Express.js 6 and Beyond: Modernizing the Most Popular Node.js Framework
Express.js, one of the most widely used web frameworks in the Node.js ecosystem, is undergoing a major transformation. Once considered stable but stagnant, Express is now being revitalized with a clear governance model, a renewed focus on performance, and active collaboration from organizations like NodeSource.
I recently spoke with Ulises Gascón, one of the Express maintainers, about the current state of the project, the challenges of modernizing a 15–years-old codebase, and how NodeSource is helping push Express toward a faster, more secure future.
A New Chapter for Express Governance
Two years ago, the Express team initiated a complete revamp of the project’s governance. What was once a largely single-maintainer effort under Doug Wilson evolved into a structured Technical Committee (TC) with multiple active contributors.
“Our goal was to evolve Express from a single-maintainer project into a sustainable, community-driven effort — one built on shared responsibility, clear processes, and long-term vision,” Ulises explained.
Through the Sovereign Tech Fund (now the Sovereign Tech Agency), the team secured resources to drive several key milestones, from improving security to tackling technical debt and preparing for a new era of performance.
The Legacy Challenge: Monkey-Patching and Outdated Internals
Express’s popularity has always been tied to its simplicity and stability, but that stability came at a cost. The Express 4.x version, released over a decade ago, remains the most used today, and it’s compatible with Node.js versions as old as 0.8.
That backward compatibility means that much of Express’s internal logic predates modern JavaScript features, and even predates the Node.js fork of io.js.
“Express performs a significant amount of monkey patching on Node’s core modules — particularly the HTTP library — to enable its middleware chaining model,” said Ulises. “That approach made perfect sense at the time, but today it creates both security risks and major performance issues.”
The maintainers are now on what Jon Church calls a “Great Monkey-Patch Safari” - identifying and eliminating legacy patches across more than 60 libraries that the Express team maintains in three different GitHub organizations, from body-parser to path-to-regexp.
Modernization Through Express 5 and Beyond
In 2024, the team released Express 5, the framework’s first major update in almost ten years. The release modernized the codebase by dropping support for legacy Node.js versions, overhauling route matching for improved security, adding native async/await middleware support, and removing deprecated APIs.
“For almost ten years, people wondered if Express 5 would ever happen,” Ulises said. “Finally shipping it wasn’t just a technical win — it was proof that our new, community-driven governance works and that Express has its momentum back.”
The next version of Express, version 6, will focus on performance, modernization, and greater independence from Node’s legacy HTTP internals, enabling closer collaboration with the Node.js Core team and the wider ecosystem.
“Express should be faster, safer, and more modern, without breaking existing apps,” Ulises emphasized. “At the same time, we’re fixing the legacy monkey patching that’s long complicated things for the Node.js Core team, building a better future together by gradually adopting initiatives like http-next alongside other popular frameworks.”
Performance, Collaboration, and NodeSource’s Involvement
With security improvements in place, the focus has now shifted toward performance and observability. The Express team has an active #express-performance Slack channel and holds regular meetings (some public) to track progress.
This is where NodeSource comes in. Leveraging N|Solid, NodeSource is helping the Express team analyze and visualize performance characteristics at a deep level, identifying inefficiencies, loops, and bottlenecks in the code.
“NodeSource is helping us understand what’s really happening under the hood. With N|Solid, we can detect issues like unnecessary loops, object mapping inefficiencies, or performance regressions in a structured way, without over-engineering.” said Ulises.
NodeSource engineers like Rafael Gonzaga, Adrian Estrada, and Jeff Rios have been directly involved in building the tools and infrastructure supporting these efforts.
-
Rafael Gonzaga, Node.js core contributor and NodeSource engineer, has been working on proposals to streamline Express’s performance testing process and integrate insights from N|Solid. He is also leading the Performance Working Group in Node.js.
-
Adrián Estrada has been providing support on resource coordination to make testing environments more scalable and reliable. Also, making sure that the team’s expectations are aligned to realistic objectives.
-
Jeff Rios has developed multi-runner environments for GitHub Actions, enabling repeatable benchmarks across multiple Express components.
Together, they’re helping shape what Ulises describes as a “performance validation pipeline”, a workflow where every pull request on Express or its core libraries triggers automated benchmarking in controlled environments.
“Partenig with NodeSource in the Express Performance Working Group has been amazing. They have stepped up to help us integrate performance analysis tooling, plan to help build dashboards, and have generally been great contributors. They really understand how to be great members of our ecosystem while also running a product team.” Wess Todd – Express TC Member
What’s Next: Testing, Demos, and Community Involvement
In the coming weeks, the Express Performance Working Group plans to demo this new testing workflow to the Technical Committee (TC). This session will validate the approach and showcase how the team measures performance across different versions and environments.
Ulises hinted that recordings of these meetings will soon be available on YouTube, alongside detailed notes on GitHub, opening the door for more community contributions and transparency.
A Collaborative Path Forward
The modernization of Express is a technical project, and a collaborative renaissance. Through community-driven governance, open funding, and partnerships like the one with NodeSource, the project is ensuring that Express continues to thrive as a foundational part of the Node.js ecosystem.
“We’re not reinventing Express,” Ulises concluded. “We’re making sure it runs better, lasts longer, and continues to serve millions of developers worldwide.”