Event in Spanish: Open Source Viernes con Ulises Gascon
08 Jun 2024 (6 months ago)
Latin American Installation Festival
- José Felipe Duarte Coronado, a Campus Expert in Colombia, attended the Latin American Installation Festival in Pereira, Colombia.
- The festival celebrated open-source software and aimed to bridge the gap between academia and industry.
- It featured over 25 speakers, various workshops, and promoted open-source culture in design, intelligence, and industry.
- José Felipe highlighted the sense of community, collaboration, and problem-solving in the open-source world.
Express.js
Popularity and Challenges
- Express.js is a popular Node.js framework for building web servers, with over 52 billion downloads per year.
- It faces challenges due to its modular nature and involvement of multiple organizations.
Governance and Maintenance
- Express.js has undergone governance changes, including the formation of a Technical Steering Committee, a triage team, and a security team.
- Douglas Christopher Wilson is the current maintainer of Express.js.
- The project has historically faced issues with burnout among maintainers and governance challenges.
Security
- A security team has been formed to address vulnerabilities.
- A threat model (trad model) has been created to define security responsibilities.
- Express.js does not handle sanitization, requiring users to validate input to prevent vulnerabilities.
- The team is auditing Express code and the trad model to improve security.
- Plans are in place to document and explain security measures to the community.
Open Source Project Standards
- Express.js encourages projects to adopt trad models and security processes.
- Not all open-source projects, even popular frameworks, have these measures.
- Express.js adopted the trad model based on positive experiences in Node.js.
Express Forward Plan
- Share future plans for Express.js.
- Focus on releasing Express 5.
- Develop a roadmap for Express 6 and 7.
- The Express.js team seeks feedback and contributions for the upcoming Express 5 release.
- A list of pending tasks for Express 5 is available on GitHub.
- Community members can join the Express Discussions repository and Express Slack channel for focused debates, collaboration, and seeking community input.
- The team is working on reviving the triage team to manage pull requests, issues, and prioritization.
Express 5 Features and Changes
- Express.js version 5 will require a minimum of Node.js version 18.
- It will not immediately support HTTP/2, but improved guides will be provided. HTTP/2 support may be added in version 6 or 7.
- The core framework size will be reduced, and it will become more modular.
- Default features like server-side rendering will be moved to separate modules.
- The Express.js ecosystem will be revitalized by absorbing and supporting community-developed plugins.
- Routing will be improved and decoupled from regular expressions.
- Flexibility in choosing JSON parsing and stringification methods will be provided.
- TypeScript support will be enhanced.
- A new feature flag system will be introduced.
- Production mode may become the default behavior.
Miscellaneous
- Monkey patching has been a problem for Express.js development and compatibility with newer Node.js versions.
- Express.js is perceived as relatively slow compared to other frameworks like Fastify, but upgrading to newer Node.js versions can significantly improve performance.
- Express.js prioritizes stability, with applications built 7 years ago still running on the same version with minimal migration concerns.
- The community's feedback is valued, and Express.js aims to find a balance that benefits everyone.
- Express.js version 5 has been in development for 10 years and is expected to be released soon, focusing on modernization and incorporating features like native Promise support.
- Governance decisions are made through a roadmap that reflects community input and priorities.
- Express.js version 4 will continue to support Node.js version 0.10.
- The team is not planning to absorb the functionalities of Helmet, a popular security middleware, but will recommend its use.
- Express.js version 5 is the current top priority for the team, with a focus on releasing it and completing a security audit.