The Express.js team has explained the thinking behind the recently completed version 5.0 of this popular framework for Node.js, ten years after the first pull request and four years after the project was declared to be in maintenance mode because of inactivity.
Express.js is described as a “minimal and flexible Node.js web application framework” and is in the top five most popular web frameworks according to a StackOverflow survey this year. Yet in January this year technical committee (TC) member Wesley Todd said that “the project has been in more of a maintenance mode for a long time now.” Todd referenced his own post from 2020 when he observed that “no one is paid to work on this project and we all are very busy.”
Version 5.0 is “designed to be boring” according to the latest post from the TC, with the goal being as much to “unblock the ecosystem” as to introduce new features.
There was also a security audit – though the details are to follow – which revealed some issues and resulted in “a lot of security work in private forks.”
Despite the low-key nature of the feature changes, there are a number of breaking changes – including the end of support for old versions of Node.js. Express 5.0 requires at least Node 18. According to the post, this could cause problems for enterprises with old or parked applications. Line of business applications all too often fall out of date if they continue to work and there is little incentive to maintain them. The team is arranging long-term support via a third party for such cases.
Other breaking changes include: removal of support for regular expressions with sub-expressions, for security reasons; simplified patterns for route expressions; changed behavior of rejected promises (asynchronous operations in JavaScript) with better ability to handle them; and deprecated method signatures.
Although a full release, version 5.0 is still tagged next rather than latest in npm (Node Package Manager) which means it will not be used by default. More details on when this will change are promised soon.
Express.js is a strategic framework, thanks to the ubiquity of Node.js, and although alternatives such as Next.js offer many more features, Express is valued for its easy to use and minimalist approach – especially for building APIs.
Despite the new post, though, the project still seems slow-moving – it has taken the team over a month to publicize version 5.0 since the code landed in GitHub. “I’m a little confused, is this still a beta release?” queried one developer at the time; and another: “too late. I already moved on to Hono.” Hono is an alternative framework similar to Express and with a focus on high performance, small size, and wide runtime compatibility – including support for Cloudflare Workers, Bun and Deno as well as Node.js.