear from you. I’d be particularly interested in hearing about your upgrade experiences or contribution plans.