Home
Docs
GitHub
Pricing
Blog
Log In

Run Sandworm Audit for your App

Get started
Hold on, we're currently generating a fresh version of this report
Generated on May 18, 2024 via pnpm

express 4.12.3

Fast, unopinionated, minimalist web framework
Package summary
Share
18
issues
5
critical severity
license
5
8
high severity
vulnerability
7
license
1
3
moderate severity
vulnerability
3
2
low severity
vulnerability
1
license
1
3
licenses
34
MIT
5
N/A
1
BSD
Package created
29 Dec 2010
Version published
17 Mar 2015
Maintainers
2
Total deps
40
Direct deps
24
License
MIT

Issues

18

5 critical severity issues

critical
Recommendation: Check the package code and files for license information
via: cookie@0.1.2
Recommendation: Check the package code and files for license information
via: escape-html@1.0.1 & others
Recommendation: Check the package code and files for license information
via: debug@2.1.3 & others
Recommendation: Check the package code and files for license information
via: serve-static@1.9.3
Recommendation: Check the package code and files for license information
via: path-to-regexp@0.1.3
Collapse
Expand

8 high severity issues

high
Recommendation: Upgrade to version 6.0.4 or later
via: qs@2.4.1
Recommendation: Upgrade to version 0.6.1 or later
via: accepts@1.2.13
Recommendation: Upgrade to version 0.5.2 or later
via: fresh@0.2.4 & others
Recommendation: Upgrade to version 1.4.1 or later
via: send@0.12.2 & others
Recommendation: Upgrade to version 2.6.9 or later
via: debug@2.1.3 & others
Recommendation: Upgrade to version 0.7.1 or later
via: debug@2.1.3 & others
Recommendation: Upgrade to version 6.2.4 or later
via: qs@2.4.1
Recommendation: Validate that the package complies with your license policy
via: qs@2.4.1
Collapse
Expand

3 moderate severity issues

moderate
Recommendation: Upgrade to version 4.19.2 or later
via: express@4.12.3
Recommendation: Upgrade to version 2.0.0 or later
via: debug@2.1.3 & others
Recommendation: Upgrade to version 4.19.2 or later
via: express@4.12.3
Collapse
Expand

2 low severity issues

low
Recommendation: Upgrade to version 2.6.9 or later
via: debug@2.1.3 & others
Recommendation: Read and validate the license terms
via: qs@2.4.1
Collapse
Expand

Licenses

MIT License

Permissive
OSI Approved
This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
Can
commercial-use
modify
distribute
sublicense
private-use
Cannot
hold-liable
Must
include-copyright
include-license
34 Packages, Including:
accepts@1.2.13
content-disposition@0.5.0
content-type@1.0.5
cookie-signature@1.0.6
crc@3.2.1
debug@2.1.3
debug@2.2.0
depd@1.0.1
destroy@1.0.3
ee-first@1.1.0
etag@1.5.1
etag@1.6.0
express@4.12.3
finalhandler@0.3.4
forwarded@0.1.2
fresh@0.2.4
ipaddr.js@1.0.5
media-typer@0.3.0
merge-descriptors@1.0.0
methods@1.1.2
mime-db@1.52.0
mime-types@2.1.35
mime@1.3.4
negotiator@0.5.3
on-finished@2.2.1
parseurl@1.3.3
proxy-addr@1.0.10
range-parser@1.0.3
send@0.12.2
send@0.12.3
serve-static@1.9.3
type-is@1.6.18
utils-merge@1.0.0
vary@1.0.1

N/A

N/A
5 Packages, Including:
cookie@0.1.2
escape-html@1.0.1
ms@0.7.0
ms@0.7.1
path-to-regexp@0.1.3

BSD

Invalid
Not OSI Approved
1 Packages, Including:
qs@2.4.1
Disclaimer

This deed highlights only some of the key features and terms of the actual license. It is not a license and has no legal value. You should carefully review all of the terms and conditions of the actual license before using the licensed material.

Sandworm is not a law firm and does not provide legal services. Distributing, displaying, or linking to this deed or the license that it summarizes does not create a lawyer-client or any other relationship.

Direct Dependencies

24
All Dependencies CSV
β“˜ This is a list of express 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.
NameVersionSizeLicenseTypeVulnerabilities
accepts1.2.134.7 kBMIT
prod
1
content-disposition0.5.06.25 kBMIT
prod
content-type1.0.53.82 kBMIT
prod
cookie-signature1.0.62.06 kBMIT
prod
cookie0.1.22.41 kBUNKNOWN
prod
1
debug2.1.39.92 kBMIT
prod
1
2
1
1
depd1.0.18.33 kBMIT
prod
escape-html1.0.1783 BUNKNOWN
prod
1
etag1.5.13.64 kBMIT
prod
finalhandler0.3.43.83 kBMIT
prod
2
2
1
1
fresh0.2.42.26 kBMIT
prod
1
merge-descriptors1.0.01.74 kBMIT
prod
methods1.1.22.42 kBMIT
prod
on-finished2.2.13.77 kBMIT
prod
parseurl1.3.33.86 kBMIT
prod
path-to-regexp0.1.33.29 kBUNKNOWN
prod
1
proxy-addr1.0.104.82 kBMIT
prod
qs2.4.110.19 kBBSD
prod
3
1
range-parser1.0.32.4 kBMIT
prod
send0.12.210 kBMIT
prod
2
4
1
1
serve-static1.9.35.76 kBMIT
prod
2
3
1
1
type-is1.6.185.73 kBMIT
prod
utils-merge1.0.01.65 kBMIT
prod
vary1.0.13 kBMIT
prod

Visualizations

Frequently Asked Questions

What does express do?

Express.js is a fast, unopinionated, and minimalist web development framework for Node.js. It's renowned for its robust routing and focus on high performance. Express doesn't enforce a specific ORM or template engine, making it an excellent solution for creating single page applications, websites, hybrids, or public HTTP APIs. This flexibility is further enhanced by support for over 14 template engines via Consolidate.js. In addition, Express provides a suite of HTTP utilities and middleware to help build scalable applications with ease.

How do you use express?

To use Express.js, you'll first need to download and install Node.js versions of 0.10 or higher. You can install Express in your Node.js modules using npm with the npm install express command.

Here's an example of how to create a basic Express application:

const express = require('express')
const app = express()

app.get('/', function (req, res) {
  res.send('Hello World')
})

app.listen(3000)

This creates an Express application that listens on port 3000, and responds with 'Hello World' for requests to the root URL (/) or route.

To quickly get started with Express, you could use the executable express(1) to generate an application skeleton by using the command npm install -g express-generator@4, create the app with express /tmp/foo && cd /tmp/foo, install dependencies with npm install and start the server with npm start.

Where are the express docs?

The official Express documentation, which includes a comprehensive guide to getting started, API references, and a variety of other resources, can be found on the Express.js website. The website repository is available on GitHub for those interested in contributing to the Express documentation. You could also engage with the Express community via Libera Chat IRC, Google Group or use Gitter for support and discussion.