Aims
Express.js - or simply, Express - is the leading backend framework on Node.js. It aims to be the backend side of the “Javascript everywhere” idea that became a reality with Node.
Express aims to be a very minimalist and unopinionated framework. While many backend frameworks force a certain backend structure such as MVC (model-view-controller), Express leaves this choice to the developer. This approach allows other backend frameworks such as Sails to build on top of Express, so one might say another aim of Express is to be the skeleton for more opinionated and complex backend frameworks.
Express also aims to be a fast framework by providing a thin layer of fundamental web application features, without obscuring Node’s features.
Domain Model
Express belongs in several domains that intersect such as Node, web application development, and backend frameworks. As a backend framework for Node, it not only shares a domain with other Javascript and Node-based frameworks, but also the bigger backend development domain that consists of many languages such as PHP and Ruby and their respective frameworks.
In 2009, Node essentially made Javascript, a traditional frontend language that used to only run on browsers, available for backend development. Along with that, Node brought a number of advantages over other backend environments, such as asynchronous execution which boosts speed and performance, good support for all forms of NoSQL databases, and a rich set of libraries and modules in the npm registry.
Express was the first web development framework for Node.js, which is probably why it chose to become an unopinionated framework. As a minimalist, all-rounder framework, Express allows to easily build simple web applications with few lines of code, while also allowing more complex applications to adopt whichever application structure they want, as well as paving the way for more opinionated frameworks for more specific needs.
What are the use-cases for Express?
Now that we know what the framework is, and what its goals are, we will dive into why you would want to use Express and where it fits in the toolbox of developers.
Before we try to envision the use-case for Express, we must first define who uses Express.
There are 3 main types of users: The end-users who use the actual applications developed using Express, the developers who create the applications, and developers who use Express as a base for bigger frameworks.
End-users
Website users usually just want the website to work and for it to work fast, i.e. pages should load fast. Express is performant enough (Scoring higher in the TechEmpower benchmarks than other common frameworks such as Flask, Rails, and Django).
Express may not be the most innovative framework, but the end-user ultimately only cares about whether the website works well or not, and websites built with Express just work.
Application developers
Developers who want to quickly prototype an idea or build a simple API may look to Express for its simplicity. While the framework is simple, it’s modular enough for extending your app to a more full-fletched solution using the many middlewares and extensions available. This is evident by the companies using Express1.
For the application developers, Express could be used for simple cases such as a simple JSON API. Express is mostly used in cases where a static web server is not sufficient, such as when needing more complex rendering logic or if the developer would need some form of persistence for their application.
Library developers
Express is also commonly used as a library or base for other frameworks, this is manageable since the Express library itself is relatively small (only ~1800 LOC of Javascript2) for the functionality that it provides, and the repository has a big base of tests and examples. Meaning that it’s easier to understand than most codebases, and thus easier to extend.
The context surrounding Express
In order to envision the aim of a system, we must also consider the environment surrounding the system, and especially the relationships that it has with other external systems or users. In this section, we will briefly look at the environment surrounding Express as a library, and we will also view an example of a production system built around Express. For this we use the view presented by Rozanski and Woods 3.
Software libraries are not only made of code, there are also systems in place to ensure a certain level of quality is maintained for the codebase, systems for tracking changes, easy distribution, etc. But most importantly, the actual people who maintain the library and the organization/logistics that are necessary for the project to be actively developed. In the Stateholder Analysis Section, the organization structure will be discussed in more detail.
BitMidi is a MIDI file archive that is built on Express. To get an idea of how a production system would look like we can take a look at the following overview of BitMidi’s architecture.
Looking at the architecture we can see some common external systems that Express interacts with, such as:
- A database for persistence, in this case, a MySQL DB
- A proxy server
- Deployment, BitMidi uses supervisor, but the systems used could range from simple solutions with systemd up to orchestrators such as kubernetes
- Express may also interact with some logging infrastructure or monitoring/metrics software (e.g. the ELK stack or Promotheus/Grafana)
Stakeholder Analysis
The Express project attracts a variety of stakeholders, each with different interests and influences over it. To investigate them, we conducted a stakeholder analysis by following the categories proposed by Rozanski and Woods4. The open-source nature of Express opens up to a stakeholder’s organization which differs from the traditional one of a closed project; such findings are summarized in the following subsections.
Acquirers
The OpenJS Foundation hosts Express as one of its At-Large projects, requiring minimal resource needs. The Foundation thus simply provides a neutral home to Express and ensures that the project follows the correct guidelines for sustainable and equitable development.
Assessors
For the aforementioned reasons, the OpenJS Foundation is also concerned about Express’ conformance to responsible open-source development standards. Moreover, a Technical Committee is appointed to ensure the quality of implementations to the framework, as well as discuss its roadmap and future features.
Communicators
Express relies on a wide variety of communication channels, each with different scopes and targets. The main source of information and directions on the project is offered on their own website and status board; the Technical Committee meetings are also made publicly available via livestreams and reuploads on Youtube. GitHub is then the most comprehensive community-oriented platform, used both to address bug findings/feature ideas/security concerns and as a discussion forum for users of the software.
Developers and maintainers
Since Express is an open-source code, it relies heavily on the users’ contributions integrated into the framework via GitHub’s pull requests. Alongside the Technical Committee, Douglas Wilson has been appointed as the lead maintainer of the project. There is finally a third group of labeled contributors – the Triagers – that actively manage issues on the project’s GitHub.
Suppliers
The source code can be found on GitHub, although the main distribution system for Express is npm.
Support staff
A wiki + documentation is provided for the users to facilitate the software usage, as well as dedicated community channels on Gitter, Google Groups and Freenode. Albeit not officially recognized, StackOverflow is an important place for discussions among users.
Testers
The developers – particularly the recognized Technical Committee and Triages groups – are appointed for ensuring sufficient testing of the framework.
Users
Any individual company (such as IBM, Fox Sports or Uber), open-source project (e.g., Builder Book, SaaS Boilerplate, BitMidi) or developer that makes use of Express is a user of the system. To a wider extent, any eventual end-user of the products built on top of the framework falls into the stakeholders’ scope, as their demands in user experience (for instance, when navigating a website) shape the needs that Express has to cover.
Quality attributes
Express represents today one of the most used frameworks for server-side web development. Its rapid initial growth and subsequent establishment as sector-leading software are intuitive to explain: Express is easy to use, simple to set up, and capable of immediately providing developers with a production-level codebase. Several are the qualities that make this framework such a loved and popular choice among its users:
- Simplicity – as mentioned, Express just works correctly and with out-of-the-box support for a wide variety of server tools through middleware.
- Modularity, extensibility and configurability – speaking of middleware, Express promotes their usage and as such allows developers to include only the functionalities required by the system they are working on. Other than built-in functions, users can easily develop, deploy and share their own pieces of middleware to address use-cases out of the initial framework’s scope (a famous example is the async error handling scenario). Reusability of code is a must when dealing with Express!
- Performance and scalability – the framework provides well-performing requests processing (albeit nowadays not top of the class, with recent solutions - such as fastify - providing more efficient alternatives) and is just as suitable for one-day MVPs as for industry-level products.
Product roadmap
Express GitHub repository reports about two main milestones, a minor release of version 4.18 and a major release of version 5.0 to go live in the upcoming months.
As part of release 4.18 the team aims to provide Express support for Node 15.x and 16.x and extensive work on HTTP response statuses such as the deprecation of non-integer statuses, support for proper http 205
responses using res.send
, and an upgrade of the statuses
library to version 2.0.0.
Furthermore, work to include deprecated libraries and dependency handling is listed as part of the to-dos for this release. Several upgrades of outdated dependencies are also mentioned in the release notes of minor release 4.18, including upgrades of cookie-signature libraries and depd
, a library that displays deprecation messages to the user.
Release notes for major release 5.0 are listed at https://github.com/expressjs/express/pull/2237.
As part of this major release, the team aims to provide Express users with support for promises in all handlers and as part of the app.param
. Improvements to the requests are made and responses statuses are refined. Some other significant features and breaking changes to be mentioned are the removal of Express 3.x middleware error stubs and a new path matching syntax.
A list of the deprecated things to be removed can be found in the release notes of version 5.0.
Along with that, some refactoring (of the Router
component) is also included as being part of this major release.
Ethical considerations of the system and its construction process
Express is a Node web application framework that facilitates web development by providing (amongst many other features) a tool for middleware management when handling HTTP Requests and Responses, routing of actions based on HTTP Method and URL, and dynamic rendering of HTML Pages by passing arguments to templates. It being a Node.js framework, an analysis on the security and licensing issues of Node and how Express handles such concerns is in order to hedge risk and draft an ethical profile of the software we, as a team, are contributing to develop.
Known Node.js security issues include cross-site request forgery (CSRF) and payload size limits.
Express addresses the latter concern by allowing the developer to configure Express body-parser
so that it accepts only smaller sized payloads; this way it avoids the risk of receiving a body payload too big for a single thread and prevents hackers from breaking into servers with just a small number of requests.
On the other hand, the risk of cross-site request forgery is hedged by the Express team through the Express csurf
middleware, a CSRF protection middleware that allows for CSRF token creation and validation.
Express’ commitment to increase security is proof of the product’s pledge to the users’ privacy and robustness guarantees. Furthermore, Express is an open-source framework; contributors are welcomed and encouraged and its maintainers are available and active on GitHub both to listen to remarks and help with troubleshooting. This promotes accessibility and inclusivity of the developers that intend to use the framework along with a more effective and reliable programming experience.
-
This was calculated by running tokei on the latest commit on the Express repository as of Feb 2022. ↩︎
-
Woods, E., & Rozanski, N. (2009, September). The system context architectural viewpoint. In 2009 Joint Working IEEE/IFIP Conference on Software Architecture & European Conference on Software Architecture (pp. 333-336). IEEE. ↩︎
-
Rozanski N, Woods E. Software Systems Architecture : Working with Stakeholders Using Viewpoints and Perspectives. 2nd ed. Upper Saddle River, NJ: Addison-Wesley; 2012. ↩︎