{"id":10386,"library":"express","title":"Express","description":"Express is a fast, unopinionated, and minimalist web framework for Node.js. The current stable major versions are v5.2.1 and v4.22.1, with both branches actively maintained and receiving regular updates, including security patches and bug fixes. Version 5 offers improved security and drops support for older Node.js versions, while version 4 continues to provide stability for existing applications.","status":"active","version":"5.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/expressjs/express","tags":["javascript","express","framework","sinatra","web","http","rest","restful","router"],"install":[{"cmd":"npm install express","lang":"bash","label":"npm"},{"cmd":"yarn add express","lang":"bash","label":"yarn"},{"cmd":"pnpm add express","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"For projects using `type: module` or modern bundlers. CommonJS projects can use `const express = require('express')`.","symbol":"express","correct":"import express from 'express'"}],"quickstart":{"code":"import express, { Express, Request, Response } from 'express';\n\nconst app: Express = express();\nconst port = process.env.PORT ?? 3000;\n\napp.get('/', (req: Request, res: Response) => {\n  res.send('Hello from Express!');\n});\n\napp.listen(port, () => {\n  console.log(`⚡️[server]: Server is running at http://localhost:${port}`);\n});","lang":"typescript","description":"This demonstrates a basic 'Hello World' Express server listening on port 3000 (or specified by PORT environment variable), responding to GET requests on the root path '/'."},"warnings":[{"fix":"Ensure you are using Express v5.2.1 or v4.22.1 (or newer) to avoid unexpected query parameter parsing behavior. Do not deploy applications with v5.2.0 or v4.22.0.","message":"Express v5.2.0 and v4.22.0 introduced an erroneous breaking change related to the extended query parser (CVE-2024-51999, later rejected). This was reverted in subsequent patch releases.","severity":"breaking","affected_versions":"5.2.0, 4.22.0"},{"fix":"Upgrade your Node.js environment to version 18 or higher before upgrading to Express v5. Express v4 continues to support older Node.js versions.","message":"Express v5 requires Node.js v18 or newer. Older Node.js versions are no longer supported.","severity":"breaking","affected_versions":">=5.0.0"},{"fix":"Replace `res.redirect('back')` with an explicit URL or dynamic referrer check, e.g., `res.redirect(req.get('Referer') || '/')`.","message":"The magic string 'back' for redirects (e.g., `res.redirect('back')`) has been deprecated and will be removed in a future major version.","severity":"deprecated","affected_versions":">=4.21.0, >=5.0.0"},{"fix":"Upgrade to Express v5.0.1 (or newer) or v4.21.1 (or newer) to ensure the patched `cookie` dependency is used and your application is not vulnerable.","message":"Versions of Express prior to 5.0.1 and 4.21.1 contained a vulnerability in the underlying `cookie` dependency (CVE-2024-47764).","severity":"gotcha","affected_versions":"<5.0.1, <4.21.1"}],"env_vars":null,"last_verified":"2026-04-18T00:00:00.000Z","next_check":"2026-07-17T00:00:00.000Z","problems":[{"fix":"Define a route using `app.get()`, `app.post()`, or `app.use()` that matches the incoming request path and method.","cause":"No route handler is defined for the requested path and HTTP method.","error":"Cannot GET /"},{"fix":"Ensure that response-sending methods like `res.send()` or `res.json()` are called only once per request. Use `return next()` or `return res.send()` to prevent further execution after sending a response.","cause":"An attempt was made to send a response or modify headers after the response has already been sent to the client. This often happens in asynchronous operations or when multiple response-sending calls are made.","error":"Error: Can't set headers after they are sent to the client."},{"fix":"Kill the process using the port (e.g., `kill -9 <PID>` on Linux/macOS, or find in Task Manager on Windows) or configure your Express application to listen on a different port (e.g., `process.env.PORT || 4000`).","cause":"The port that Express is trying to listen on (e.g., 3000) is already in use by another process.","error":"Error: listen EADDRINUSE: address already in use :::3000"},{"fix":"Ensure that all arguments passed to `app.use()` (and other route methods) are valid middleware functions, often imported or created as functions that take `(req, res, next)` as arguments.","cause":"An object or non-function value was passed to `app.use()` (or `app.get()`, `app.post()`, etc.) where a middleware function was expected.","error":"TypeError: app.use() requires a middleware function but got a Object"},{"fix":"Add `import express from 'express';` (for ESM) or `const express = require('express');` (for CommonJS) at the beginning of your file.","cause":"The `express` module was not correctly imported or required at the top of the file, or the variable name `express` was shadowed/redefined.","error":"ReferenceError: express is not defined"}],"ecosystem":"npm"}