Event in Spanish: Open Source Viernes con Ulises Gascon

Event in Spanish: Open Source Viernes con Ulises Gascon

Latin American Installation Festival

  • José Felipe Duarte Coronado, a Campus Expert in Colombia, attended the Latin American Installation Festival in Pereira, Colombia.
  • The festival celebrated open-source software and aimed to bridge the gap between academia and industry.
  • It featured over 25 speakers, various workshops, and promoted open-source culture in design, intelligence, and industry.
  • José Felipe highlighted the sense of community, collaboration, and problem-solving in the open-source world.


Popularity and Challenges

  • Express.js is a popular Node.js framework for building web servers, with over 52 billion downloads per year.
  • It faces challenges due to its modular nature and involvement of multiple organizations.

Governance and Maintenance

  • Express.js has undergone governance changes, including the formation of a Technical Steering Committee, a triage team, and a security team.
  • Douglas Christopher Wilson is the current maintainer of Express.js.
  • The project has historically faced issues with burnout among maintainers and governance challenges.


  • A security team has been formed to address vulnerabilities.
  • A threat model (trad model) has been created to define security responsibilities.
  • Express.js does not handle sanitization, requiring users to validate input to prevent vulnerabilities.
  • The team is auditing Express code and the trad model to improve security.
  • Plans are in place to document and explain security measures to the community.

Open Source Project Standards

  • Express.js encourages projects to adopt trad models and security processes.
  • Not all open-source projects, even popular frameworks, have these measures.
  • Express.js adopted the trad model based on positive experiences in Node.js.

Express Forward Plan

  • Share future plans for Express.js.
  • Focus on releasing Express 5.
  • Develop a roadmap for Express 6 and 7.

Community Involvement

  • The Express.js team seeks feedback and contributions for the upcoming Express 5 release.
  • A list of pending tasks for Express 5 is available on GitHub.
  • Community members can join the Express Discussions repository and Express Slack channel for focused debates, collaboration, and seeking community input.
  • The team is working on reviving the triage team to manage pull requests, issues, and prioritization.

Express 5 Features and Changes

  • Express.js version 5 will require a minimum of Node.js version 18.
  • It will not immediately support HTTP/2, but improved guides will be provided. HTTP/2 support may be added in version 6 or 7.
  • The core framework size will be reduced, and it will become more modular.
  • Default features like server-side rendering will be moved to separate modules.
  • The Express.js ecosystem will be revitalized by absorbing and supporting community-developed plugins.
  • Routing will be improved and decoupled from regular expressions.
  • Flexibility in choosing JSON parsing and stringification methods will be provided.
  • TypeScript support will be enhanced.
  • A new feature flag system will be introduced.
  • Production mode may become the default behavior.


  • Monkey patching has been a problem for Express.js development and compatibility with newer Node.js versions.
  • Express.js is perceived as relatively slow compared to other frameworks like Fastify, but upgrading to newer Node.js versions can significantly improve performance.
  • Express.js prioritizes stability, with applications built 7 years ago still running on the same version with minimal migration concerns.
  • The community's feedback is valued, and Express.js aims to find a balance that benefits everyone.
  • Express.js version 5 has been in development for 10 years and is expected to be released soon, focusing on modernization and incorporating features like native Promise support.
  • Governance decisions are made through a roadmap that reflects community input and priorities.
  • Express.js version 4 will continue to support Node.js version 0.10.
  • The team is not planning to absorb the functionalities of Helmet, a popular security middleware, but will recommend its use.
  • Express.js version 5 is the current top priority for the team, with a focus on releasing it and completing a security audit.

Overwhelmed by Endless Content?