Member of the Express.js Technical Committee (TC)
Escrito por: Ulises Gascón
Feb 15, 2024 — 4 min readThe Express technical committee meets online every two weeks (as needed) to discuss development and maintenance of Express, and other issues relevant to the Express project. Each meeting is typically announced in an expressjs/discussions issue with a link to join or view the meeting, which is open to all observers.
The meetings are recorded; for a list of the recordings, see the Express.js YouTube channel.
Currently Express.js is a project under the OpenJS Foundation, and the TC is responsible for the governance of the project.
My participation
Maintenance
- Helped to re-add Express.js to the Node.js CITGM project
- Lead an initiative to spit the examples from the core repository
- Prepare and release dozens of versions for the multiple packages that we maintain.
- Lead (as repo captain) more than 20 libraries and the triage team
Governance
- Helped to elaborate the Express Forward Plan with Wes Todd and Jean Burellier
- Re-define the Release process for the Express.js project
- Lead the creation of the Security Working Group and the security triage team. Creation details and contribution agreement
- Coordinate the Express 5.0 backlog from scratch
- Re-thinking many processes and introduce new tooling like a decission frameworks that lead to consolidate the technical criteria for the project (exmaples: engines usage, dependency management and much more...)
- Help the project to graduate as impact project in the OpenJS Foundation
- Finally release Express 5.0 after 10 years, Introducing Express v5: A New Era for the Node.js Framework
- Coordinate the Express 6.0 backlog
- Help to build a sustainable future for the project
Security
- Lead an initiative to adopt The OSSF Scorecard at Organization level
- Author the Express.js Threat Model
- Coordinate the Express.js Audit with OSTIF
- Help to adopt a Never-Ending Support (NES) with HeroDevs for Express
- Coordinate the disclosure for security patches (example)
- Mitigation developer for many vulnerabilities reported: CVE-2024-43796, CVE-2024-45590, CVE-2024-47178, CVE-2024-43799, and more...
The Project impact
- KEYNOTE: Express, State of the Union by Doug Wilson, Express
- Companies using Express in production
- Frameworks built on Express
- Wikipedia | Express.js
The Project Community impact
Express 5 Release
- devclass | Express.js team explain purpose of version 5.00, released after ten years to revive project ecosystem
- Academind | 🤯 Express.js 5 is here (since a month already, actually)
- midulive | Actualización HISTORICA de Express.js en 2024
- midulive | The Perfect Express.js Plan (Not for the Sensitive)
- Trevor I. Lasn | What's New in Express.js v5.0
Spam PRs incident
- Express.js Spam PRs Incident Highlights the Commoditization of Open Source Contributions
- ThePrimeTime | i woke up to this?
- Theo - t3.gg | I screwed up.
- Melkey | Don't Make This Open Source Contribution Mistake
Packages under the governance of the TC
- cookies
- finalhandler
- path-to-regexp
- router
- multiparty
- encodeurl
- send
- hbs
- parseurl
- csrf
- resolve-path
- path-match
- extend-proto
- qs-strict
- routington
- templation
- ssl-redirect
- mime-types
- http-errors
- cookie
- mime-db
- http-assert
- type-is
- basic-auth
- accepts
- vary
- on-finished
- fresh
- content-type
- range-parser
- on-headers
- forwarded
- compressible
- methods
- content-disposition
- media-typer
- negotiator
- statuses
- proxy-addr
- spdy-push
- etag
- http-utils
- express-session
- express
- method-override
- cors
- cookie-session
- morgan
- multer
- compression
- cookie-parser
- serve-index
- body-parser
- vhost
- serve-favicon
- express-generator
- serve-static
- csurf
- response-time
- connect-multiparty
- connect-timeout
- flash
- express-paginate
- errorhandler
- api-error-handler
- express-expose