Event in Spanish: Open Source Viernes con Ulises Gascon

Latin American Installation Festival

• José Felipe Duarte Coronado, a Campus Expert in Colombia, attended the Latin American Installation Festival in Pereira, Colombia.
• The festival celebrated open-source software and aimed to bridge the gap between academia and industry.
• It featured over 25 speakers, various workshops, and promoted open-source culture in design, intelligence, and industry.
• José Felipe highlighted the sense of community, collaboration, and problem-solving in the open-source world.

Express.js

Popularity and Challenges

• Express.js is a popular Node.js framework for building web servers, with over 52 billion downloads per year.
• It faces challenges due to its modular nature and involvement of multiple organizations.

Governance and Maintenance

• Express.js has undergone governance changes, including the formation of a Technical Steering Committee, a triage team, and a security team.
• Douglas Christopher Wilson is the current maintainer of Express.js.
• The project has historically faced issues with burnout among maintainers and governance challenges.

Security

• A security team has been formed to address vulnerabilities.
• A threat model (trad model) has been created to define security responsibilities.
• Express.js does not handle sanitization, requiring users to validate input to prevent vulnerabilities.
• The team is auditing Express code and the trad model to improve security.
• Plans are in place to document and explain security measures to the community.

Open Source Project Standards

• Express.js encourages projects to adopt trad models and security processes.
• Not all open-source projects, even popular frameworks, have these measures.
• Express.js adopted the trad model based on positive experiences in Node.js.

Express Forward Plan

• Share future plans for Express.js.
• Focus on releasing Express 5.
• Develop a roadmap for Express 6 and 7.

Community Involvement

• The Express.js team seeks feedback and contributions for the upcoming Express 5 release.
• A list of pending tasks for Express 5 is available on GitHub.
• Community members can join the Express Discussions repository and Express Slack channel for focused debates, collaboration, and seeking community input.
• The team is working on reviving the triage team to manage pull requests, issues, and prioritization.

Express 5 Features and Changes

• Express.js version 5 will require a minimum of Node.js version 18.
• It will not immediately support HTTP/2, but improved guides will be provided. HTTP/2 support may be added in version 6 or 7.
• The core framework size will be reduced, and it will become more modular.
• Default features like server-side rendering will be moved to separate modules.
• The Express.js ecosystem will be revitalized by absorbing and supporting community-developed plugins.
• Routing will be improved and decoupled from regular expressions.
• Flexibility in choosing JSON parsing and stringification methods will be provided.
• TypeScript support will be enhanced.
• A new feature flag system will be introduced.
• Production mode may become the default behavior.

Miscellaneous

• Monkey patching has been a problem for Express.js development and compatibility with newer Node.js versions.
• Express.js is perceived as relatively slow compared to other frameworks like Fastify, but upgrading to newer Node.js versions can significantly improve performance.
• Express.js prioritizes stability, with applications built 7 years ago still running on the same version with minimal migration concerns.
• The community's feedback is valued, and Express.js aims to find a balance that benefits everyone.
• Express.js version 5 has been in development for 10 years and is expected to be released soon, focusing on modernization and incorporating features like native Promise support.
• Governance decisions are made through a roadmap that reflects community input and priorities.
• Express.js version 4 will continue to support Node.js version 0.10.
• The team is not planning to absorb the functionalities of Helmet, a popular security middleware, but will recommend its use.
• Express.js version 5 is the current top priority for the team, with a focus on releasing it and completing a security audit.