[HN Gopher] Express v5
___________________________________________________________________
Express v5
Author : saikatsg
Score : 42 points
Date : 2024-10-18 20:02 UTC (2 hours ago)
(HTM) web link (expressjs.com)
(TXT) w3m dump (expressjs.com)
| pfraze wrote:
| Appreciate your work on this, Wes & crew. Express is still my go
| to for nodejs, and it's really good to have this active
| governance.
| tlhunter wrote:
| Curiously, it still isn't `latest`:
|
| https://www.npmjs.com/package/express?activeTab=versions
| stefanos82 wrote:
| They have explained their reasoning in
| https://expressjs.com/2024/10/15/v5-release.html
| > Before going into the changes in this release, let's address
| why it was released v5 on the next dist-tag. As part of
| reviving the project, we started a Security working group and
| security triage team to address the growing needs around open
| source supply chain security. We undertook a security audit
| (more details to come on that) and uncovered some problems that
| needed to be addressed. Thus, in addition to the "normal" work
| done in public issues, we also did a lot of security work in
| private forks. This security work required orchestration when
| releasing, to ensure the code and CVE reports went out
| together. You can find a summary of the most recent
| vulnerabilities patched in our security release notes.
| > > While we weren't able to simultaneously release v5,
| this blog post, the changelog, and documentation, we felt it
| was most important to have a secure and stable release.
| > > As soon as possible, we'll provide more details on
| our long-term support (LTS) plans, including when the release
| will move from next to latest. For now, if you are
| uncomfortable being on the bleeding edge (even if it is a
| rather dull edge) then you should wait to upgrade until the
| release is tagged latest. That said, we look forward to working
| with you to address any bugs you encounter as you upgrade.
| dylanlacom wrote:
| I just want to _express_ my gratitude to Wes and the team of
| people who worked on this. I had to go back and read it twice
| that it 's been 10 years since the PR for v5 was opened. That's
| wild! I can only imagine the immense amount of work it must have
| been to change the inertia of this project. Cheers to a new
| chapter!
| _fat_santa wrote:
| Why did it take 10 years to release v5?
| simple10 wrote:
| My guess is Express has been stable for a long time with no
| real need to evolve it. And old versions of node have
| effectively expired, so they can now drop support.
|
| Most likely there are more API changes planned for v6 and v5 is
| the stepping stone.
|
| For personal projects, I've been loving https://hono.dev/ The
| DX is fantastic and it runs in bun and CloudFlare workers.
| Shoutout to the hono developers!
|
| For larger team projects, I end up using Fastify and NextJS. No
| real reason other than it's what's already running or other
| devs on the projects prefer it.
| petesergeant wrote:
| I've probably been living under a rock, but I hadn't seen the
| "transfer the old to a private company to provide support" model
| before
|
| https://www.herodevs.com/support/express-nes
___________________________________________________________________
(page generated 2024-10-18 23:00 UTC)