Web framework for Node.JS, Express, released v5 with improved security and performance

Express, the fast and minimalist web framework for Node.js, has launched version 5, focusing on modernizing the framework by dropping support for older Node.js versions, specifically those before v18. This strategic move addresses security concerns and simplifies maintenance, allowing for critical performance enhancements.

The v5 release aims to minimize breaking changes while updating essential dependencies, such as moving from path-to-regexp@0.x to path-to-regexp@8.x, reflecting years of accumulated improvements. Notably, support for sub-expression regular expressions, like /:foo(\\d+), has been removed due to security considerations. This change, along with the elimination of ordered numerical parameters, necessitates adjustments in route definitions.

Express v5 introduces support for handling rejected promises from errors in middleware, excluding resolved promises. Additionally, there are various changes to the body-parser and the removal of deprecated method signatures, further streamlining the framework for developers.