{"uuid": "62d8d437-f1d2-437c-81a2-d18e0ca88f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51999", "type": "seen", "source": "https://gist.github.com/Adcbda/8715cb3a2a149d295bc127dde35f13d6", "content": "\n\n\n\n\nexpress \u2014 Wiki\n\n\n\n\n*{margin:0;padding:0;box-sizing:border-box}\n:root{\n --bg:#ffffff;--sidebar-bg:#f8f9fb;--border:#e5e7eb;\n --text:#1e293b;--text-muted:#64748b;--primary:#2563eb;\n --primary-soft:#eff6ff;--hover:#f1f5f9;--code-bg:#f1f5f9;\n --radius:8px;--shadow:0 1px 3px rgba(0,0,0,.08);\n}\nbody{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;\n line-height:1.65;color:var(--text);background:var(--bg)}\n\n.layout{display:flex;min-height:100vh}\n.sidebar{width:280px;background:var(--sidebar-bg);border-right:1px solid var(--border);\n position:fixed;top:0;left:0;bottom:0;overflow-y:auto;padding:24px 16px;\n display:flex;flex-direction:column;z-index:10}\n.content{margin-left:280px;flex:1;padding:48px 64px;max-width:960px}\n\n.sidebar-header{margin-bottom:20px;padding-bottom:16px;border-bottom:1px solid var(--border)}\n.sidebar-title{font-size:16px;font-weight:700;color:var(--text);display:flex;align-items:center;gap:8px}\n.sidebar-title svg{flex-shrink:0}\n.sidebar-meta{font-size:11px;color:var(--text-muted);margin-top:6px}\n.nav-section{margin-bottom:2px}\n.nav-item{display:block;padding:7px 12px;border-radius:var(--radius);cursor:pointer;\n font-size:13px;color:var(--text);text-decoration:none;transition:all .15s;\n white-space:nowrap;overflow:hidden;text-overflow:ellipsis}\n.nav-item:hover{background:var(--hover)}\n.nav-item.active{background:var(--primary-soft);color:var(--primary);font-weight:600}\n.nav-item.overview{font-weight:600;margin-bottom:4px}\n.nav-children{padding-left:14px;border-left:1px solid var(--border);margin-left:12px}\n.nav-group-label{font-size:11px;font-weight:600;color:var(--text-muted);\n text-transform:uppercase;letter-spacing:.5px;padding:12px 12px 4px;user-select:none}\n.sidebar-footer{margin-top:auto;padding-top:16px;border-top:1px solid var(--border);\n font-size:11px;color:var(--text-muted);text-align:center}\n\n.content h1{font-size:28px;font-weight:700;margin-bottom:8px;line-height:1.3}\n.content h2{font-size:22px;font-weight:600;margin:32px 0 12px;padding-bottom:6px;border-bottom:1px solid var(--border)}\n.content h3{font-size:17px;font-weight:600;margin:24px 0 8px}\n.content h4{font-size:15px;font-weight:600;margin:20px 0 6px}\n.content p{margin:12px 0}\n.content ul,.content ol{margin:12px 0 12px 24px}\n.content li{margin:4px 0}\n.content a{color:var(--primary);text-decoration:none}\n.content a:hover{text-decoration:underline}\n.content blockquote{border-left:3px solid var(--primary);padding:8px 16px;margin:16px 0;\n background:var(--primary-soft);border-radius:0 var(--radius) var(--radius) 0;\n color:var(--text-muted);font-size:14px}\n.content code{font-family:'SF Mono',Consolas,'Courier New',monospace;font-size:13px;\n background:var(--code-bg);padding:2px 6px;border-radius:4px}\n.content pre{background:#1e293b;color:#e2e8f0;border-radius:var(--radius);padding:16px;\n overflow-x:auto;margin:16px 0}\n.content pre code{background:none;padding:0;font-size:13px;line-height:1.6;color:inherit}\n.content table{border-collapse:collapse;width:100%;margin:16px 0}\n.content th,.content td{border:1px solid var(--border);padding:8px 12px;text-align:left;font-size:14px}\n.content th{background:var(--sidebar-bg);font-weight:600}\n.content img{max-width:100%;border-radius:var(--radius)}\n.content hr{border:none;border-top:1px solid var(--border);margin:32px 0}\n.content .mermaid{margin:20px 0;text-align:center}\n\n.menu-toggle{display:none;position:fixed;top:12px;left:12px;z-index:20;\n background:var(--bg);border:1px solid var(--border);border-radius:var(--radius);\n padding:8px 12px;cursor:pointer;font-size:18px;box-shadow:var(--shadow)}\n@media(max-width:768px){\n .sidebar{transform:translateX(-100%);transition:transform .2s}\n .sidebar.open{transform:translateX(0);box-shadow:2px 0 12px rgba(0,0,0,.1)}\n .content{margin-left:0;padding:24px 20px;padding-top:56px}\n .menu-toggle{display:block}\n}\n.empty-state{text-align:center;padding:80px 20px;color:var(--text-muted)}\n.empty-state h2{font-size:20px;margin-bottom:8px;border:none}\n\n\n\n\n☰\n\n\n\n\n\n\n\n\n\nexpress\n\n\n\n\n\n\n\nGenerated by GitNexus\n\n\n\n\n\nLoading\u2026\n\n\n\nvar PAGES = {\"application-configuration\":\"# Application Configuration\\n\\n# Application Configuration\\n\\nThe `package.json` file serves as the central manifest for the Express web framework, defining project metadata, runtime dependencies, development tooling, and npm scripts. This document describes how the configuration shapes the framework's architecture and developer workflow.\\n\\n## Project Identity\\n\\n| Field | Value | Purpose |\\n|-------|-------|---------|\\n| `name` | `express` | npm package identifier |\\n| `version` | `5.2.1` | Semantic versioning for API stability guarantees |\\n| `description` | \\\"Fast, unopinionated, minimalist web framework\\\" | Core design philosophy communicated to users |\\n| `engines.node` | `>= 18` | Minimum Node.js runtime requirement |\\n\\nThe `keywords` array (`express`, `framework`, `sinatra`, `web`, `http`, `rest`, `restful`, `router`, `app`, `api`) indexes the package in npm search and signals the framework's positioning as a Sinatra-inspired, REST-capable HTTP router.\\n\\n## Dependency Architecture\\n\\nExpress 5.2.1 maintains a lean core through strategic delegation to specialized middleware packages. Dependencies fall into functional groups:\\n\\n### HTTP Protocol Handling\\n\\n| Package | Version | Role in Request/Response Cycle |\\n|---------|---------|-------------------------------|\\n| `accepts` | `^2.0.0` | Content negotiation (`req.accepts()`) |\\n| `content-type` | `^1.0.5` | MIME type parsing and validation |\\n| `encodeurl` | `^2.0.0` | RFC-compliant URL encoding |\\n| `escape-html` | `^1.0.3` | XSS prevention in error pages |\\n| `fresh` | `^2.0.0` | HTTP cache freshness checks |\\n| `parseurl` | `^1.3.3` | URL parsing with caching |\\n| `proxy-addr` | `^2.0.7` | X-Forwarded-For trust evaluation |\\n| `qs` | `^6.14.2` | Query string parsing (`extended` mode) |\\n| `range-parser` | `^1.2.1` | HTTP Range header parsing |\\n| `vary` | `^1.1.2` | Vary header management |\\n\\n### Request Body & Cookies\\n\\n| Package | Version | Integration Point |\\n|---------|---------|-------------------|\\n| `body-parser` | `^2.2.1` | `express.json()`, `express.urlencoded()`, `express.raw()`, `express.text()` |\\n| `cookie` | `^0.7.1` | Cookie serialization (`res.cookie()`) |\\n| `cookie-signature` | `^1.2.1` | Signed cookie integrity (`cookieParser` secret) |\\n\\n### Response Generation\\n\\n| Package | Version | Usage |\\n|---------|---------|-------|\\n| `content-disposition` | `^1.0.0` | `res.attachment()`, `res.download()` |\\n| `etag` | `^1.8.1` | Entity tag generation for conditional requests |\\n| `send` | `^1.1.0` | `res.sendFile()`, static file serving foundation |\\n| `serve-static` | `^2.2.0` | `express.static()` middleware |\\n| `statuses` | `^2.0.1` | HTTP status code lookup and validation |\\n| `finalhandler` | `^2.1.0` | Terminal error handling when no middleware responds |\\n\\n### Routing & Middleware Core\\n\\n| Package | Version | Responsibility |\\n|---------|---------|---------------|\\n| `router` | `^2.2.0` | Express 5's extracted routing engine; handles `app.get()`, `app.use()`, path matching, `Layer` execution, and `next()` propagation |\\n| `merge-descriptors` | `^2.0.0` | Property merging for `app.locals` inheritance and prototype extension |\\n| `on-finished` | `^2.4.1` | Response completion detection for cleanup (logging, resource release) |\\n| `once` | `^1.4.0` | Event handler deduplication in error paths |\\n\\n### Type Negotiation\\n\\n| Package | Version | Function |\\n|---------|---------|----------|\\n| `mime-types` | `^3.0.0` | Content-Type to file extension resolution |\\n| `type-is` | `^2.0.1` | `req.is()` for content-type validation |\\n\\n### Debugging & Diagnostics\\n\\n| Package | Version | Integration |\\n|---------|---------|-------------|\\n| `debug` | `^4.4.0` | Namespaced logging (`express:application`, `express:router`, etc.) |\\n| `depd` | `^2.0.0` | Deprecated API warnings with stack traces |\\n| `http-errors` | `^2.0.0` | `createError()` factory for `next(err)` patterns |\\n\\n## npm Scripts: Developer Workflow\\n\\n```bash\\n# Code quality\\nnpm run lint # eslint . \u2014 static analysis\\nnpm run lint:fix # eslint . --fix \u2014 automated fixes\\n\\n# Testing\\nnpm test # Full test suite with spec reporter\\nnpm run test-tap # TAP-formatted output for CI parsing\\nnpm run test-cov # HTML + text coverage reports\\nnpm run test-ci # LCOV-only coverage for Codecov/Coveralls\\n```\\n\\nThe test command reveals the project structure:\\n\\n```bash\\nmocha --require test/support/env --reporter spec --check-leaks test/ test/acceptance/\\n```\\n\\n- `test/support/env` \u2014 environment bootstrap (likely sets `NODE_ENV=test`, configures `supertest` globals)\\n- `test/` \u2014 unit tests for internal modules\\n- `test/acceptance/` \u2014 integration tests validating end-to-end HTTP behavior\\n\\n## File Distribution\\n\\nThe `files` array controls the npm publish payload:\\n\\n```json\\n[\\\"LICENSE\\\", \\\"Readme.md\\\", \\\"index.js\\\", \\\"lib/\\\"]\\n```\\n\\nOnly the entry point (`index.js`) and `lib/` directory ship to consumers. Examples, benchmarks, and tests are excluded from the production package, reducing install size despite their presence in the repository.\\n\\n## DevDependencies: Ecosystem Compatibility Testing\\n\\nDevelopment dependencies validate Express integration with common middleware patterns without bloating the core:\\n\\n| Package | Test Purpose |\\n|---------|-------------|\\n| `express-session` / `connect-redis` | Session store abstraction |\\n| `cookie-parser` / `cookie-session` | Cookie middleware alternatives |\\n| `ejs` / `hbs` | Template engine integration (`res.render()`) |\\n| `method-override` | HTTP verb tunneling |\\n| `morgan` | HTTP request logging |\\n| `vhost` | Virtual host routing |\\n| `supertest` | HTTP assertion library for tests |\\n| `pbkdf2-password` | Authentication pattern examples |\\n\\nThese packages are not Express dependencies\u2014they are *test subjects* ensuring the framework's extension points remain compatible with the broader ecosystem.\\n\\n## Connection to Runtime Code\\n\\nThe `package.json` configuration directly shapes the implementation in `lib/`:\\n\\n- **`lib/application.js`**: Bootstraps `body-parser`, `serve-static`, and `router` exports via `require()` calls to packages listed in `dependencies`\\n- **`lib/response.js`**: Delegates to `send`, `content-disposition`, `etag`, `encodeurl`, `escape-html`, `statuses`, and `mime-types`\\n- **`lib/request.js`**: Uses `accepts`, `fresh`, `parseurl`, `proxy-addr`, `qs`, `range-parser`, `type-is`\\n- **`lib/express.js`**: Factory function returning `app` instances backed by the `router` package\\n\\nThe `engines` constraint (`>= 18`) permits native use of:\\n- `Readable.fromWeb()` / `Writable.toWeb()` for stream interoperability\\n- `fetch` global (though Express uses `http` module directly)\\n- Native `structuredClone` where applicable\\n\\n## Funding & Governance\\n\\nThe `funding` field points to Open Collective, sustaining maintenance of this dependency graph. The `contributors` list spans the framework's evolution from TJ Holowaychuk's original release through the current Express.js organization stewardship.\",\"authentication-example\":\"# Authentication Example\\n\\n# Authentication Example\\n\\nA complete Express.js application demonstrating session-based user authentication with password hashing. This example implements a minimal but production-pattern login system using PBKDF2 password hashing, server-side sessions, and flash-style messaging.\\n\\n## Purpose\\n\\nThis module serves as a reference implementation for:\\n\\n- Secure password storage using salted hashes (PBKDF2 via `pbkdf2-password`)\\n- Session-based authentication state management\\n- Session fixation protection through regeneration\\n- Flash message patterns for user feedback\\n- Route protection middleware\\n\\n## Architecture Overview\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 Client \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Express \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Session \u2502\\n\u2502 (Browser) \u2502\u25c4\u2500\u2500\u2500\u2500\u2502 Server \u2502\u25c4\u2500\u2500\u2500\u2500\u2502 Store \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 In-Memory \u2502\\n \u2502 User \\\"DB\\\" \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Key Components\\n\\n### Application Setup\\n\\nThe Express application is configured with EJS templating and three layers of middleware:\\n\\n| Middleware | Purpose |\\n|-----------|---------|\\n| `express.urlencoded()` | Parse POST form data |\\n| `express-session` | Server-side session management |\\n| Custom flash middleware | Extract and clear session messages into `res.locals` |\\n\\n```javascript\\napp.use(session({\\n resave: false, // Skip save if session unmodified\\n saveUninitialized: false, // Don't create empty sessions\\n secret: 'shhhh, very secret'\\n}));\\n```\\n\\n### User Database\\n\\nA plain object simulates persistent storage. On startup, the user `tj` is created with a PBKDF2 hash of password `foobar`:\\n\\n```javascript\\nvar users = {\\n tj: { name: 'tj' }\\n};\\n\\n// Generate salt and hash asynchronously\\nhash({ password: 'foobar' }, function (err, pass, salt, hash) {\\n users.tj.salt = salt;\\n users.tj.hash = hash;\\n});\\n```\\n\\n### Authentication Flow\\n\\n```mermaid\\nsequenceDiagram\\n participant C as Client\\n participant S as Express Server\\n participant D as User DB\\n\\n C->>S: POST /login (username, password)\\n S->>D: lookup users[name]\\n alt User not found\\n S-->>C: redirect /login (error)\\n else User exists\\n S->>S: hash(password, storedSalt)\\n alt Hash mismatch\\n S-->>C: redirect /login (error)\\n else Hash matches\\n S->>S: req.session.regenerate()\\n S->>S: store user in session\\n S-->>C: redirect (success)\\n end\\n end\\n```\\n\\n### Core Functions\\n\\n#### `authenticate(name, pass, fn)`\\n\\nVerifies credentials against the stored hash. The callback signature is `fn(err, user)` where `user` is `null` on failure.\\n\\n```javascript\\nauthenticate(req.body.username, req.body.password, function(err, user) {\\n if (user) {\\n // successful login\\n } else {\\n // authentication failed\\n }\\n});\\n```\\n\\n**Security note**: The function uses timing-safe comparison implicitly through `hash === user.hash`. In production, prefer `crypto.timingSafeEqual()`.\\n\\n#### `restrict(req, res, next)`\\n\\nRoute middleware that enforces authentication. Unauthenticated requests are redirected to `/login` with a flash error message.\\n\\n```javascript\\napp.get('/restricted', restrict, function(req, res) {\\n // Only reached when req.session.user exists\\n});\\n```\\n\\n### Route Handlers\\n\\n| Route | Method | Middleware | Behavior |\\n|-------|--------|-----------|----------|\\n| `/` | GET | \u2014 | Redirect to `/login` |\\n| `/login` | GET | \u2014 | Render login form |\\n| `/login` | POST | \u2014 | Validate credentials, establish session |\\n| `/restricted` | GET | `restrict` | Protected content |\\n| `/logout` | GET | \u2014 | Destroy session, redirect home |\\n\\n### Session Security Patterns\\n\\n**Session regeneration on login** prevents fixation attacks:\\n\\n```javascript\\nreq.session.regenerate(function() {\\n req.session.user = user; // Store in new session ID\\n // ...\\n});\\n```\\n\\n**Session destruction on logout** ensures complete cleanup:\\n\\n```javascript\\nreq.session.destroy(function(){\\n res.redirect('/');\\n});\\n```\\n\\n### Flash Message Middleware\\n\\nA custom middleware bridges session-stored messages to template locals:\\n\\n```javascript\\napp.use(function(req, res, next){\\n var err = req.session.error;\\n var msg = req.session.success;\\n delete req.session.error; // Clear after reading\\n delete req.session.success;\\n // Expose to templates via res.locals\\n res.locals.message = buildMessageHtml(err, msg);\\n next();\\n});\\n```\\n\\nMessages are consumed once\u2014displayed on the next rendered page, then removed.\\n\\n## Views\\n\\nThe EJS templates use includes for consistent layout:\\n\\n- `head.ejs` \u2014 HTML boilerplate with base styling for `.error` (red) and `.success` (green) classes\\n- `login.ejs` \u2014 Form with `username`/`password` fields and `message` injection point\\n- `foot.ejs` \u2014 Closing tags\\n\\nThe login form submits to `/login` via POST with `application/x-www-form-urlencoded` encoding.\\n\\n## Running the Example\\n\\n```bash\\nnode examples/auth/index.js\\n```\\n\\nServer starts on port 3000 when executed directly (`!module.parent`). Default credentials: **tj** / **foobar**.\\n\\n## Integration Points\\n\\n| Dependency | Usage |\\n|-----------|-------|\\n| `express` | Core framework (loaded via `../..` relative path for in-repo examples) |\\n| `express-session` | Session middleware |\\n| `pbkdf2-password` | PBKDF2 hashing with automatic salt generation |\\n| `node:path` | Cross-platform path resolution for views directory |\\n\\nThe `module.exports = app` pattern allows the application to be imported for testing without starting the server.\",\"content-negotiation-example\":\"# Content Negotiation Example\\n\\n# Content Negotiation Example\\n\\nThis module demonstrates two patterns for handling HTTP content negotiation in Express: inline format handlers within route definitions, and a reusable middleware pattern that delegates to external formatter modules.\\n\\n## Module Purpose\\n\\nContent negotiation allows a single endpoint to serve the same data in different representations based on the client's `Accept` header. This example shows how `res.format()` selects the appropriate handler for `text/html`, `text/plain`, or `application/json` responses.\\n\\n## File Structure\\n\\n| File | Role |\\n|------|------|\\n| `db.js` | In-memory data store with three sample users |\\n| `index.js` | Express application with two route patterns |\\n| `users.js` | External format handlers for the middleware pattern |\\n\\n## Data Layer\\n\\n`db.js` exports a simple array of user objects:\\n\\n```javascript\\nvar users = [];\\nusers.push({ name: 'Tobi' });\\nusers.push({ name: 'Loki' });\\nusers.push({ name: 'Jane' });\\nmodule.exports = users;\\n```\\n\\nThis is imported by both `index.js` and `users.js`.\\n\\n## Pattern 1: Inline Format Handlers\\n\\nThe root route (`GET /`) defines format handlers directly in `res.format()`:\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.format({\\n html: function(){\\n res.send('\n' + users.map(function(user){\\n return '\n' + user.name + '<\\/li>';\\n }).join('') + '<\\/ul>');\\n },\\n text: function(){\\n res.send(users.map(function(user){\\n return ' - ' + user.name + '\\\\n';\\n }).join(''));\\n },\\n json: function(){\\n res.json(users);\\n }\\n });\\n});\\n```\\n\\nExpress inspects the `Accept` header and invokes the matching handler. Default priority follows Express's format ordering when the client accepts multiple types.\\n\\n## Pattern 2: Middleware Abstraction\\n\\nThe `/users` route demonstrates extracting format logic into a reusable `format()` middleware factory:\\n\\n```javascript\\nfunction format(path) {\\n var obj = require(path);\\n return function(req, res){\\n res.format(obj);\\n };\\n}\\n\\napp.get('/users', format('./users'));\\n```\\n\\nThe `format()` function:\\n1. Requires a module at the given `path`\\n2. Expects that module to export handlers keyed by format name (`html`, `text`, `json`)\\n3. Returns an Express middleware that calls `res.format()` with those handlers\\n\\n## External Format Module\\n\\n`users.js` exports the same three handlers as named properties, making the format logic testable and reusable across routes:\\n\\n```javascript\\nvar users = require('./db');\\n\\nexports.html = function(req, res){ /* ... */ };\\nexports.text = function(req, res){ /* ... */ };\\nexports.json = function(req, res){ /* ... */ };\\n```\\n\\nThis separation allows multiple routes to share format definitions without duplication.\\n\\n## Architecture\\n\\n```mermaid\\nflowchart LR\\n A[Client Request] --> B{Accept Header}\\n B -->|text/html| C[html handler]\\n B -->|text/plain| D[text handler]\\n B -->|application/json| E[json handler]\\n \\n C --> F[res.send]\\n D --> F\\n E --> G[res.json]\\n \\n C & D & E --> H[users array from db.js]\\n \\n style A fill:#f9f,stroke:#333\\n style H fill:#bbf,stroke:#333\\n```\\n\\n## Server Bootstrap\\n\\nThe application starts only when run directly (not when required as a module):\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\nThis pattern enables the file to serve as both a standalone application and a testable module export.\\n\\n## Integration with Express\\n\\nThis example requires Express via a relative path (`../../`), indicating it lives within the Express repository's `examples/` directory. The `app` is exported as `module.exports`, allowing test files to mount or inspect it without starting the server.\",\"cookie-sessions-example\":\"# Cookie Sessions Example\\n\\n# Cookie Sessions Example\\n\\n## Overview\\n\\nThis module demonstrates a minimal Express application that uses signed cookie-based sessions to persist per-user state across requests. It increments and displays a view counter that survives browser refreshes without server-side session storage.\\n\\n## Architecture\\n\\n```mermaid\\nflowchart LR\\n A[Client Request] --> B[cookie-session middleware]\\n B --> C[Session data in signed cookie]\\n C --> D[Route handlerincrements count]\\n D --> E[Response withupdated cookie]\\n```\\n\\n## Dependencies\\n\\n| Module | Source | Purpose |\\n|--------|--------|---------|\\n| `cookie-session` | npm | Parses and signs session cookies; exposes `req.session` |\\n| `express` | `../../` (local) | Web framework |\\n\\n## Configuration\\n\\n### Session Middleware\\n\\n```javascript\\napp.use(cookieSession({ secret: 'manny is cool' }));\\n```\\n\\n| Option | Value | Behavior |\\n|--------|-------|----------|\\n| `secret` | `'manny is cool'` | Signs cookies to prevent tampering; **must be changed in production** |\\n\\nThe `cookie-session` middleware:\\n- Reads the session cookie from `req.headers.cookie`\\n- Verifies the signature using `secret`\\n- Populates `req.session` with the deserialized cookie payload (or `{}` if absent/malformed)\\n- Serializes and re-signs `req.session` to `Set-Cookie` on response end\\n\\n## Route Handler\\n\\n### `GET /`\\n\\n```javascript\\napp.get('/', function (req, res) {\\n req.session.count = (req.session.count || 0) + 1\\n res.send('viewed ' + req.session.count + ' times\\\\n')\\n})\\n```\\n\\n| Step | Action |\\n|------|--------|\\n| Read | Retrieves `req.session.count` (undefined on first visit) |\\n| Update | Increments counter, storing back to `req.session` |\\n| Persist | `cookie-session` automatically serializes to signed cookie |\\n| Respond | Returns plain text with current count |\\n\\n## Session Data Flow\\n\\n```\\nFirst Request Subsequent Request\\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\\n\\nNo cookie sent \u2192 Cookie: session=eyJjb3VudCI6MX0=...\\n \u2193\\n Verify signature\\n \u2193\\nreq.session = {} \u2192 req.session = { count: 1 }\\n \u2193 \u2193\\nreq.session.count = 1 req.session.count = 2\\n \u2193 \u2193\\nSet-Cookie: session=... Set-Cookie: session=...\\n```\\n\\n## Security Considerations\\n\\n| Concern | Mitigation Required |\\n|---------|---------------------|\\n| Secret exposure | Replace hardcoded secret; use environment variable |\\n| Cookie size | Session data limited to ~4KB; large data needs server-side storage |\\n| No expiration set | Add `maxAge` or `expires` to limit window of compromise |\\n| No `httpOnly`/`secure` | Add for production to prevent XSS theft and ensure HTTPS-only transmission |\\n\\n## Running the Example\\n\\n```bash\\n# From repository root\\nnode examples/cookie-sessions/index.js\\n# Express started on port 3000\\n\\n# Test with curl\\ncurl -c cookies.txt -b cookies.txt http://localhost:3000/\\n# viewed 1 times\\ncurl -c cookies.txt -b cookies.txt http://localhost:3000/\\n# viewed 2 times\\n```\\n\\n## Integration with Express\\n\\nThis example uses the local Express build (`../../` relative to `examples/cookie-sessions/`) rather than a published npm version. The `module.parent` guard allows the file to be both:\\n\\n- **Required as module**: `var app = require('./examples/cookie-sessions')` (skips `listen()`)\\n- **Run directly**: `node examples/cookie-sessions/index.js` (starts server on port 3000)\\n\\n## Key API References\\n\\n- [`cookie-session`](https://github.com/expressjs/cookie-session): Middleware documentation\\n- [`res.send()`](../../lib/response.js): Response body method (called via `test/Router.js` in test environment per call graph)\",\"cookies-example\":\"# Cookies Example\\n\\n# Cookies Example\\n\\nAn Express.js application demonstrating cookie-based session persistence using signed cookies, form handling, and conditional response rendering.\\n\\n## Overview\\n\\nThis example implements a \\\"remember me\\\" feature that persists user preference across browser sessions via HTTP cookies. It showcases three core Express patterns: middleware composition for request processing, cookie signing for tamper detection, and form-based state transitions with POST-redirect-GET flow.\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 HTTP Request \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 cookie-parser \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 urlencoded() \u2502\\n\u2502 \u2502 \u2502 (signed cookies)\u2502 \u2502 (form parsing) \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 Route Handler \u2502\\n \u2502 (GET /, POST /,\u2502\\n \u2502 GET /forget) \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 Cookie Set/ \u2502\\n \u2502 Clear + Redirect\u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Middleware Stack\\n\\nThe application configures middleware in a specific order, with each layer transforming the request object:\\n\\n| Order | Middleware | Purpose | Condition |\\n|-------|-----------|---------|-----------|\\n| 1 | `morgan` | Request logging | Skipped in `test` environment |\\n| 2 | `cookieParser('my secret here')` | Parse & verify signed cookies | Always |\\n| 3 | `express.urlencoded()` | Parse form submissions | Always |\\n\\nThe cookie parser secret (`'my secret here'`) enables `req.signedCookies` verification. Cookies signed with this secret can be detected if tampered with by clients.\\n\\n## Routes\\n\\n### `GET /`\\n\\nRenders one of two states based on cookie presence:\\n\\n- **Cookie present (`req.cookies.remember`)**: Displays confirmation message with link to `/forget`\\n- **No cookie**: Renders checkbox form for opting into \\\"remember me\\\"\\n\\n```javascript\\n// Cookie check uses the unsigned cookies object\\nif (req.cookies.remember) { // Note: not req.signedCookies\\n // ...\\n}\\n```\\n\\n**Note**: The implementation checks `req.cookies` rather than `req.signedCookies`, meaning it does not verify the cookie signature on read. The cookie is still signed on write (via `res.cookie`).\\n\\n### `POST /`\\n\\nProcesses form submission from the root page:\\n\\n```javascript\\nvar minute = 60000;\\n\\nif (req.body && req.body.remember) {\\n res.cookie('remember', 1, { maxAge: minute })\\n}\\nres.redirect(req.get('Referrer') || '/');\\n```\\n\\nSets cookie with:\\n- **Name**: `remember`\\n- **Value**: `1`\\n- **maxAge**: 60,000ms (1 minute)\\n\\nThe redirect implements POST-redirect-GET pattern to prevent form resubmission on refresh.\\n\\n### `GET /forget`\\n\\nClears the `remember` cookie and redirects back:\\n\\n```javascript\\nres.clearCookie('remember');\\nres.redirect(req.get('Referrer') || '/');\\n```\\n\\nUses `Referrer` header to maintain navigation context; falls back to root path.\\n\\n## Cookie Lifecycle\\n\\n```mermaid\\nstateDiagram-v2\\n [*] --> Form: GET / (no cookie)\\n Form --> Remembered: POST / (checked)\\n Remembered --> Remembered: GET / (cookie valid)\\n Remembered --> Form: GET /forget\\n Form --> Form: POST / (unchecked)\\n```\\n\\n## Environment Handling\\n\\nThe module uses `process.env.NODE_ENV` to conditionally disable logging during test execution. This pattern allows test suites to run without console noise while preserving observability in development and production.\\n\\nThe `module.parent` check enables both direct execution and programmatic import:\\n\\n```javascript\\n// Direct: node examples/cookies/index.js\\n// \u2192 Server starts on port 3000\\n\\n// Programmatic: require('./examples/cookies')\\n// \u2192 Returns app instance without binding to port\\n```\\n\\n## Integration Points\\n\\n| External Module | Version Context | Role |\\n|-----------------|-----------------|------|\\n| `express` | `../../` (local) | Framework \u2014 provides `app`, routing, middleware |\\n| `morgan` | npm dependency | HTTP request logging |\\n| `cookie-parser` | npm dependency | Cookie parsing and signature verification |\\n\\nThe `../../` require path for Express indicates this example runs from within the Express repository itself, not against a published npm version.\\n\\n## Security Considerations\\n\\n- Cookie secret is hardcoded (`'my secret here'`) \u2014 production applications should use environment variables\\n- `maxAge` of 1 minute is intentionally short for demonstration; real \\\"remember me\\\" features typically use longer durations with additional safeguards\\n- The cookie value `1` is a simple flag; sensitive data should not be stored client-side even with signing\",\"core-framework\":\"# Core Framework\\n\\n# Core Framework\\n\\nThe Core Framework module is the heart of Express, responsible for application instantiation, request/response pipeline orchestration, and the HTTP server abstraction. It wires together routing, middleware, view rendering, and the enhanced request/response prototypes that define Express's programming model.\\n\\n## Module Structure\\n\\n| File | Responsibility |\\n|------|-------------|\\n| `lib/express.js` | Factory function and module exports |\\n| `lib/application.js` | App prototype: configuration, routing delegation, server lifecycle |\\n| `lib/request.js` | Enhanced `http.IncomingMessage` prototype |\\n| `lib/response.js` | Enhanced `http.ServerResponse` prototype |\\n| `lib/view.js` | Template engine resolution and rendering |\\n| `lib/utils.js` | Shared utilities: ETag generation, query parsing, trust proxy compilation |\\n\\n## Application Factory (`lib/express.js`)\\n\\n`createApplication()` produces a function object that acts as both a request handler and an application instance. It merges in `EventEmitter` behavior and the `app` prototype, then creates isolated request/response prototypes with a back-reference to the app.\\n\\n```javascript\\nvar app = function(req, res, next) {\\n app.handle(req, res, next);\\n};\\n```\\n\\nThe factory exposes constructors and bundled middleware at the module level:\\n\\n```javascript\\nexports.json = bodyParser.json;\\nexports.static = require('serve-static');\\n// ... etc\\n```\\n\\n## Application Prototype (`lib/application.js`)\\n\\n### Initialization\\n\\n`app.init()` sets up the default configuration and lazily instantiates the router. The `router` property uses a getter so that `new Router()` is deferred until first access\u2014typically when `app.use()` or `app.handle()` is called.\\n\\n```javascript\\nObject.defineProperty(this, 'router', {\\n get: function getrouter() {\\n if (router === null) {\\n router = new Router({\\n caseSensitive: this.enabled('case sensitive routing'),\\n strict: this.enabled('strict routing')\\n });\\n }\\n return router;\\n }\\n});\\n```\\n\\n### Configuration System\\n\\nSettings are stored in `app.settings`, a plain object that supports inheritance through prototype chaining when apps are mounted. `app.set()` triggers side effects for three special keys:\\n\\n| Setting | Compiled Function |\\n|---------|-----------------|\\n| `etag` | `compileETag(val)` \u2192 stored as `etag fn` |\\n| `query parser` | `compileQueryParser(val)` \u2192 stored as `query parser fn` |\\n| `trust proxy` | `compileTrust(val)` \u2192 stored as `trust proxy fn` |\\n\\nThe `trust proxy` setting includes backward-compatibility logic: a symbol `@@symbol:trust_proxy_default` tracks whether the value was explicitly set or inherited from a parent app.\\n\\n### Request Dispatch (`app.handle`)\\n\\nWhen a request arrives, `app.handle` performs setup before delegating to the router:\\n\\n1. Creates `finalhandler` fallback if no callback provided\\n2. Sets `X-Powered-By` header if enabled\\n3. Establishes `req.res` and `res.req` circular references\\n4. Swaps prototypes: `req.__proto__ = this.request`, `res.__proto__ = this.response`\\n5. Initializes `res.locals`\\n6. Calls `this.router.handle(req, res, done)`\\n\\n### Mounting Sub-Applications (`app.use`)\\n\\n`app.use` distinguishes between plain middleware and mounted Express apps. When an app is mounted:\\n\\n```javascript\\nfn.mountpath = path;\\nfn.parent = this;\\n\\nrouter.use(path, function mounted_app(req, res, next) {\\n var orig = req.app;\\n fn.handle(req, res, function (err) {\\n Object.setPrototypeOf(req, orig.request);\\n Object.setPrototypeOf(res, orig.response);\\n next(err);\\n });\\n});\\n\\nfn.emit('mount', this);\\n```\\n\\nThe prototype restoration ensures that after leaving the sub-app, `req` and `res` revert to the parent app's enhanced prototypes.\\n\\n### Route Registration\\n\\nHTTP methods are dynamically attached by iterating `utils.methods` (derived from `http.METHODS`). The `get` method is special-cased: one argument means `app.get(setting)` (retrieve config), two or more means `app.get(path, ...handlers)` (define route).\\n\\n```javascript\\napp.get = function (path) {\\n if (arguments.length === 1) {\\n return this.set(path); // getter\\n }\\n var route = this.route(path);\\n route.get.apply(route, slice.call(arguments, 1));\\n return this;\\n};\\n```\\n\\n## Request Prototype (`lib/request.js`)\\n\\nBuilt on `http.IncomingMessage.prototype`, the request object adds Express-specific getters via `defineGetter`:\\n\\n| Property | Implementation |\\n|----------|---------------|\\n| `req.query` | Parsed via `query parser fn`, cached by `parseurl` |\\n| `req.protocol` | `https` if encrypted, else checks `X-Forwarded-Proto` |\\n| `req.secure` | `this.protocol === 'https'` |\\n| `req.ip` | `proxyaddr(this, trust)` \u2014 client IP through trusted proxies |\\n| `req.ips` | Array of proxy addresses (reversed, socket addr removed) |\\n| `req.subdomains` | Host parts before domain, controlled by `subdomain offset` |\\n| `req.path` | `url.parse(this.url).pathname` |\\n| `req.host` / `req.hostname` | Host header with `X-Forwarded-Host` proxy support |\\n| `req.fresh` / `req.stale` | Cache validation via `fresh` module |\\n| `req.xhr` | Checks `X-Requested-With: xmlhttprequest` |\\n\\nContent negotiation delegates to the `accepts` module:\\n\\n```javascript\\nreq.accepts = function() {\\n var accept = accepts(this);\\n return accept.types.apply(accept, arguments);\\n};\\n```\\n\\n## Response Prototype (`lib/response.js`)\\n\\nBuilt on `http.ServerResponse.prototype`, handling content generation, header manipulation, and stream-based file transfer.\\n\\n### Content Serialization (`res.send`)\\n\\n`res.send` performs type-based dispatch:\\n\\n```\\nstring \u2192 HTML (unless Content-Type already set)\\nnumber \u2192 pass to res.json (deprecated path, actually handled as object)\\nboolean \u2192 pass to res.json\\nobject \u2192 pass to res.json\\nnull \u2192 empty body\\nBuffer/ArrayBufferView \u2192 binary\\n```\\n\\nETag generation is conditional on `etag fn` being configured and no existing `ETag` header. For 204/304 responses, content headers are stripped.\\n\\n### JSON and JSONP\\n\\n`res.json` serializes with `JSON.stringify`, respecting `json replacer` and `json spaces` settings. `res.jsonp` additionally checks `req.query[app.get('jsonp callback name')]` for a callback function name, sanitizing it and wrapping the response in a function invocation with a `/**/` prefix to mitigate Rosetta Flash attacks.\\n\\n### File Transfer (`res.sendFile` / `res.download`)\\n\\n`res.sendFile` delegates to the `send` module, creating a readable stream piped to the response. The `sendfile` helper manages lifecycle events:\\n\\n```javascript\\nfunction sendfile(res, file, options, callback) {\\n file.on('directory', ondirectory);\\n file.on('error', onerror);\\n file.on('end', onend);\\n onFinished(res, onfinish); // detects premature client disconnect\\n file.pipe(res);\\n}\\n```\\n\\n`res.download` sets `Content-Disposition: attachment` before calling `res.sendFile`.\\n\\n### Cookies\\n\\n`res.cookie` serializes values with optional signing and JSON encoding:\\n\\n```javascript\\nvar val = typeof value === 'object'\\n ? 'j:' + JSON.stringify(value)\\n : String(value);\\n\\nif (signed) {\\n val = 's:' + sign(val, secret);\\n}\\n```\\n\\n`res.clearCookie` forces expiration by setting `expires: new Date(1)`.\\n\\n## View System (`lib/view.js`)\\n\\n`View` resolves template paths and normalizes engine loading. Engine functions are cached in `app.engines` and must conform to `(path, options, callback)` signature.\\n\\nResolution order for `view.lookup('foo')`:\\n\\n1. `/foo.`\\n2. `/foo/index.`\\n\\nEngines are auto-required by extension if not pre-registered:\\n\\n```javascript\\nvar fn = require(mod).__express;\\nif (typeof fn !== 'function') {\\n throw new Error('Module \\\"' + mod + '\\\" does not provide a view engine.');\\n}\\n```\\n\\nRendering forces async callbacks via `process.nextTick` if the engine calls back synchronously.\\n\\n## Utilities (`lib/utils.js`)\\n\\n| Export | Purpose |\\n|--------|---------|\\n| `methods` | Lowercased `http.METHODS` array |\\n| `compileETag(val)` | Converts `true/'weak'/'strong'/false/function` to ETag function |\\n| `compileQueryParser(val)` | Converts `true/'simple'/'extended'/false/function` to parser |\\n| `compileTrust(val)` | Converts boolean/number/string/array/function to proxy trust function |\\n| `normalizeType(type)` | Resolves extension to MIME type with parameters |\\n| `setCharset(type, charset)` | Injects charset into Content-Type via `content-type` module |\\n\\nETag generation uses `etag` module with pre-bound options:\\n\\n```javascript\\nfunction createETagGenerator(options) {\\n return function generateETag(body, encoding) {\\n var buf = !Buffer.isBuffer(body)\\n ? Buffer.from(body, encoding)\\n : body;\\n return etag(buf, options);\\n };\\n}\\n```\\n\\n## Architecture Diagram\\n\\n```mermaid\\nflowchart LR\\n A[http.createServer] -->|req, res| B(app.handle)\\n B --> C[Prototype Swap]\\n C --> D[router.handle]\\n D --> E[Middleware Stack]\\n E --> F[Route Handlers]\\n E --> G[Mounted Apps]\\n G -->|fn.handle| B\\n \\n subgraph \\\"Request Enhancement\\\"\\n C --> H[req: IncomingMessage + request.js]\\n C --> I[res: ServerResponse + response.js]\\n end\\n \\n subgraph \\\"View System\\\"\\n F --> J[app.render]\\n J --> K[View.lookup]\\n K --> L[engine(path, opts, cb)]\\n end\\n```\\n\\n## Key Integration Points\\n\\n- **Router**: `app.router` is a `Router` instance from the separate `router` package. All routing methods (`use`, `route`, `param`, VERB methods) proxy to it.\\n- **Body Parser / Serve-Static**: Re-exported from `express.js` as convenience properties; not internally used by core.\\n- **Finalhandler**: Provides default error response when no error-handling middleware catches an exception.\\n- **Merge-Descriptors**: Used once at app creation to mix `EventEmitter` and `app` prototype onto the function object.\",\"downloads-example\":\"# Downloads Example\\n\\n# Downloads Example\\n\\nAn Express application demonstrating secure file downloads with path traversal protection and custom error handling for missing files.\\n\\n## Overview\\n\\nThis example showcases `res.download()` with a virtual path prefix. Files are stored in a dedicated `files/` directory and served through a wildcard route that strips the `/files/` prefix before resolving paths on disk.\\n\\n## Route Structure\\n\\n| Route | Handler | Purpose |\\n|-------|---------|---------|\\n| `GET /` | Inline function | Serves an HTML index with download links |\\n| `GET /files/*file` | Inline function | Handles file downloads with error recovery |\\n\\n## File Resolution\\n\\nThe application uses `req.params.file` as an array of path segments captured by the wildcard `*file` parameter. These segments are joined with `/` to form the relative file path passed to `res.download()`.\\n\\n```javascript\\nres.download(req.params.file.join('/'), { root: FILES_DIR }, callback)\\n```\\n\\nThe `root` option constrains file access to `FILES_DIR`, preventing directory traversal attacks even if a request contains `../` segments.\\n\\n## Error Handling Strategy\\n\\nThe download callback implements a two-tier error response:\\n\\n```javascript\\nfunction (err) {\\n if (!err) return; // Success \u2014 file transmitted\\n if (err.status !== 404) return next(err); // Server error \u2014 propagate to Express error handler\\n res.statusCode = 404; // Not found \u2014 custom friendly response\\n res.send('Cant find that file, sorry!');\\n}\\n```\\n\\nNon-404 errors (permission denied, disk I/O failures) are passed to `next(err)` for the default Express error middleware to handle.\\n\\n## Test Files\\n\\nThe `files/` directory contains sample content demonstrating various filename scenarios:\\n\\n| File | Purpose |\\n|------|---------|\\n| `amazing.txt` | Basic ASCII filename |\\n| `notes/groceries.txt` | Nested directory path |\\n| `CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt` | Unicode filename (URL-encoded in requests) |\\n| *(missing)* | `missing.txt` intentionally absent to trigger 404 handling |\\n\\n## Connection to Express Core\\n\\nThis example depends on Express's `res.download()` implementation, which internally delegates to `send()` (from the `send` module, referenced in `test/Router.js`). The `root` option leverages Express's path resolution and security checks before streaming the file response.\\n\\n## Running the Example\\n\\n```bash\\nnode examples/downloads/index.js\\n```\\n\\nThe server binds to port 3000 when executed directly (`!module.parent`), or exports the app instance for testing/embedding.\",\"ejs-templating-example\":\"# EJS Templating Example\\n\\n# EJS Templating Example\\n\\nThis example demonstrates how to configure Express to use the EJS (Embedded JavaScript) templating engine with HTML file extensions instead of the default `.ejs` extension. It renders a user list page using partial templates for modular view composition.\\n\\n## Purpose\\n\\nThe module serves as a reference implementation for:\\n\\n- Registering a template engine under a custom file extension\\n- Using EJS includes for reusable view partials (`header.html`, `footer.html`)\\n- Serving static assets alongside dynamic views\\n- Passing local variables from route handlers to templates\\n\\n## Application Setup\\n\\n### Engine Registration\\n\\n```javascript\\napp.engine('.html', require('ejs').__express);\\n```\\n\\nBy default, Express looks for engines that match file extensions. EJS exposes `__express` as its standard hook into Express's view system. This line registers EJS to handle `.html` files, allowing templates to use the more neutral `.html` extension rather than `.ejs`.\\n\\n### View Configuration\\n\\n```javascript\\napp.set('views', path.join(__dirname, 'views'));\\napp.set('view engine', 'html');\\n```\\n\\n| Setting | Purpose |\\n|---------|---------|\\n| `views` | Absolute path to the directory containing template files |\\n| `view engine` | Default extension to append when `res.render()` is called without one |\\n\\nWith `view engine` set to `html`, `res.render('users')` resolves to `views/users.html`.\\n\\n### Static Files\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n\\nServes the `public/` directory at the root URL path. The stylesheet at `public/stylesheets/style.css` becomes available at `/stylesheets/style.css`.\\n\\n## Route Handler\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.render('users', {\\n users: users,\\n title: \\\"EJS example\\\",\\n header: \\\"Some users\\\"\\n });\\n});\\n```\\n\\nThe single route renders `users.html` with three local variables:\\n\\n- `users` \u2014 array of user objects consumed by the `forEach` loop\\n- `title` \u2014 inserted into the `` element via `<%= title %>`\\n- `header` \u2014 passed but unused in the current template (available for future use)\\n\\n## Template Architecture\\n\\n### `users.html` (Main Template)\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 <%- include('header.html') -%> \u2502\\n\u2502 \u2502\\n\u2502 \nUsers<\\/h1> \u2502\\n\u2502 \n \u2502\\n\u2502 <% users.forEach(...) %> \u2502\\n\u2502 <\\/ul> \u2502\\n\u2502 \u2502\\n\u2502 <%- include('footer.html') -%> \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\nUses **unescaped include tags** (`<%- ... -%>`) to prevent EJS from double-escaping the HTML partials. The `-%>` syntax trims trailing whitespace.\\n\\n### `header.html`\\n\\n- Outputs HTML5 doctype and `` structure\\n- References `<%= title %>` for dynamic page title\\n- Links to `/stylesheets/style.css` (served by `express.static`)\\n\\n### `footer.html`\\n\\nCloses the `` and `` tags opened in `header.html`.\\n\\n## EJS Tag Reference\\n\\n| Tag | Purpose | Example in Module |\\n|-----|---------|-------------------|\\n| `<%= expr %>` | Escaped output | `<%= user.name %>`, `<%= title %>` |\\n| `<%- expr %>` | Unescaped output | `<%- include('header.html') -%>` |\\n| `<% code %>` | Control flow (no output) | `<% users.forEach(...) %>` |\\n\\n## Request Flow\\n\\n```mermaid\\nflowchart LR\\n A[GET /] --> B[Route Handler]\\n B --> C[res.render('users')]\\n C --> D[Express View System]\\n D --> E[Load users.html]\\n E --> F[Include header.html]\\n E --> G[Include footer.html]\\n F & G --> H[Render HTML Response]\\n H --> I[Send to Client]\\n```\\n\\n## File Structure\\n\\n```\\nexamples/ejs/\\n\u251c\u2500\u2500 index.js # Application entry point\\n\u251c\u2500\u2500 public/\\n\u2502 \u2514\u2500\u2500 stylesheets/\\n\u2502 \u2514\u2500\u2500 style.css # Static stylesheet\\n\u2514\u2500\u2500 views/\\n \u251c\u2500\u2500 header.html # Opening HTML structure\\n \u251c\u2500\u2500 footer.html # Closing HTML structure\\n \u2514\u2500\u2500 users.html # Main template with user list\\n```\\n\\n## Running the Example\\n\\n```bash\\nnode examples/ejs/index.js\\n```\\n\\nThe server starts on port 3000 when executed directly (`!module.parent`). Access the application at `http://localhost:3000/`.\\n\\nThe `module.exports = app` pattern allows the application to be imported for testing without starting the server.\",\"error-handling-examples\":\"# Error Handling Examples\\n\\n# Error Handling Examples\\n\\nTwo reference implementations demonstrating Express error handling patterns: basic synchronous and asynchronous error capture, and content-negotiated custom error pages with environment-aware verbosity.\\n\\n---\\n\\n## `examples/error/` \u2014 Basic Error Handling\\n\\nA minimal Express application showing how errors propagate to error-handling middleware.\\n\\n### Key Pattern: Error-Handling Middleware Signature\\n\\nError-handling middleware in Express is distinguished by **arity of 4** \u2014 the `(err, req, res, next)` signature. Without the `err` parameter, Express treats it as regular middleware and it will not receive errors.\\n\\n```javascript\\nfunction error(err, req, res, next) { // \u2190 4 parameters required\\n if (!test) console.error(err.stack);\\n res.status(500);\\n res.send('Internal Server Error');\\n}\\n```\\n\\n### Error Propagation Mechanisms\\n\\n| Mechanism | Source | Trigger |\\n|-----------|--------|---------|\\n| `throw` | `app.get('/')` | Synchronous error in route handler |\\n| `next(err)` | `app.get('/next')` | Asynchronous error via callback |\\n\\nThe `/next` route demonstrates that `next(err)` works inside async operations (simulated with `process.nextTick()`). In production code, this pattern applies to database queries, HTTP requests, or any async I/O.\\n\\n```javascript\\napp.get('/next', function(req, res, next){\\n process.nextTick(function(){\\n next(new Error('oh no!')); // passes error to error-handling middleware\\n });\\n});\\n```\\n\\n### Critical Ordering Rule\\n\\nError-handling middleware **must be registered after routes**. The example places `app.use(error)` after all `app.get()` calls. If registered before routes, it would never receive errors from those routes.\\n\\n---\\n\\n## `examples/error-pages/` \u2014 Custom Error Pages with Content Negotiation\\n\\nA more sophisticated example showing status-specific error pages, format negotiation, and environment-conditional error detail.\\n\\n### Architecture Overview\\n\\n```mermaid\\ngraph TD\\n A[Request] --> B{Route matches?}\\n B -->|Yes| C[Route handler]\\n B -->|No| D[404 Handler]\\n C -->|next() without response| D\\n C -->|next(err)| E[Error Handler]\\n C -->|next(err with status)| E\\n D -->|res.format| F[HTML / JSON / Text]\\n E -->|res.render| G[500.ejs with conditional stack trace]\\n```\\n\\n### Environment-Aware Verbosity\\n\\nThe application uses Express's `settings` system to control error detail exposure:\\n\\n```javascript\\napp.enable('verbose errors'); // default: on\\nif (app.settings.env === 'production') {\\n app.disable('verbose errors'); // production: off\\n}\\n```\\n\\nThis setting is consumed in `views/500.ejs`:\\n\\n```ejs\\n<% if (settings['verbose errors']) { %>\\n \n<%= error.stack %><\\/pre>\\n<% } else { %>\\n \nAn error occurred!<\\/p>\\n<% } %>\\n```\\n\\n### Trigger Routes\\n\\n| Route | Behavior | Result |\\n|-------|----------|--------|\\n| `GET /` | Renders landing page | `200` with `index.ejs` |\\n| `GET /404` | Calls `next()` without responding | Falls through to 404 handler |\\n| `GET /403` | Creates error with `err.status = 403` | 403 error page |\\n| `GET /500` | Calls `next(new Error(...))` | 500 error page |\\n\\n### Content Negotiation for 404s\\n\\nThe 404 handler uses `res.format()` to respond differently based on `Accept` header:\\n\\n```javascript\\nres.format({\\n html: function () {\\n res.render('404', { url: req.url })\\n },\\n json: function () {\\n res.json({ error: 'Not found' })\\n },\\n default: function () {\\n res.type('txt').send('Not found')\\n }\\n})\\n```\\n\\nThis produces:\\n- `curl http://localhost:3000/notfound` \u2192 HTML page\\n- `curl ... -H \\\"Accept: application/json\\\"` \u2192 `{\\\"error\\\":\\\"Not found\\\"}`\\n- `curl ... -H \\\"Accept: text/plain\\\"` \u2192 `Not found`\\n\\n### Error Handler with Status Preservation\\n\\nThe final error-handling middleware preserves HTTP status codes set on error objects:\\n\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500); // respects err.status, defaults to 500\\n res.render('500', { error: err });\\n});\\n```\\n\\nThis allows the `/403` route to display a 403 page rather than a generic 500.\\n\\n---\\n\\n## View Templates\\n\\n### `error_header.ejs` / `footer.ejs`\\nShared wrapper providing HTML boilerplate. Included by `404.ejs` and `500.ejs`.\\n\\n### `404.ejs`\\n```ejs\\n<%- include('error_header') -%>\\n\nCannot find <%= url %><\\/h2>\\n<%- include('footer') -%>\\n```\\n\\n### `500.ejs`\\nConditionally renders stack trace based on `settings['verbose errors']`. Receives the full `error` object from the error-handling middleware.\\n\\n---\\n\\n## Integration with Express Core\\n\\nBoth examples use `require('../../')` to load the local Express source (not npm-installed express), making them part of the Express test/development workflow. They serve as:\\n\\n- **Integration tests**: Verified by the test suite (note `/* istanbul ignore next */` guards on `app.listen()` blocks)\\n- **Documentation**: Working code demonstrating canonical patterns\\n- **Regression checks**: Ensure error propagation behavior remains stable across versions\\n\\nThe `error-pages` example connects to broader Express patterns through `res.format()` (shared with `examples/content-negotiation/`) and `res.json()` (core response method).\",\"hello-world-example\":\"# Hello World Example\\n\\n# Hello World Example\\n\\n## Overview\\n\\nThe Hello World example is the minimal Express application demonstrating the framework's core routing and response APIs. It initializes an Express instance, registers a single root route handler, and conditionally starts an HTTP server based on whether the module is executed directly or required by another module.\\n\\n## Module Structure\\n\\n```javascript\\nvar express = require('../../');\\nvar app = module.exports = express()\\n```\\n\\nThe module exports the Express `app` instance directly, making it available for testing or composition by other modules. The `module.parent` check enables dual-use: direct execution runs a server on port 3000, while `require()` simply returns the configured app without binding to a port.\\n\\n## Request Handling Flow\\n\\n```mermaid\\nflowchart LR\\n A[HTTP GET /] --> B[Express Router]\\n B --> C[Route Handler]\\n C --> D[\\\"res.send('Hello World')\\\"]\\n D --> E[HTTP Response]\\n```\\n\\n## Route Configuration\\n\\n| Property | Value |\\n|----------|-------|\\n| Method | `GET` |\\n| Path | `/` |\\n| Handler | Inline function |\\n| Response | Plain text `\\\"Hello World\\\"` |\\n\\nThe handler uses `res.send()`, which delegates through Express's response pipeline to finalize the HTTP response with automatic content-type detection (`text/html` for string payloads).\\n\\n## Server Lifecycle\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\n| Condition | Behavior |\\n|-----------|----------|\\n| `module.parent` is falsy | Module executed directly (`node index.js`); server binds to port 3000 |\\n| `module.parent` is truthy | Module required by another file; no server started, `app` exported for external control |\\n\\nThe `/* istanbul ignore next */` comment excludes this block from code coverage instrumentation, as the conditional branch requiring direct execution is not exercised during typical test suite runs where the module is imported.\\n\\n## Integration Points\\n\\n| Element | Connects To |\\n|---------|-------------|\\n| `require('../../')` | Resolves to the Express package entry point at `examples/../index.js` |\\n| `res.send()` | Invokes Express's response sending logic (referenced in test/Router.js call graph) |\\n| `module.exports` | Consumed by test suites or parent modules for app-level testing |\\n\\n## Usage Patterns\\n\\n**Direct execution:**\\n```bash\\nnode examples/hello-world/index.js\\n# Express started on port 3000\\n# Server responds with \\\"Hello World\\\" at http://localhost:3000/\\n```\\n\\n**Programmatic use:**\\n```javascript\\nvar app = require('./examples/hello-world');\\n// app is a configured Express instance, ready for .listen() or mounting\\n```\",\"markdown-example\":\"# Markdown Example\\n\\n# Markdown Example\\n\\nAn Express application demonstrating custom view engine integration for rendering Markdown templates with variable interpolation.\\n\\n## Overview\\n\\nThis module creates a minimal Express server that registers `.md` files as first-class view templates. It uses the `marked` library to parse Markdown into HTML and implements a lightweight token replacement system for dynamic content injection.\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 HTTP Request \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Express Router \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 res.render() \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 Custom 'md' \u2502\\n \u2502 View Engine \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u25bc \u25bc \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 fs.read \u2502\u2500\u2500\u2500\u25b6\u2502 marked. \u2502\u2500\u2500\u2500\u25b6\u2502 {token} \u2502\\n \u2502 File \u2502 \u2502 parse() \u2502 \u2502 replace \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Custom View Engine\\n\\nThe core of this example is the `md` engine registered with `app.engine()`:\\n\\n```javascript\\napp.engine('md', function(path, options, fn){\\n fs.readFile(path, 'utf8', function(err, str){\\n if (err) return fn(err);\\n var html = marked.parse(str).replace(/\\\\{([^}]+)\\\\}/g, function(_, name){\\n return escapeHtml(options[name] || '');\\n });\\n fn(null, html);\\n });\\n});\\n```\\n\\n| Step | Description |\\n|------|-------------|\\n| File Read | Asynchronously reads the template file as UTF-8 |\\n| Parse | Converts Markdown to HTML via `marked.parse()` |\\n| Interpolate | Replaces `{token}` patterns with escaped values from `options` |\\n| Callback | Returns rendered HTML or error via Express's `fn(err, html)` convention |\\n\\n### Variable Interpolation Syntax\\n\\nTemplates use curly-brace tokens that map to `options` properties passed to `res.render()`:\\n\\n```markdown\\n# {title}\\n```\\n\\nThe replacement applies `escapeHtml()` to prevent XSS attacks, falling back to empty string for undefined keys.\\n\\n## Application Configuration\\n\\n```javascript\\napp.set('views', path.join(__dirname, 'views')); // Template lookup directory\\napp.set('view engine', 'md'); // Default extension, omit .md in render calls\\n```\\n\\nSetting `view engine` to `md` allows `res.render('index')` instead of `res.render('index.md')`.\\n\\n## Routes\\n\\n| Route | Handler | Purpose |\\n|-------|---------|---------|\\n| `GET /` | `res.render('index', { title: 'Markdown Example' })` | Renders main example page |\\n| `GET /fail` | `res.render('missing', { title: 'Markdown Example' })` | Demonstrates error handling (missing template) |\\n\\n## Template Example\\n\\n**`views/index.md`**\\n```markdown\\n# {title}\\n\\nJust an example view rendered with _markdown_.\\n```\\n\\nRenders to:\\n```html\\n\nMarkdown Example<\\/h1>\\n\nJust an example view rendered with markdown<\\/em>.<\\/p>\\n```\\n\\n## Server Bootstrap\\n\\nThe module uses a conditional listen pattern for testability:\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\nWhen `module.parent` is defined (e.g., required by test files), the server does not bind to a port. The `app` instance is exported for external testing or mounting.\\n\\n## Dependencies\\n\\n| Module | Usage |\\n|--------|-------|\\n| `escape-html` | Sanitizes interpolated values |\\n| `express` | Web framework (relative path `../..`) |\\n| `marked` | Markdown-to-HTML parser |\\n| `node:fs` | Template file I/O |\\n| `node:path` | Cross-platform path resolution |\\n\\n## Key Integration Points\\n\\n- **Express view system**: The `app.engine()` and `app.set()` calls plug into Express's `View` class resolution logic\\n- **Error propagation**: Async errors from `fs.readFile` flow through the `fn(err)` callback to Express's default error handler\\n- **Module exports**: `module.exports = app` enables testing and composition with larger applications\",\"multi-router-example\":\"# Multi-Router Example\\n\\n# Multi-Router Example\\n\\nAn Express.js application demonstrating how to compose multiple `Router` instances with versioned API prefixes.\\n\\n## Purpose\\n\\nThis example shows the standard pattern for organizing route handlers into separate modules and mounting them at distinct URL paths. It implements two API versions (`v1` and `v2`) with identical endpoint structures, illustrating how Express applications scale from monolithic route files to modular, mountable routers.\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 api_v1.js \u2502 \u2502 api_v2.js \u2502\\n\u2502 /api/v1/* \u2502 \u2502 /api/v2/* \u2502\\n\u2502 \u2022 GET / \u2502 \u2502 \u2022 GET / \u2502\\n\u2502 \u2022 GET /users \u2502 \u2502 \u2022 GET /users \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502 \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 index.js \u2502\\n \u2502 Mounts routers \u2502\u2500\u2500\u2500\u2500\u25ba Root handler: GET /\\n \u2502 at path prefix \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Entry Point: `index.js`\\n\\nThe main application file creates the Express instance, mounts the API routers, and defines a root-level fallback route.\\n\\n```javascript\\nvar app = module.exports = express();\\n\\napp.use('/api/v1', require('./controllers/api_v1'));\\napp.use('/api/v2', require('./controllers/api_v2'));\\n\\napp.get('/', function(req, res) {\\n res.send('Hello from root route.')\\n});\\n```\\n\\n### Key behaviors\\n\\n| Aspect | Implementation |\\n|--------|---------------|\\n| **Router mounting** | `app.use(path, router)` attaches each API version at its URL prefix |\\n| **Module exports** | `module.exports = app` allows the application to be imported for testing without starting the server |\\n| **Conditional listen** | Server only starts if `!module.parent` \u2014 prevents port conflicts when the module is required by test suites |\\n\\n## API Version Routers\\n\\nBoth `api_v1.js` and `api_v2.js` follow an identical structure, creating isolated `Router` instances with their own route definitions.\\n\\n### `api_v1.js`\\n\\n```javascript\\nvar apiv1 = express.Router();\\n\\napiv1.get('/', function(req, res) {\\n res.send('Hello from APIv1 root route.');\\n});\\n\\napiv1.get('/users', function(req, res) {\\n res.send('List of APIv1 users.');\\n});\\n\\nmodule.exports = apiv1;\\n```\\n\\n### `api_v2.js`\\n\\n```javascript\\nvar apiv2 = express.Router();\\n\\napiv2.get('/', function(req, res) {\\n res.send('Hello from APIv2 root route.');\\n});\\n\\napiv2.get('/users', function(req, res) {\\n res.send('List of APIv2 users.');\\n});\\n\\nmodule.exports = apiv2;\\n```\\n\\n### Router isolation\\n\\nEach file creates its own `express.Router()` rather than mutating a shared instance. This ensures:\\n\\n- Routes remain namespaced to their version prefix\\n- Middleware applied to one router does not affect the other\\n- Controllers can be tested independently by requiring them directly\\n\\n## Request Routing Flow\\n\\nWhen a request arrives, Express matches the URL path against mounted routers in registration order:\\n\\n```\\nGET /api/v1/users\\n \u2502\\n \u25bc\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 Does path start with /api/v1? \u2502\u25c4\u2500\u2500 First mount point checked\\n\u2502 Yes \u2192 Strip prefix, pass to \u2502\\n\u2502 api_v1 router \u2502\\n\u2502 \u2514\u2500\u25ba Matches /users handler \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n\\nGET /api/v2/\\n \u2502\\n \u25bc\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 Does path start with /api/v1? \u2502\u25c4\u2500\u2500 No match, continue\\n\u2502 Does path start with /api/v2? \u2502\u25c4\u2500\u2500 Match found\\n\u2502 Yes \u2192 Strip prefix, pass to \u2502\\n\u2502 api_v2 router \u2502\\n\u2502 \u2514\u2500\u25ba Matches / handler \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## URL Map\\n\\n| Request | Handler | Response |\\n|---------|---------|----------|\\n| `GET /` | `index.js` | `\\\"Hello from root route.\\\"` |\\n| `GET /api/v1` | `api_v1.js` \u2192 `/` | `\\\"Hello from APIv1 root route.\\\"` |\\n| `GET /api/v1/users` | `api_v1.js` \u2192 `/users` | `\\\"List of APIv1 users.\\\"` |\\n| `GET /api/v2` | `api_v2.js` \u2192 `/` | `\\\"Hello from APIv2 root route.\\\"` |\\n| `GET /api/v2/users` | `api_v2.js` \u2192 `/users` | `\\\"List of APIv2 users.\\\"` |\\n\\n## Integration with Express\\n\\nThe example uses the local Express build (`require('../..')` / `require('../../..')`) rather than a npm-installed package. This pattern appears throughout the `examples/` directory and ensures examples run against the current working tree during development.\\n\\nThe `send` calls referenced in the call graph resolve to Express's `res.send` implementation (internally tested via `test/Router.js`), not a custom function within this module.\",\"mvc-example\":\"# MVC Example\\n\\n# MVC Example Module\\n\\nA complete Express.js application demonstrating a convention-based Model-View-Controller architecture with automatic route generation, nested resources, and per-controller view engine configuration.\\n\\n## Overview\\n\\nThis module implements a full-stack web application managing **Users** and their **Pets**. It showcases Express patterns including: programmatic route mounting via filesystem conventions, controller-level middleware (`before` hooks), method override for RESTful semantics, flash messaging through sessions, and mixed template engines (EJS and Handlebars) within the same application.\\n\\nThe application uses an in-memory faux database (`db.js`) with seeded data for three users and four pets.\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 HTTP Request \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Express \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Sub-App Router \u2502\\n\u2502 \u2502 \u2502 (index) \u2502 \u2502 (boot.js) \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u25bc \u25bc \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 main \u2502 \u2502 user \u2502 \u2502 pet \u2502\\n \u2502 (index) \u2502 \u2502 (router) \u2502 \u2502 (router) \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502 \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2502\\n \u25bc \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502user-pet \u2502 \u2502 Views \u2502\\n \u2502(nested) \u2502 \u2502(ejs/hbs) \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Entry Point: `index.js`\\n\\nThe main application file configures Express and delegates controller loading to `lib/boot.js`.\\n\\n### Key Configurations\\n\\n| Setting | Value | Purpose |\\n|---------|-------|---------|\\n| `view engine` | `ejs` | Default template engine |\\n| `views` | `./views` | Global error page templates (404, 5xx) |\\n\\n### Custom Response Method\\n\\n```javascript\\napp.response.message = function(msg){\\n var sess = this.req.session;\\n sess.messages = sess.messages || [];\\n sess.messages.push(msg);\\n return this;\\n};\\n```\\n\\nStores flash messages in the session. Consumed by the middleware below and exposed to views as `res.locals.messages` / `res.locals.hasMessages`.\\n\\n### Middleware Stack (in order)\\n\\n1. **`morgan`** \u2014 HTTP request logging (development only)\\n2. **`express.static`** \u2014 Serves `public/` directory\\n3. **`express-session`** \u2014 Session management with `resave: false`, `saveUninitialized: false`\\n4. **`express.urlencoded`** \u2014 Parses form bodies into `req.body`\\n5. **`methodOverride('_method')`** \u2014 Allows `POST` with `?_method=put` to act as `PUT`\\n6. **Flash message middleware** \u2014 Moves session messages to `res.locals`, then clears them\\n7. **Controller sub-apps** \u2014 Loaded via `require('./lib/boot')(app, options)`\\n8. **Error handler** \u2014 Renders `5xx.ejs` for uncaught errors\\n9. **404 handler** \u2014 Renders `404.ejs` when no route matches\\n\\n## Auto-Route Generation: `lib/boot.js`\\n\\nScans `controllers/` directories and mounts each as an isolated Express sub-app with convention-derived routes.\\n\\n### Convention Mapping\\n\\n| Export Name | HTTP Method | URL Pattern | Example (for `pet` controller) |\\n|-------------|-------------|-------------|-------------------------------|\\n| `index` | `GET` | `/` | `GET /` |\\n| `list` | `GET` | `/{name}s` | `GET /pets` |\\n| `show` | `GET` | `/{name}/:{name}_id` | `GET /pet/:pet_id` |\\n| `edit` | `GET` | `/{name}/:{name}_id/edit` | `GET /pet/:pet_id/edit` |\\n| `update` | `PUT` | `/{name}/:{name}_id` | `PUT /pet/:pet_id` |\\n| `create` | `POST` | `/{name}` | `POST /pet` |\\n\\n### Controller Metadata Exports\\n\\n| Export | Type | Purpose |\\n|--------|------|---------|\\n| `name` | `string` | Overrides directory name for URL generation |\\n| `prefix` | `string` | Prepends path to all routes (for nesting) |\\n| `engine` | `string` | Sets sub-app's view engine (e.g., `'hbs'`, `'ejs'`) |\\n| `before` | `function(req, res, next)` | Middleware run before matched routes |\\n\\nThe `before` export receives special treatment: when present, routes are registered as `app[method](url, obj.before, handler)` instead of `app[method](url, handler)`.\\n\\n### View Resolution\\n\\nEach sub-app gets its own `views` directory pointing to `controllers/{name}/views/`, enabling colocated templates.\\n\\n## Controllers\\n\\n### `main/index.js`\\n\\nSimple redirect controller. No database dependency.\\n\\n```javascript\\nexports.index = function(req, res){\\n res.redirect('/users');\\n};\\n```\\n\\n**Route:** `GET /` \u2192 redirects to `/users`\\n\\n### `user/index.js`\\n\\nFull CRUD controller for users with async simulation in `before` hook.\\n\\n```javascript\\nexports.engine = 'hbs'; // Uses Handlebars templates\\nexports.before = function(req, res, next){\\n var id = req.params.user_id;\\n if (!id) return next(); // Skip for list route (no :user_id)\\n process.nextTick(function(){ // Simulate async DB query\\n req.user = db.users[id];\\n if (!req.user) return next('route'); // Skip to next matching route\\n next();\\n });\\n};\\n```\\n\\n| Export | Route | Template |\\n|--------|-------|----------|\\n| `list` | `GET /users` | `list.hbs` |\\n| `show` | `GET /user/:user_id` | `show.hbs` |\\n| `edit` | `GET /user/:user_id/edit` | `edit.hbs` |\\n| `update` | `PUT /user/:user_id` | redirect to `show` |\\n\\nThe `show.hbs` template displays flash messages via `{{#if hasMessages}}` and lists the user's pets with links to individual pet pages.\\n\\n### `pet/index.js`\\n\\nPet controller using EJS (inherits default, but explicitly sets `engine: 'ejs'`).\\n\\n```javascript\\nexports.before = function(req, res, next){\\n var pet = db.pets[req.params.pet_id];\\n if (!pet) return next('route'); // 404-style skip\\n req.pet = pet;\\n next();\\n};\\n```\\n\\n| Export | Route | Template |\\n|--------|-------|----------|\\n| `show` | `GET /pet/:pet_id` | `show.ejs` |\\n| `edit` | `GET /pet/:pet_id/edit` | `edit.ejs` |\\n| `update` | `PUT /pet/:pet_id` | redirect to `show` |\\n\\nThe `edit.ejs` form uses `?_method=put` to trigger `PUT` via method override:\\n\\n```html\\n\n?_method=put\\\" method=\\\"post\\\">\\n```\\n\\n### `user-pet/index.js`\\n\\nNested resource controller creating pets through a user.\\n\\n```javascript\\nexports.name = 'pet'; // Uses 'pet' in URL generation\\nexports.prefix = '/user/:user_id'; // All routes prefixed with user path\\n\\nexports.create = function(req, res, next){\\n var id = req.params.user_id;\\n var user = db.users[id];\\n if (!user) return next('route');\\n var pet = { name: req.body.pet.name };\\n pet.id = db.pets.push(pet) - 1; // Auto-increment ID via array length\\n user.pets.push(pet); // Associate with user\\n res.message('Added pet ' + req.body.pet.name);\\n res.redirect('/user/' + id);\\n};\\n```\\n\\n**Generated route:** `POST /user/:user_id/pet`\\n\\nThis demonstrates how `name` and `prefix` combine: the `create` export normally generates `POST /pet`, but with `prefix: '/user/:user_id'` becomes `POST /user/:user_id/pet`.\\n\\n## Data Layer: `db.js`\\n\\nIn-memory arrays with bidirectional object references (pets exist in both `db.pets` and embedded in `user.pets`).\\n\\n```javascript\\n// Seeded data structure\\npets = [{ name: 'Tobi', id: 0 }, ...] // 4 pets\\nusers = [\\n { name: 'TJ', pets: [pets[0], pets[1], pets[2]], id: 0 },\\n { name: 'Guillermo', pets: [pets[3]], id: 1 },\\n { name: 'Nathan', pets: [], id: 2 }\\n]\\n```\\n\\n**Note:** No persistence. Restarting the server resets all data.\\n\\n## View Templates\\n\\n| Template | Engine | Purpose |\\n|----------|--------|---------|\\n| `controllers/user/views/list.hbs` | Handlebars | User directory |\\n| `controllers/user/views/show.hbs` | Handlebars | User profile with pets |\\n| `controllers/user/views/edit.hbs` | Handlebars | Edit user + add pet form |\\n| `controllers/pet/views/show.ejs` | EJS | Pet profile |\\n| `controllers/pet/views/edit.ejs` | EJS | Edit pet name |\\n| `views/404.ejs` | EJS | Global not found |\\n| `views/5xx.ejs` | EJS | Global server error |\\n\\nThe `edit.hbs` template contains **two forms**: one for updating the user (`PUT /user/:id`) and one for creating a pet (`POST /user/:id/pet`), demonstrating the nested resource pattern in the UI.\\n\\n## Request Flow Example\\n\\n```\\nGET /user/0/edit\\n \u2502\\n \u25bc\\nboot.js mounts user sub-app at root\\n \u2502\\n \u25bc\\nuser.before() \u2500\u2500process.nextTick()\u2500\u2500\u25b6 req.user = db.users[0]\\n \u2502\\n \u25bc\\nuser.edit() \u2500\u2500\u25b6 res.render('edit', { user: req.user })\\n \u2502\\n \u25bc\\nedit.hbs renders with {{user.name}}, forms for user update + pet creation\\n```\\n\\n```\\nPOST /user/0/pet (from \\\"Add Pet\\\" form in edit.hbs)\\n \u2502\\n \u25bc\\nmethodOverride sees no ?_method, stays POST\\n \u2502\\n \u25bc\\nboot.js routes to user-pet.create (prefix match: /user/:user_id/pet)\\n \u2502\\n \u25bc\\nuser-pet.create() \u2500\u2500\u25b6 creates pet, pushes to db.pets and user.pets\\n res.message('Added pet ...')\\n redirect /user/0\\n \u2502\\n \u25bc\\nGET /user/0\\n \u2502\\n \u25bc\\nuser.before() \u2500\u2500\u25b6 req.user = db.users[0] (now with new pet)\\n \u2502\\n \u25bc\\nuser.show() \u2500\u2500\u25b6 show.hbs renders with {{#each user.pets}}\\n flash message appears via {{#if hasMessages}}\\n```\\n\\n## Extension Points\\n\\nTo add a new controller:\\n\\n1. Create directory under `controllers/{name}/`\\n2. Add `index.js` with route exports (`list`, `show`, `create`, etc.)\\n3. Optionally add `views/` subdirectory with templates matching the configured engine\\n4. Optionally export `name`, `prefix`, `engine`, or `before` for customization\\n\\nThe boot system automatically picks up the directory on next application start\u2014no route registration changes needed in `index.js`.\",\"online-example\":\"# Online Example\\n\\n# Online Example\\n\\nAn Express application demonstrating real-time user activity tracking using Redis-backed presence detection. This example shows how to integrate the `online` module with Express middleware to track active users and display recently seen visitors.\\n\\n## Purpose\\n\\nThis module serves as a runnable example that demonstrates:\\n\\n- Integrating Express with Redis for stateful session tracking\\n- Using middleware for fire-and-forget activity logging\\n- Querying time-bucketed presence data with the `online` module\\n- Rendering dynamic HTML from stored identifiers\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 middleware \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 Client \u2502 \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u25ba \u2502 Express \u2502 \u2500\u2500\u25ba \u2502 online \u2502\\n\u2502 Request \u2502 (UA string) \u2502 (app) \u2502 \u2502 (Redis) \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 GET \u2502\\n \u2502 / \u2502 \u25c4\u2500\u2500 Query last 5\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 active users\\n```\\n\\n## Dependencies\\n\\n| Module | Purpose |\\n|--------|---------|\\n| `express` | Web framework (loaded from parent directory via `../..`) |\\n| `online` | Presence tracking library with Redis backend |\\n| `redis` | Redis client for Node.js |\\n\\n## Components\\n\\n### Redis Client Setup\\n\\n```javascript\\nvar db = redis.createClient();\\nonline = online(db);\\n```\\n\\nCreates a Redis connection and initializes the `online` instance with that connection. The `online` module uses Redis sorted sets or similar structures to maintain time-bucketed presence data.\\n\\n### Activity Tracking Middleware\\n\\n```javascript\\napp.use(function(req, res, next){\\n online.add(req.headers['user-agent']);\\n next();\\n});\\n```\\n\\nFire-and-forget middleware that records each request's `User-Agent` header as an activity identifier. In production applications, this would typically use `req.user.id` or a session identifier instead.\\n\\n**Important characteristics:**\\n- Calls `next()` immediately without waiting for Redis operation\\n- Does not block request processing\\n- Uses `user-agent` string for demonstration purposes only (not unique per user in practice)\\n\\n### List Helper\\n\\n```javascript\\nfunction list(ids) {\\n return '\n' + ids.map(function(id){\\n return '\n' + id + '<\\/li>';\\n }).join('') + '<\\/ul>';\\n}\\n```\\n\\nTransforms an array of identifiers into an HTML unordered list. Pure function with no side effects.\\n\\n### Route Handler\\n\\n```javascript\\napp.get('/', function(req, res, next){\\n online.last(5, function(err, ids){\\n if (err) return next(err);\\n res.send('\nUsers online: ' + ids.length + '<\\/p>' + list(ids));\\n });\\n});\\n```\\n\\nQueries the `online` module for the 5 most recently active identifiers and renders a count with the full list.\\n\\n## API Surface\\n\\n| Method | Description |\\n|--------|-------------|\\n| `online.add(id)` | Records activity for a given identifier (fire-and-forget) |\\n| `online.last(n, callback)` | Retrieves `n` most recently active identifiers |\\n\\n## Execution Flow\\n\\n```mermaid\\nsequenceDiagram\\n participant C as Client\\n participant E as Express\\n participant M as Middleware\\n participant O as online/Redis\\n participant R as Route /\\n\\n C->>E: GET /\\n E->>M: app.use middleware\\n M->>O: online.add(ua-string)\\n M-->>E: next() (immediate)\\n E->>R: match GET /\\n R->>O: online.last(5, cb)\\n O-->>R: ids array\\n R->>E: res.send(html)\\n E-->>C: HTML response\\n```\\n\\n## Running the Example\\n\\nPrerequisites and startup:\\n\\n```bash\\n# Install Redis: https://redis.io/\\nnpm install redis online\\nredis-server\\n\\n# From project root\\nnode examples/online/index.js\\n# Express started on port 3000\\n```\\n\\n## Connection to Codebase\\n\\nThis module is located in `examples/online/` and depends on the parent directory's Express installation via `require('../..')`. It is not imported by any other module in the codebase (no incoming calls). The `send` reference in call graph data indicates Express's `res.send` method usage.\\n\\n## Notes for Contributors\\n\\n- The `user-agent` tracking is illustrative; real applications should use authenticated user identifiers\\n- Error handling follows Express convention: `if (err) return next(err)`\\n- The `/* istanbul ignore next */` comment excludes the listen block from test coverage\\n- Module uses `var` consistently (pre-ES6 style matching the codebase's era)\",\"other-acceptance\":\"# Other \u2014 acceptance\\n\\n# Acceptance Test Suite\\n\\nEnd-to-end HTTP acceptance tests for Express.js example applications. This suite validates complete request/response cycles using Supertest to ensure each example behaves correctly as a deployed web service.\\n\\n## Purpose\\n\\nThese tests serve as integration verification for the `examples/` directory. Each test file corresponds to a specific example application, exercising its routes, middleware, and edge cases through actual HTTP requests against a running app instance. Unlike unit tests, these validate the full stack including routing, middleware execution, response rendering, and header handling.\\n\\n## Test Structure\\n\\nAll tests follow a consistent pattern:\\n\\n```javascript\\nvar app = require('../../examples/')\\nvar request = require('supertest')\\n\\ndescribe('', function () {\\n describe(' ', function () {\\n it('', function (done) {\\n request(app)\\n .()\\n .\\n .end(done)\\n })\\n })\\n})\\n```\\n\\nThe `app` export from each example is a configured Express application instance that Supertest binds to an ephemeral port for the duration of the test.\\n\\n## Example Coverage\\n\\n| Test File | Example App | Key Behaviors Tested |\\n|-----------|-------------|----------------------|\\n| `auth.js` | `examples/auth` | Session-based authentication, login/logout flow, protected routes |\\n| `content-negotiation.js` | `examples/content-negotiation` | `Accept` header parsing, format switching (HTML/Plain/JSON) |\\n| `cookie-sessions.js` | `examples/cookie-sessions` | Client-side session cookie incrementing view counter |\\n| `cookies.js` | `examples/cookies` | Cookie setting, reading, and clearing via form submission |\\n| `downloads.js` | `examples/downloads` | File serving with `Content-Disposition`, path traversal protection |\\n| `ejs.js` | `examples/ejs` | EJS template rendering with HTML escaping |\\n| `error-pages.js` | `examples/error-pages` | Error response formatting by content type |\\n| `error.js` | `examples/error` | Synchronous and asynchronous error handling |\\n| `hello-world.js` | `examples/hello-world` | Basic response, 404 handling |\\n| `markdown.js` | `examples/markdown` | Markdown-to-HTML rendering, error propagation |\\n| `multi-router.js` | `examples/multi-router` | Mounting sub-routers at versioned paths |\\n| `mvc.js` | `examples/mvc` | Full CRUD: redirect, read, update, nested resource creation |\\n| `params.js` | `examples/params` | Route parameter parsing, custom parameter validation |\\n| `resource.js` | `examples/resource` | RESTful resource routing, range queries, format suffixes |\\n| `route-map.js` | `examples/route-map` | Declarative route mapping, nested resource paths |\\n| `route-separation.js` | `examples/route-separation` | Route-handler separation pattern, method override |\\n| `vhost.js` | `examples/vhost` | Virtual host routing by `Host` header |\\n| `web-service.js` | `examples/web-service` | API key authentication, JSON API responses, 404 handling |\\n\\n## Common Testing Patterns\\n\\n### Cookie-Based Session Testing\\n\\nTests that verify authenticated flows extract and replay cookies across requests:\\n\\n```javascript\\n// auth.js \u2014 single cookie extraction\\nfunction getCookie(res) {\\n return res.headers['set-cookie'][0].split(';')[0];\\n}\\n\\n// Usage: login, capture cookie, access protected route\\nrequest(app)\\n .post('/login')\\n .send('username=tj&password=foobar')\\n .expect(302, function(err, res){\\n request(app)\\n .get('/restricted')\\n .set('Cookie', getCookie(res)) // Replay session\\n .expect(200, done)\\n })\\n```\\n\\n```javascript\\n// cookie-sessions.js \u2014 multiple cookie joining\\nfunction getCookies(res) {\\n return res.headers['set-cookie'].map(function (val) {\\n return val.split(';')[0]\\n }).join('; ');\\n}\\n```\\n\\n### Negative Header Assertions\\n\\nThe `cookies.js` test imports `shouldNotHaveHeader` from `../support/utils` to verify headers are *absent*:\\n\\n```javascript\\nvar utils = require('../support/utils');\\n\\n// Ensure no Set-Cookie header when form submitted without remember checkbox\\n.expect(utils.shouldNotHaveHeader('Set-Cookie'))\\n```\\n\\n### Multi-Step Flow Verification\\n\\nSeveral tests chain requests to verify state changes persist:\\n\\n```javascript\\n// mvc.js \u2014 PUT then GET to confirm update\\nrequest(app)\\n .put('/user/1')\\n .send({ user: { name: 'Tobo' }})\\n .expect(302, function (err, res) {\\n request(app)\\n .get('/user/1/edit')\\n .expect(200, /Tobo/, done) // Verify rendered with new name\\n })\\n```\\n\\n### Content Negotiation Testing\\n\\nThe `error-pages.js` test demonstrates running identical routes with different `Accept` headers to verify format-specific responses:\\n\\n```javascript\\ndescribe('Accept: text/html', function(){ /* ... */ })\\ndescribe('Accept: application/json', function(){ /* ... */ })\\ndescribe('Accept: text/plain', function(){ /* ... */ })\\n```\\n\\n## Shared Utilities\\n\\n| Utility | Location | Purpose |\\n|---------|----------|---------|\\n| `getCookie(res)` | `auth.js` (local) | Extract first cookie value from response |\\n| `getCookies(res)` | `cookie-sessions.js` (local) | Join all cookie values for session replay |\\n| `shouldNotHaveHeader(name)` | `../support/utils` | Assertion helper for absent headers |\\n\\n## Integration with Test Framework\\n\\nThese tests rely on the project's Mocha configuration and Supertest's `.expect()` chaining. The `done` callback signals async completion. Nested `describe` blocks organize tests by route and condition, producing readable output:\\n\\n```\\n auth\\n GET /\\n \u2713 should redirect to /login\\n GET /login\\n \u2713 should render login form\\n \u2713 should display login error for bad user\\n ...\\n```\\n\\n## Adding New Acceptance Tests\\n\\nWhen contributing a new example to `examples/`, add a corresponding test file here:\\n\\n1. Require the example app: `var app = require('../../examples/')`\\n2. Import `supertest`: `var request = require('supertest')`\\n3. Structure with `describe` blocks matching URL hierarchy\\n4. Use `.expect(status)` for status codes, `.expect(body)` for response content\\n5. For cookie flows, copy `getCookie` pattern from `auth.js`\\n6. For header absence checks, import `shouldNotHaveHeader` from `../support/utils`\\n\\nEnsure tests cover: happy path, expected errors, and any stateful interactions (cookies, sessions, updates).\",\"other-examples\":\"# Other \u2014 examples\\n\\n# Express Examples\\n\\nThe `examples/` directory contains a curated collection of runnable Express.js applications demonstrating idiomatic patterns, common use cases, and integration techniques. These serve as both learning materials for developers new to Express and as canonical references for implementing specific features.\\n\\n## Purpose\\n\\nThe examples fulfill three roles:\\n\\n1. **Learning path** \u2014 Progressive complexity from basic \\\"hello-world\\\" to multi-layered applications (MVC, web services)\\n2. **Pattern reference** \u2014 Demonstrating Express-specific concepts: middleware composition, routing strategies, view rendering, error handling\\n3. **Integration guide** \u2014 Showing how Express connects with external packages (Redis, EJS, session stores, virtual hosts)\\n\\nEach example is self-contained with its own `package.json` and can be run independently.\\n\\n## Example Categories\\n\\n### Foundational Patterns\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `hello-world` | Basic HTTP server | `app.get()`, `app.listen()` |\\n| `static-files` | Asset serving | `express.static()` middleware |\\n| `error` | Error handling | Error-handling middleware signature `(err, req, res, next)` |\\n| `error-pages` | Custom error responses | Status-code based rendering |\\n\\n### Routing Architecture\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `route-separation` | Resource-based organization | Modular route files per domain entity |\\n| `route-map` | Declarative route definitions | Programmatic route registration from data structures |\\n| `multi-router` | Router composition | `express.Router()` instances with distinct prefixes |\\n| `route-middleware` | Per-route middleware stacks | Middleware arrays in route definitions |\\n| `params` | Parameter processing | `app.param()` for route parameter validation/transform |\\n\\n### Request/Response Handling\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `content-negotiation` | Format selection | `req.accepts()`, `res.format()` |\\n| `downloads` | File transfers | `res.download()`, `res.sendFile()` |\\n| `cookies` | State via cookies | `res.cookie()`, `req.cookies` (with cookie-parser) |\\n| `cookie-sessions` | Lightweight sessions | `cookie-session` middleware |\\n| `session` | Server-side sessions | `express-session` with store configuration |\\n\\n### Application Structure\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `mvc` | Separation of concerns | Controllers, models, view layer integration |\\n| `web-service` | API design | RESTful patterns, JSON responses |\\n| `search` | Query processing | Search parameter parsing, result pagination |\\n| `resource` | CRUD operations | HTTP method routing on single path |\\n| `online` | Real-time state | External store integration (Redis) |\\n\\n### View Layer\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `ejs` | Template rendering | `app.set('view engine')`, `res.render()` |\\n| `markdown` | Custom engines | `app.engine()` for non-standard template formats |\\n| `view-constructor` | Dynamic view creation | Programmatic `View` instantiation |\\n| `view-locals` | Request-scoped data | `res.locals` for middleware-to-view communication |\\n\\n### Security & Identity\\n\\n| Example | Focus Area | Key Express Concepts |\\n|---------|-----------|-------------------|\\n| `auth` | Authentication | Session-based login flows, password verification |\\n| `vhost` | Multi-tenant hosting | `vhost` middleware for domain-based routing |\\n\\n## Relationship to Core Framework\\n\\nThe examples are **consumers** of the Express API, not dependencies of the core library. They validate the public interface through practical application:\\n\\n- Examples import `express` as a package dependency (typically `../..` or published version)\\n- They exercise stable APIs: `Application`, `Router`, `Request`, `Response`, `NextFunction`\\n- New Express features often receive corresponding example additions\\n\\n## Using the Examples\\n\\n### Running an Example\\n\\n```bash\\ncd examples/hello-world\\nnpm install # if package.json present\\nnode index.js\\n```\\n\\n### Structure Conventions\\n\\nMost examples follow this layout:\\n\\n```\\nexample-name/\\n\u251c\u2500\u2500 index.js # Application entry point\\n\u251c\u2500\u2500 package.json # Dependencies (often references parent express)\\n\u2514\u2500\u2500 [views/] # Templates if applicable\\n \u2514\u2500\u2500 ...\\n```\\n\\n### Reading Order for New Contributors\\n\\n1. **`hello-world`** \u2192 Request/response fundamentals\\n2. **`route-separation`** \u2192 Scaling beyond single-file applications\\n3. **`mvc`** \u2192 Architectural patterns\\n4. **`error`** \u2192 Production error handling\\n5. **`web-service`** \u2192 API-oriented design\\n\\n## Diagram: Example Dependency on Express Core\\n\\n```mermaid\\nflowchart TD\\n subgraph Examples[\\\"Example Applications\\\"]\\n HW[hello-world]\\n MVC[mvc]\\n AUTH[auth]\\n WS[web-service]\\n EJS[ejs]\\n ERR[error]\\n end\\n\\n Express[express coreApplication / Router / Middleware]\\n\\n Examples -->|require('express')| Express\\n\\n style Express fill:#e1f5fe\\n style Examples fill:#f3e5f5\\n```\\n\\nThis illustrates the unidirectional dependency: examples import and exercise the framework, with no reverse coupling.\",\"other-support\":\"# Other \u2014 support\\n\\n# Test Support Utilities\\n\\nThis module provides shared infrastructure for the Express.js test suite. It consists of three small, focused files that handle environment setup, template rendering for test fixtures, and common assertion helpers for supertest-based HTTP response validation.\\n\\n---\\n\\n## `test/support/env.js`\\n\\nEnvironment bootstrap that runs before the test suite. Sets two process-level flags:\\n\\n| Variable | Value | Purpose |\\n|----------|-------|---------|\\n| `NODE_ENV` | `'test'` | Puts Express and dependencies into test mode |\\n| `NO_DEPRECATION` | `'body-parser,express'` | Suppresses deprecation warnings from `body-parser` and `express` to keep test output clean |\\n\\nThis file is typically required as a mocha `--require` or at the top of test entry points.\\n\\n---\\n\\n## `test/support/tmpl.js`\\n\\nMinimal template engine for rendering test fixture files with simple variable substitution.\\n\\n### `renderFile(fileName, options, callback)`\\n\\nReads a file and replaces `$variable` or `$nested.path` tokens with values from `options`.\\n\\n```javascript\\nvar renderFile = require('./support/tmpl');\\n\\nrenderFile('views/email.tmpl', { user: { name: 'alice' } }, function (err, html) {\\n // html contains resolved values\\n});\\n```\\n\\n### Variable Syntax\\n\\n| Pattern | Resolution |\\n|---------|-----------|\\n| `$name` | `options.name` |\\n| `$user.name` | `options.user.name` (nested lookup) |\\n\\n### Error Handling\\n\\n- File read errors pass through to `callback(err)`\\n- Substitution errors are caught, wrapped as `RenderError`, and passed to `callback`\\n\\n### `generateVariableLookup(data)`\\n\\nReturns a `String.prototype.replace` replacer function that walks dot-delimited paths against `data`. Used internally by `renderFile`.\\n\\n---\\n\\n## `test/support/utils.js`\\n\\nAssertion factory functions for supertest response objects. All return a function that accepts a `res` object, designed for fluent `.expect()` chaining:\\n\\n```javascript\\nrequest(app)\\n .get('/')\\n .expect(200)\\n .expect(shouldHaveHeader('content-type'))\\n .expect(shouldNotHaveBody())\\n```\\n\\n### Available Assertions\\n\\n| Export | Signature | Behavior |\\n|--------|-----------|----------|\\n| `shouldHaveBody` | `(buf: Buffer) => (res) => void` | Asserts response body matches buffer byte-for-byte (hex comparison) |\\n| `shouldHaveHeader` | `(header: string) => (res) => void` | Asserts header exists (case-insensitive) |\\n| `shouldNotHaveBody` | `() => (res) => void` | Asserts `res.text` is empty string or undefined |\\n| `shouldNotHaveHeader` | `(header: string) => (res) => void` | Asserts header is absent (case-insensitive) |\\n| `shouldSkipQuery` | `(versionString: string) => boolean` | Returns `true` if Node major version < 22 (for HTTP QUERY method tests) |\\n\\n### Body Comparison Details\\n\\n`shouldHaveBody` normalizes supertest's response body handling: if `res.body` is not already a Buffer, it creates one from `res.text`. This ensures consistent hex comparison regardless of how supertest parsed the response.\\n\\n### Version Gating\\n\\n`shouldSkipQuery` gates tests for the HTTP `QUERY` method, which Node.js fully supports only from version 22 onward. The helper extracts the major version and compares numerically.\\n\\n```javascript\\n// Typical usage in test files\\nconst utils = require('./support/utils');\\n\\nif (utils.shouldSkipQuery(process.version)) {\\n describe.skip('QUERY method', ...);\\n}\\n```\\n\\n---\\n\\n## Usage Patterns in Test Suite\\n\\nThe utilities are consumed across multiple test files:\\n\\n- **Static file & download tests** (`express.static.js`, `res.download.js`, `res.sendFile.js`) use body and header assertions to verify content delivery and cache headers\\n- **Response method tests** (`res.send.js`, `res.jsonp.js`, `res.redirect.js`, `res.vary.js`) validate header presence/absence and empty bodies\\n- **Acceptance tests** (`cookies.js`) verify cookie-related headers are not leaked\\n\\nThe template renderer supports fixture-based tests that need dynamic content without pulling in a full template engine dependency.\",\"overview\":\"# express \u2014 Wiki\\n\\n# Express\\n\\n**Fast, unopinionated, minimalist web framework for Node.js**\\n\\nExpress is a thin layer of fundamental web application features built on Node.js, designed for building single-page, multi-page, and hybrid web applications and APIs. It provides a robust set of HTTP utility methods and middleware at its core, while remaining unopinionated about how you structure your application.\\n\\n## Architecture Overview\\n\\nAt its heart, Express is composed of a small, focused core that orchestrates the request-response pipeline. The [Core Framework](core-framework.md) wires together routing, middleware, view rendering, and the enhanced request/response prototypes. Application behavior is configured through [Application Configuration](application-configuration.md), which defines dependencies, scripts, and metadata.\\n\\nThe framework's power comes from its composability: middleware functions execute in sequence, routers can be nested and mounted at arbitrary paths, and the view system can be swapped or extended to suit your needs.\\n\\n```mermaid\\nflowchart TB\\n subgraph Client\\n Browser[HTTP Client]\\n end\\n \\n subgraph Express[\\\"Express Application\\\"]\\n App[Applicationlib/application.js]\\n Router[Routerlib/router/]\\n Middleware[Middleware Stack]\\n ReqRes[Enhanced req/reslib/request.jslib/response.js]\\n end\\n \\n subgraph Runtime\\n Node[Node.js HTTP Server]\\n end\\n \\n Browser -->|HTTP Request| Node\\n Node --> App\\n App --> Router\\n Router --> Middleware\\n Middleware --> ReqRes\\n ReqRes -->|HTTP Response| Node\\n Node --> Browser\\n \\n style Express fill:#f9f9f9,stroke:#333,stroke-width:2px\\n```\\n\\n## Key Concepts\\n\\n**Applications and Routers** \u2014 An Express app is created via the factory in `lib/express.js` and configured through the application prototype. Routers are mini Express applications, mountable and composable, enabling modular route organization as demonstrated in the [Multi-Router Example](multi-router-example.md).\\n\\n**Middleware** \u2014 The core execution model. Functions that process requests in sequence, with the ability to terminate the response or pass control to the next function. The [Route Middleware Example](route-middleware-example.md) shows authentication, authorization, and data loading patterns.\\n\\n**Request/Response Enhancement** \u2014 Express augments Node's raw `http.IncomingMessage` and `http.ServerResponse` with a rich API for routing, content negotiation, cookie handling, and view rendering. See the [Content Negotiation Example](content-negotiation-example.md) for format selection patterns.\\n\\n## Examples and Patterns\\n\\nThe repository includes extensive examples covering common web development patterns:\\n\\n- **Routing patterns**: [Route Parameters](route-parameters-example.md) for `app.param()` preprocessing, [Route Map](route-map-example.md) for declarative route definitions, [Route Separation](route-separation-example.md) for organizing by domain concern\\n- **State management**: [Session](session-example.md) (in-memory and Redis-backed), [Cookie Sessions](cookie-sessions-example.md), [Cookies](cookies-example.md)\\n- **Authentication**: [Authentication Example](authentication-example.md) with PBKDF2 password hashing and session fixation protection\\n- **Views and templating**: [EJS Templating](ejs-templating-example.md), [View Locals](view-locals-example.md), [View Constructor](view-constructor-example.md) for custom view systems, [Markdown](markdown-example.md) as a view engine\\n- **Error handling**: [Error Handling Examples](error-handling-examples.md) covering basic propagation and content-negotiated error pages\\n- **Advanced patterns**: [MVC](mvc-example.md) with convention-based routing, [Virtual Hosts](virtual-hosts-example.md), [Web Service](web-service-example.md) with API key validation, [Search](search-example.md) with Redis, [Online](online-example.md) presence tracking, [Downloads](downloads-example.md) with path traversal protection, [Static Files](static-files-example.md), [Resource](resource-example.md) routing, and the minimal [Hello World](hello-world-example.md)\\n\\n## Development Setup\\n\\n```bash\\n# Install dependencies\\nnpm install\\n\\n# Run the test suite\\nnpm test\\n\\n# Run tests with coverage\\nnpm run test-cov\\n\\n# Lint code\\nnpm run lint\\nnpm run lint:fix\\n```\\n\\nThe project uses `npm run test-ci` for continuous integration and `npm run test-tap` for TAP-formatted output.\\n\\n## Documentation\\n\\n- [Project Documentation](project-documentation.md) \u2014 Version history and changelog\\n- [Core Framework](core-framework.md) \u2014 Internal architecture and module structure\\n- [Application Configuration](application-configuration.md) \u2014 Package manifest and tooling configuration\\n\\nFor the full API reference, visit [expressjs.com](https://expressjs.com).\",\"project-documentation\":\"# Project Documentation\\n\\n# History.md \u2014 Express.js Changelog\\n\\nThe `History.md` file is the canonical changelog for the Express.js framework, documenting all releases from the 0.x era through the current 5.x line. It serves as the primary reference for developers upgrading between versions, understanding breaking changes, and tracking the evolution of the API.\\n\\n## Purpose and Role\\n\\nThis file is the **source of truth for version history** across the entire Express ecosystem. Unlike generated changelogs, it is hand-curated by maintainers and serves multiple audiences:\\n\\n- **End users** evaluating upgrade risks and new features\\n- **Middleware authors** adapting to API changes\\n- **Core contributors** ensuring consistency in release notes\\n- **Security researchers** tracking vulnerability fixes\\n\\nThe changelog is organized in **reverse chronological order** (newest first) with a strict hierarchy: major version sections, then individual releases, then categorized changes within each release.\\n\\n## Document Structure\\n\\n### Top-Level Organization\\n\\n```\\nHistory.md\\n\u251c\u2500\u2500 Unreleased Changes # Accumulated changes since last release\\n\u2502 \u251c\u2500\u2500 \ud83d\ude80 Improvements\\n\u2502 \u251c\u2500\u2500 \u26a1 Performance\\n\u2502 \u2514\u2500\u2500 (other categories)\\n\u251c\u2500\u2500 5.2.1 / 2025-12-01 # Version / Date header\\n\u251c\u2500\u2500 5.2.0 / 2025-12-01\\n\u251c\u2500\u2500 5.1.0 / 2025-03-31\\n\u2502 \u2514\u2500\u2500 ... # Nested dependency updates, features, etc.\\n\u251c\u2500\u2500 5.0.0 / 2024-09-10 # Major version with breaking changes\\n\u251c\u2500\u2500 4.x.x releases # Prior major version maintenance\\n\u251c\u2500\u2500 3.x.x releases\\n\u251c\u2500\u2500 2.x.x releases\\n\u2514\u2500\u2500 1.x.x \u2192 0.x.x releases # Legacy versions\\n```\\n\\n### Entry Categories\\n\\nEach release groups changes into semantic categories:\\n\\n| Category | Emoji | Used For |\\n|----------|-------|----------|\\n| Improvements | \ud83d\ude80 | New features, enhancements |\\n| Performance | \u26a1 | Optimizations, speed improvements |\\n| Security fixes | (none) | CVE references, advisory links |\\n| Breaking changes | (none) | API removals, behavior changes |\\n| Deprecations | (none) | Warnings about future removals |\\n| Dependency updates | `deps:` | External package version bumps |\\n\\n### Entry Format\\n\\nIndividual entries follow a consistent pattern:\\n\\n```markdown\\n* Change description - by [@username](https://github.com/username) in [#XXXX](https://github.com/expressjs/express/pull/XXXX)\\n\\n* Code example when relevant:\\n ```js\\n app.render('index', null, callback); // now works as expected\\n ```\\n```\\n\\nDependency updates use a compact prefix style:\\n\\n```markdown\\n* deps: `body-parser@^2.2.1`\\n* deps: remove `setprototypeof`\\n```\\n\\n## Key Content Patterns\\n\\n### Breaking Changes\\n\\nMajor versions (5.0.0, 4.0.0, 3.0.0) explicitly enumerate breaking changes. The 5.0.0 release exemplifies this pattern:\\n\\n```markdown\\n* breaking:\\n * `res.status()` accepts only integers, and input must be greater than 99 and less than 1000\\n * will throw a `RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000.` for inputs outside this range\\n * will throw a `TypeError: Invalid status code: ${code}. Status code must be an integer.` for non integer inputs\\n * `res.redirect('back')` and `res.location('back')` is no longer a supported magic string, explicitly use `req.get('Referrer') || '/'`.\\n```\\n\\nBreaking changes are **nested with bullet depth** to show related error messages and migration paths.\\n\\n### Security Advisories\\n\\nSecurity fixes include both CVE identifiers and GitHub Security Advisory links:\\n\\n```markdown\\n* Security fix for [CVE-2024-51999](https://www.cve.org/CVERecord?id=CVE-2024-51999) ([GHSA-pj86-cfqh-vqx6](https://github.com/expressjs/express/security/advisories/GHSA-pj86-cfqh-vqx6))\\n```\\n\\nReverted security fixes are explicitly documented to prevent confusion:\\n\\n```markdown\\n* Revert security fix for [CVE-2024-51999](...) ([GHSA-...](...))\\n * The prior release (5.2.0) included an erroneous breaking change... CVE-2024-51999 has been rejected. The change has been fully reverted...\\n```\\n\\n### Deprecation Notices\\n\\nDeprecations bridge current and future behavior, often with migration examples:\\n\\n```markdown\\n* Deprecate passing `options.maxAge` and `options.expires` to `res.clearCookie`\\n - Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie\\n```\\n\\n### Dependency Evolution\\n\\nThe changelog tracks Express's shifting dependency strategy. The 5.1.0 release shows a significant **dependency reduction**:\\n\\n```markdown\\n* deps: remove `setprototypeof`\\n* deps: remove `safe-buffer`\\n* deps: remove `utils-merge`\\n* deps: remove `methods`\\n* deps: remove `depd`\\n```\\n\\nThese removals reflect Node.js core improvements (e.g., `Object.setPrototypeOf` replacing `setprototypeof`) and internalization of functionality.\\n\\n## Version-Specific Conventions\\n\\n### 5.x Series (Current)\\n\\n- Uses semantic emoji prefixes for categories\\n- Includes contributor attribution with GitHub links\\n- References pull requests explicitly\\n- Maintains `Unreleased Changes` section for ongoing work\\n\\n### 4.x Series (Maintenance)\\n\\n- Simpler format without emojis\\n- Focus on security patches and dependency updates\\n- LTS-style maintenance with minimal new features\\n\\n### 3.x and Earlier (Legacy)\\n\\n- Historical format, less structured\\n- Includes long-removed features like `app.configure()`, `app.router`\\n- Documents middleware bundling (removed in 4.0.0)\\n\\n## Relationship to Codebase\\n\\n`History.md` is a **documentation-only file** with no runtime imports or build-time processing. However, it connects to the codebase through:\\n\\n| Connection Point | How |\\n|-----------------|-----|\\n| `package.json` | `version` field must match the newest dated header |\\n| Git tags | Release tags correspond to version headers |\\n| GitHub Releases | Often generated from or cross-referenced with this file |\\n| Migration guides | Major version documentation extracts from breaking changes sections |\\n\\n## Maintenance Workflow\\n\\nWhen contributing changes that should appear in the changelog:\\n\\n1. Add entries to `Unreleased Changes` during development\\n2. Categorize under appropriate emoji section\\n3. Include `by @username in #PR` attribution\\n4. On release, the maintainer:\\n - Moves `Unreleased Changes` to a dated version header\\n - Updates `package.json` version\\n - Creates git tag\\n\\n## Notable Historical Arcs\\n\\n### Query Parser Evolution\\n\\nThe `query parser` setting demonstrates API evolution across versions:\\n\\n| Version | Change |\\n|---------|--------|\\n| 3.7.0 | Introduced configurable query parser |\\n| 5.0.0-beta.1 | Default changed from `'extended'` to `'simple'` |\\n| 5.2.0/5.2.1 | CVE-2024-51999 confusion and reversion related to extended parser behavior |\\n\\n### Redirect Behavior\\n\\n`res.redirect()` has accumulated refinements:\\n\\n- **4.14.0**: Encode URL if not already encoded\\n- **4.19.0/4.19.2**: Open redirect allow list bypass fixes\\n- **5.0.0**: Remove `'back'` magic string\\n- **5.1.0**: Deprecation warning for undefined arguments\\n- **5.x unreleased**: Improved HTML structure with ``, ``, ``\\n\\n### Body Type Support\\n\\nResponse body handling expanded over time:\\n\\n- **4.16.0**: Add `express.json` and `express.urlencoded` middleware\\n- **4.17.0**: Add `express.raw` and `express.text`\\n- **5.1.0**: Add `Uint8Array` support in `res.send()`\",\"resource-example\":\"# Resource Example\\n\\n# Resource Example\\n\\nAn Express application demonstrating a custom resource routing pattern that maps RESTful HTTP endpoints to controller methods using a declarative API.\\n\\n## Overview\\n\\nThis module creates a standalone Express server that showcases how to build reusable resource routing on top of Express's core routing system. It defines a `resource()` method that automatically wires standard CRUD operations\u2014list, show, destroy, and range queries\u2014to a controller object, reducing boilerplate route definitions.\\n\\nThe server exposes a `users` resource backed by an in-memory array and serves an HTML index page documenting the available endpoints.\\n\\n## The `app.resource()` Extension\\n\\nThe module extends the Express application instance with a `resource()` method that registers multiple routes for a given path and controller object.\\n\\n```javascript\\napp.resource = function(path, obj) {\\n this.get(path, obj.index); // GET /users\\n this.get(path + '/:a..:b{.:format}', function(req, res){ // GET /users/1..3 or /users/1..3.json\\n var a = parseInt(req.params.a, 10);\\n var b = parseInt(req.params.b, 10);\\n var format = req.params.format;\\n obj.range(req, res, a, b, format);\\n });\\n this.get(path + '/:id', obj.show); // GET /users/1\\n this.delete(path + '/:id', function(req, res){ // DELETE /users/1\\n var id = parseInt(req.params.id, 10);\\n obj.destroy(req, res, id);\\n });\\n};\\n```\\n\\n### Route Mapping\\n\\n| HTTP Method | Path Pattern | Controller Method | Purpose |\\n|-------------|-----------|-------------------|---------|\\n| `GET` | `/users` | `obj.index` | List all resources |\\n| `GET` | `/users/:a..:b` or `/users/:a..:b.:format` | `obj.range` | Query a subset with optional format |\\n| `GET` | `/users/:id` | `obj.show` | Retrieve single resource |\\n| `DELETE` | `/users/:id` | `obj.destroy` | Remove single resource |\\n\\nThe range route uses Express's regex-like parameter syntax `:a..:b{.:format}` where the `.format` portion is optional (denoted by the curly braces). When present, it triggers content negotiation between JSON and HTML responses.\\n\\n## User Controller\\n\\nThe `User` object implements the controller interface expected by `app.resource()`. It operates on the in-memory `users` array.\\n\\n### `User.index(req, res)`\\n\\nReturns the complete `users` array as JSON.\\n\\n```javascript\\nindex: function(req, res){\\n res.send(users);\\n}\\n```\\n\\n### `User.show(req, res)`\\n\\nRetrieves a user by array index from `req.params.id`. Returns an error object if the index does not exist.\\n\\n```javascript\\nshow: function(req, res){\\n res.send(users[req.params.id] || { error: 'Cannot find user' });\\n}\\n```\\n\\n### `User.destroy(req, res, id)`\\n\\nDeletes a user by index. The `id` is pre-parsed by the route handler before being passed to the controller. Returns `'destroyed'` on success or `'Cannot find user'` on failure.\\n\\n```javascript\\ndestroy: function(req, res, id){\\n var destroyed = id in users;\\n delete users[id];\\n res.send(destroyed ? 'destroyed' : 'Cannot find user');\\n}\\n```\\n\\n### `User.range(req, res, a, b, format)`\\n\\nSlices the users array from index `a` to `b` (inclusive). Supports two output formats:\\n\\n- **`json`**: Returns the slice as a JSON array\\n- **`html` (default)**: Renders an unordered list of user names\\n\\n```javascript\\nrange: function(req, res, a, b, format){\\n var range = users.slice(a, b + 1);\\n switch (format) {\\n case 'json':\\n res.send(range);\\n break;\\n case 'html':\\n default:\\n var html = '\n' + range.map(function(user){\\n return '\n' + user.name + '<\\/li>';\\n }).join('\\\\n') + '<\\/ul>';\\n res.send(html);\\n break;\\n }\\n}\\n```\\n\\n## Data Model\\n\\n```javascript\\nvar users = [\\n { name: 'tj' },\\n { name: 'ciaran' },\\n { name: 'aaron' },\\n { name: 'guillermo' },\\n { name: 'simon' },\\n { name: 'tobi' }\\n];\\n```\\n\\nThe `users` array is a simple in-memory store. Note that `delete users[id]` does not reindex the array\u2014subsequent accesses to deleted indices return `undefined`, which `User.show()` handles by returning an error.\\n\\n## Root Endpoint\\n\\nA convenience HTML page lists all available example URLs:\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.send([\\n '\nExamples:<\\/h1> \n'\\n , '\nGET /users<\\/li>'\\n , '\nGET /users/1<\\/li>'\\n , '\nGET /users/3<\\/li>'\\n , '\nGET /users/1..3<\\/li>'\\n , '\nGET /users/1..3.json<\\/li>'\\n , '\nDELETE /users/4<\\/li>'\\n , '<\\/ul>'\\n ].join('\\\\n'));\\n});\\n```\\n\\n## Server Bootstrap\\n\\nThe module exports the configured `app` for testing or programmatic use. When run directly (`node examples/resource/index.js`), it starts on port 3000:\\n\\n```javascript\\n/* istanbul ignore next */\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 HTTP Request \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Express Router \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Route-Specific \u2502\\n\u2502 (GET/DELETE) \u2502 \u2502 \u2502 \u2502 Middleware \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 User Controller \u2502\\n \u2502 (index/show/ \u2502\\n \u2502 destroy/range) \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u25bc \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 JSON \u2502 \u2502 HTML \u2502\\n \u2502 Response\u2502 \u2502 Response\u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Integration with Express\\n\\nThis example requires the local Express build (`require('../../')`) rather than an npm-installed version. It demonstrates patterns that can be extracted into middleware or application generators:\\n\\n- **Monkey-patching pattern**: Adding `app.resource()` directly to the application instance\\n- **Controller convention**: Expecting controller objects with specific method signatures\\n- **Parameter preprocessing**: Parsing integers in route handlers before passing clean data to controllers\\n\\nThe `send()` calls in all controller methods delegate to Express's `res.send()`, which handles content-type negotiation and response finalization.\",\"route-map-example\":\"# Route Map Example\\n\\n# Route Map Example\\n\\nAn Express.js example demonstrating a declarative route mapping pattern that enables nested route definitions through plain JavaScript objects.\\n\\n## Purpose\\n\\nThis module showcases a technique for organizing Express routes as hierarchical data structures rather than imperative `app.get()`, `app.post()`, etc. calls. The `app.map()` utility recursively traverses a nested object to register routes with their corresponding handler functions, producing cleaner route organization for resource-heavy APIs.\\n\\n## The `app.map()` Method\\n\\nThe core addition is a monkey-patched `map` method on the Express application instance:\\n\\n```javascript\\napp.map = function(a, route){\\n route = route || '';\\n for (var key in a) {\\n switch (typeof a[key]) {\\n case 'object':\\n app.map(a[key], route + key); // Recurse into nested paths\\n break;\\n case 'function':\\n if (verbose) console.log('%s %s', key, route);\\n app[key](route, a[key]); // Register: app[method](path, handler)\\n break;\\n }\\n }\\n};\\n```\\n\\n| Parameter | Description |\\n|-----------|-------------|\\n| `a` | Route definition object (nested structure) |\\n| `route` | Accumulated path prefix (defaults to `''`) |\\n\\n### Key Behavior\\n\\n- **Object values** (`{ '/path': { ... } }`): Treated as path segments; recursively processed with concatenated route prefix\\n- **Function values** (`get: fn`): Treated as HTTP method handlers; registered via `app[method](route, handler)`\\n- **Path accumulation**: Nested objects build complete paths (e.g., `'/users'` + `'/:uid'` + `'/pets'` = `'/users/:uid/pets'`)\\n\\n## Route Definitions\\n\\n### Users Resource\\n\\n```javascript\\nvar users = {\\n list: function(req, res){ // GET /users\\n res.send('user list');\\n },\\n get: function(req, res){ // GET /users/:uid\\n res.send('user ' + escapeHtml(req.params.uid))\\n },\\n delete: function(req, res){ // DELETE /users\\n res.send('delete users');\\n }\\n};\\n```\\n\\n### Pets Sub-resource\\n\\n```javascript\\nvar pets = {\\n list: function(req, res){ // GET /users/:uid/pets\\n res.send('user ' + escapeHtml(req.params.uid) + '\\\\'s pets')\\n },\\n delete: function(req, res){ // DELETE /users/:uid/pets/:pid\\n res.send('delete ' + escapeHtml(req.params.uid) + '\\\\'s pet ' + escapeHtml(req.params.pid))\\n }\\n};\\n```\\n\\n## Generated Route Map\\n\\nThe declarative structure:\\n\\n```javascript\\napp.map({\\n '/users': {\\n get: users.list,\\n delete: users.delete,\\n '/:uid': {\\n get: users.get,\\n '/pets': {\\n get: pets.list,\\n '/:pid': {\\n delete: pets.delete\\n }\\n }\\n }\\n }\\n});\\n```\\n\\nExpands to these Express route registrations:\\n\\n| HTTP Method | Path | Handler |\\n|-------------|------|---------|\\n| `GET` | `/users` | `users.list` |\\n| `DELETE` | `/users` | `users.delete` |\\n| `GET` | `/users/:uid` | `users.get` |\\n| `GET` | `/users/:uid/pets` | `pets.list` |\\n| `DELETE` | `/users/:uid/pets/:pid` | `pets.delete` |\\n\\n## Architecture\\n\\n```mermaid\\ngraph TD\\n A[app.map(routeTree)] --> B{typeof value}\\n B -->|object| C[Accumulate path prefix]\\n C --> A\\n B -->|function| D[app[method](path, handler)]\\n \\n style A fill:#f9f,stroke:#333\\n style D fill:#bbf,stroke:#333\\n```\\n\\n## Security Considerations\\n\\nThe module uses `escapeHtml` for output rendering:\\n\\n```javascript\\nres.send('user ' + escapeHtml(req.params.uid))\\n```\\n\\nThis prevents XSS when route parameters are reflected in responses. Note that `escapeHtml` is **not** applied to all outputs uniformly\u2014`users.list` and the initial `users.delete` omit escaping entirely.\\n\\n## Environment Behavior\\n\\n| `NODE_ENV` | `verbose` | Console output on route registration |\\n|------------|-----------|--------------------------------------|\\n| `test` | `false` | Silent |\\n| anything else | `true` | Logs each `METHOD /path` |\\n\\n## Entry Point\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\nThe `!module.parent` guard allows the file to be `require()`'d in tests without starting the server, while direct execution (`node examples/route-map/index.js`) boots on port 3000.\",\"route-middleware-example\":\"# Route Middleware Example\\n\\n# Route Middleware Example\\n\\nAn Express.js application demonstrating route-specific middleware patterns for authentication, authorization, and data loading.\\n\\n## Purpose\\n\\nThis example illustrates how to compose reusable middleware functions that execute in sequence for specific routes. It shows three common patterns:\\n\\n- **Data loading middleware** \u2014 fetching resources before route handlers run\\n- **Self-restriction middleware** \u2014 allowing users to access only their own resources\\n- **Role-based middleware** \u2014 restricting access by user role\\n\\nThese patterns separate cross-cutting concerns from route handlers, keeping endpoint logic focused on its primary responsibility.\\n\\n## Application Structure\\n\\n```javascript\\nvar express = require('../../lib/express');\\nvar app = express();\\n```\\n\\nThe application creates a single Express instance and attaches middleware and routes. No module exports are provided; the file is executable directly (`node examples/route-middleware/index.js`) or importable for testing.\\n\\n## Middleware Stack\\n\\n### Global Authentication (Faux)\\n\\n```javascript\\napp.use(function(req, res, next){\\n req.authenticatedUser = users[0]; // Always \\\"tj\\\" (id: 0, role: 'member')\\n next();\\n});\\n```\\n\\nAll requests receive a hardcoded authenticated user. In production, this would be replaced with session/JWT validation. The `authenticatedUser` property is attached to the request object for downstream middleware to access.\\n\\n### `loadUser(req, res, next)`\\n\\nRoute parameter middleware that populates `req.user` from the `:id` parameter.\\n\\n| Behavior | Condition |\\n|----------|-----------|\\n| Calls `next()` | User exists in `users` array |\\n| Calls `next(error)` | User not found; error propagated to Express error handlers |\\n\\n```javascript\\napp.get('/user/:id', loadUser, function(req, res){ ... });\\n```\\n\\n### `andRestrictToSelf(req, res, next)`\\n\\nAuthorization guard ensuring the authenticated user matches the requested user.\\n\\nDepends on `loadUser` having already executed (requires `req.user`). Returns `Error('Unauthorized')` for mismatched IDs.\\n\\n```javascript\\napp.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){ ... });\\n```\\n\\n### `andRestrictTo(role)`\\n\\nHigher-order function returning role-checking middleware.\\n\\n```javascript\\nfunction andRestrictTo(role) {\\n return function(req, res, next) {\\n if (req.authenticatedUser.role === role) {\\n next();\\n } else {\\n next(new Error('Unauthorized'));\\n }\\n }\\n}\\n```\\n\\nUsage: `andRestrictTo('admin')` creates middleware that passes only for users with `role === 'admin'`.\\n\\n## Route Definitions\\n\\n| Method | Path | Middleware Chain | Behavior |\\n|--------|------|------------------|----------|\\n| GET | `/` | \u2014 | Redirects to `/user/0` |\\n| GET | `/user/:id` | `loadUser` | Displays user name |\\n| GET | `/user/:id/edit` | `loadUser`, `andRestrictToSelf` | Displays edit confirmation if self |\\n| DELETE | `/user/:id` | `loadUser`, `andRestrictTo('admin')` | Displays delete confirmation if admin |\\n\\n## Request Flow\\n\\n```mermaid\\nflowchart LR\\n A[Request] --> B[Global Authreq.authenticatedUser]\\n B --> C{Route Match}\\n C -->|GET /user/:id| D[loadUser]\\n C -->|GET /user/:id/edit| E[loadUser]\\n C -->|DELETE /user/:id| F[loadUser]\\n D --> G[Route Handler]\\n E --> H[andRestrictToSelf]\\n H -->|pass| I[Route Handler]\\n H -->|fail| J[Error Handler]\\n F --> K[andRestrictTo('admin')]\\n K -->|pass| L[Route Handler]\\n K -->|fail| J\\n```\\n\\n## Test Interactions\\n\\nThe call graph indicates `index.js` calls `send` from `test/Router.js` during test execution. The `/* istanbul ignore next */` comment on the `app.listen` block prevents coverage measurement of the standalone server startup path, keeping test coverage focused on the middleware logic.\\n\\n## Key Patterns Demonstrated\\n\\n**Middleware factories**: `andRestrictTo` creates parameterized middleware without repeating the authorization logic.\\n\\n**Request object augmentation**: `req.user` and `req.authenticatedUser` carry state between middleware layers\u2014standard Express practice, though not type-safe.\\n\\n**Error propagation**: Failed authorizations and missing users become `next(error)` calls, delegating response formatting to centralized error handlers (see `examples/pages` for that pattern).\",\"route-parameters-example\":\"# Route Parameters Example\\n\\n# Route Parameters Example\\n\\nAn Express.js application demonstrating parameterized route handling with custom parameter conversion and data loading middleware.\\n\\n## Overview\\n\\nThis module showcases Express's `app.param()` API for preprocessing route parameters before handlers execute. It implements two distinct parameter processing strategies: numeric range parsing for slice operations and database-style user lookup by ID.\\n\\n## Parameter Processing Pipeline\\n\\n```mermaid\\ngraph LR\\n A[Request URL] --> B{Parameter Match?}\\n B -->|to, from| C[Parse Integer]\\n B -->|user| D[Lookup User]\\n C -->|Valid| E[Route Handler]\\n C -->|NaN| F[400 Bad Request]\\n D -->|Found| E\\n D -->|Missing| G[404 Not Found]\\n```\\n\\n## Module Structure\\n\\n### Faux Database\\n\\n```javascript\\nvar users = [\\n { name: 'tj' }\\n , { name: 'tobi' }\\n , { name: 'loki' }\\n , { name: 'jane' }\\n , { name: 'bandit' }\\n];\\n```\\n\\nIn-memory array of user objects. Indexes correspond to `:user` parameter values in routes.\\n\\n### Parameter Middleware\\n\\n#### Numeric Conversion (`to`, `from`)\\n\\n```javascript\\napp.param(['to', 'from'], function(req, res, next, num, name){\\n req.params[name] = parseInt(num, 10);\\n if( isNaN(req.params[name]) ){\\n next(createError(400, 'failed to parseInt '+num));\\n } else {\\n next();\\n }\\n});\\n```\\n\\nProcesses parameters named `to` and `from` across all routes. Converts string values to base-10 integers using `parseInt`. Rejects non-numeric values with a 400 Bad Request error via `http-errors`.\\n\\n#### User Loading (`user`)\\n\\n```javascript\\napp.param('user', function(req, res, next, id){\\n req.user = users[id]\\n if (req.user) {\\n next();\\n } else {\\n next(createError(404, 'failed to find user'));\\n }\\n});\\n```\\n\\nLoads user object from the faux database by array index. Attaches found user to `req.user` for downstream handlers. Returns 404 Not Found for out-of-bounds or missing indices.\\n\\n### Route Handlers\\n\\n| Route | Description |\\n|-------|-------------|\\n| `GET /` | Landing page with navigation hints |\\n| `GET /user/:user` | Display single user by ID |\\n| `GET /users/:from-:to` | Display user name range (inclusive) |\\n\\n#### Range Handler Detail\\n\\n```javascript\\napp.get('/users/:from-:to', function (req, res) {\\n var from = req.params.from;\\n var to = req.params.to;\\n var names = users.map(function(user){ return user.name; });\\n res.send('users ' + names.slice(from, to + 1).join(', '));\\n});\\n```\\n\\nNote the `to + 1` adjustment: `Array.prototype.slice()` excludes the end index, so the handler increments to make the range inclusive as perceived by the API consumer.\\n\\n## Error Handling Strategy\\n\\n| Scenario | HTTP Status | Source |\\n|----------|-------------|--------|\\n| Non-numeric `from`/`to` | 400 | `createError` in param middleware |\\n| User ID out of bounds | 404 | `createError` in param middleware |\\n\\nErrors propagate through Express's middleware chain via `next(err)`, triggering default or configured error handlers.\\n\\n## Bootstrapping\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\nConditional server startup enables both standalone execution (`node index.js`) and test/module importing without port binding. The `module.exports = app` assignment at the top supports the latter pattern.\\n\\n## Key Dependencies\\n\\n- `express` \u2014 web framework (loaded from `../../` relative path, indicating this is within the Express repository)\\n- `http-errors` \u2014 HTTP error object factory for consistent error responses\\n\\n## Integration with Express Core\\n\\nThis example exercises `app.param()` and `req.params`, features implemented in Express's router layer. The `../../` require path suggests this module lives within the Express source tree, serving as a functional test and documentation reference for parameter middleware behavior.\",\"route-separation-example\":\"# Route Separation Example\\n\\n# Route Separation Example\\n\\nAn Express.js application demonstrating how to organize routes into separate modules by domain concern (site, user, post) rather than defining all handlers in a single file.\\n\\n## Purpose\\n\\nThis example illustrates a common pattern for scaling Express applications: splitting route handlers into dedicated modules based on functional area. Each module (`site.js`, `user.js`, `post.js`) exports handler functions that the main application file wires to specific HTTP methods and paths.\\n\\n## Application Entry Point (`index.js`)\\n\\nThe main application file configures Express, sets up middleware, and maps URL patterns to handler functions imported from domain modules.\\n\\n```javascript\\nvar site = require('./site');\\nvar post = require('./post');\\nvar user = require('./user');\\n```\\n\\n### Configuration\\n\\n| Setting | Value | Purpose |\\n|---------|-------|---------|\\n| `view engine` | `ejs` | Uses EJS templating with `<% %>` syntax |\\n| `views` | `./views` | Resolves view templates relative to `__dirname` |\\n\\n### Middleware Stack\\n\\nMiddleware applies in registration order:\\n\\n```javascript\\napp.use(methodOverride('_method')); // Allow POST-to-PUT override via ?_method=put\\napp.use(cookieParser()); // Parse Cookie header into req.cookies\\napp.use(express.urlencoded({ extended: true })); // Parse form submissions\\napp.use(express.static(path.join(__dirname, 'public'))); // Serve CSS/assets\\n```\\n\\n`method-override` enables RESTful updates from HTML forms (which only natively support GET/POST) by reading the `_method` query parameter.\\n\\n### Route Table\\n\\n| Method | Path | Handler | Module |\\n|--------|------|---------|--------|\\n| GET | `/` | `site.index` | site |\\n| GET | `/users` | `user.list` | user |\\n| ALL | `/user/:id{/:op}` | `user.load` | user |\\n| GET | `/user/:id` | `user.view` | user |\\n| GET | `/user/:id/view` | `user.view` | user |\\n| GET | `/user/:id/edit` | `user.edit` | user |\\n| PUT | `/user/:id/edit` | `user.update` | user |\\n| GET | `/posts` | `post.list` | post |\\n\\nThe `app.all('/user/:id{/:op}', user.load)` pattern uses Express's parameter matching to preload user data for any `/user/:id/*` route. The `{/:op}` makes the operation segment optional.\\n\\n## Domain Modules\\n\\n### `site.js`\\n\\nSingle handler for the application root:\\n\\n```javascript\\nexports.index = function(req, res){\\n res.render('index', { title: 'Route Separation Example' });\\n};\\n```\\n\\n### `post.js`\\n\\nManages the fake posts \\\"database\\\" (an in-memory array) and renders the posts list:\\n\\n```javascript\\nexports.list = function(req, res){\\n res.render('posts', { title: 'Posts', posts: posts });\\n};\\n```\\n\\n### `user.js`\\n\\nMost complex module, implementing full CRUD-like patterns with a fake users array:\\n\\n| Export | Type | Purpose |\\n|--------|------|---------|\\n| `list` | Handler | Renders all users |\\n| `load` | Middleware | Populates `req.user` by array index; 404s if missing |\\n| `view` | Handler | Renders user detail page |\\n| `edit` | Handler | Renders edit form pre-filled with user data |\\n| `update` | Handler | Applies form data to user object, redirects back |\\n\\nThe `load` middleware demonstrates parameter-based preloading:\\n\\n```javascript\\nexports.load = function(req, res, next){\\n var id = req.params.id;\\n req.user = users[id];\\n if (req.user) {\\n next(); // Continue to route-specific handler\\n } else {\\n var err = new Error('cannot find user ' + id);\\n err.status = 404;\\n next(err); // Skip to error handler\\n }\\n};\\n```\\n\\n## View Templates\\n\\nTemplates use EJS includes for shared layout (`header.ejs`, `footer.ejs`).\\n\\n```\\nviews/\\n\u251c\u2500\u2500 header.ejs # HTML boilerplate, loads /style.css\\n\u251c\u2500\u2500 footer.ejs # Closing body/html tags\\n\u251c\u2500\u2500 index.ejs # Landing page with navigation links\\n\u251c\u2500\u2500 posts/\\n\u2502 \u2514\u2500\u2500 index.ejs # Definition list of post title/body pairs\\n\u2514\u2500\u2500 users/\\n \u251c\u2500\u2500 index.ejs # User list with links to view/edit\\n \u251c\u2500\u2500 view.ejs # Read-only user detail\\n \u2514\u2500\u2500 edit.ejs # Form with ?_method=put override\\n```\\n\\nThe edit form demonstrates the method-override pattern:\\n\\n```html\\n\n\\n \\n<\\/form>\\n```\\n\\nThis submits as POST, which `methodOverride('_method')` converts to PUT based on the query string.\\n\\n## Request Flow Architecture\\n\\n```mermaid\\nflowchart LR\\n A[HTTP Request] --> B[Express Middleware]\\n B --> C{Route Match?}\\n C -->|/user/:id/*| D[user.load]\\n C -->|/posts| E[post.list]\\n C -->|/| F[site.index]\\n D -->|next()| G[user.view|edit|update]\\n D -->|next(err)| H[Error Handler]\\n G --> I[EJS Render]\\n E --> I\\n F --> I\\n```\\n\\n## Key Patterns Demonstrated\\n\\n1. **Module separation by domain**: Each functional area (user, post, site) owns its handlers\\n2. **Middleware-based parameter loading**: `user.load` pre-populates `req.user` for all user-scoped routes\\n3. **RESTful form submissions**: `method-override` bridges HTML form limitations with HTTP verbs\\n4. **Conditional bootstrapping**: `if (!module.parent)` guards direct execution vs. require-as-module\\n\\n## Running the Example\\n\\n```bash\\nnode examples/route-separation/index.js\\n```\\n\\nServer starts on port 3000. The `module.parent` check allows the file to be both a standalone script and a testable module export.\",\"search-example\":\"# Search Example\\n\\n# Search Example\\n\\nA minimal Express application demonstrating real-time search backed by Redis. This example shows how to serve a static search interface, query Redis sets via AJAX, and return matching results without page reloads.\\n\\n## Architecture Overview\\n\\nThe application consists of three layers: a browser-based client, an Express server, and Redis for data storage. The client captures keystrokes and queries the server; the server looks up values in pre-populated Redis sets and returns JSON arrays.\\n\\n```mermaid\\nflowchart LR\\n Browser[\\\"Browser(client.js)\\\"] -->|GET /search/:query| Express[\\\"Express Server(index.js)\\\"]\\n Express -->|sMembers| Redis[(Redis)]\\n Redis -->|string[]| Express\\n Express -->|JSON| Browser\\n```\\n\\n## Server (`index.js`)\\n\\n### Redis Setup\\n\\nThe server connects to Redis and seeds two search categories as sets:\\n\\n| Key | Members |\\n|-----|---------|\\n| `ferret` | `tobi`, `loki`, `jane` |\\n| `cat` | `manny`, `luna` |\\n\\n```javascript\\nasync function initializeRedis() {\\n await db.connect();\\n await db.sAdd('ferret', 'tobi');\\n // ... additional seed data\\n}\\n```\\n\\nThis function runs before the server starts accepting connections. On failure, it logs the error and exits with code `1`.\\n\\n### Routes\\n\\n| Route | Handler | Purpose |\\n|-------|---------|---------|\\n| `GET /search/{:query}` | `db.sMembers(query)` | Returns array of members for the given set key, or `[]` if key doesn't exist |\\n| `GET /client.js` | `res.sendFile()` | Serves the client-side JavaScript explicitly (excluded from static middleware to avoid serving server files) |\\n\\nThe search route uses `req.params.query` (defaulting to empty string) and delegates to Redis's `sMembers`. Errors are passed to Express error handling via `next(err)`.\\n\\n### Static Files\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n\\nThe `public/` directory serves `index.html` and any other assets. `client.js` is deliberately excluded from this middleware and served via explicit route to prevent leaking `index.js` or template files.\\n\\n## Client (`public/client.js`)\\n\\nThe client implements live search with `XMLHttpRequest`:\\n\\n1. Captures `keyup` events on the `` element\\n2. Issues `GET /search/{value}` for every keystroke\\n3. Replaces `\n` content with raw response text on `readyState === 4`\\n\\nNo debouncing is implemented\u2014every keystroke triggers a network request.\\n\\n## Entry Point (`public/index.html`)\\n\\nProvides the search interface with two hardcoded suggestions (\\\"ferret\\\" or \\\"cat\\\") and loads `client.js`.\\n\\n## Integration with Express\\n\\nThis example imports Express via a relative path:\\n\\n```javascript\\nvar express = require('../..');\\n```\\n\\nThis resolves to the Express package root two directories above, typical of the `examples/` directory structure in the Express repository. The `module.parent` check allows the file to be imported in tests without starting the server:\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n}\\n```\\n\\n## Running the Example\\n\\nPrerequisites: Redis server running locally.\\n\\n```bash\\n# Install dependencies\\nnpm install redis\\n\\n# Start Redis\\nredis-server\\n\\n# Start the application\\nnode examples/search/index.js\\n```\\n\\nThen open `http://localhost:3000` and type in the search field.\",\"session-example\":\"# Session Example\\n\\n# Session Example Module\\n\\nTwo example applications demonstrating Express session management using `express-session`, with both in-memory and Redis-backed storage.\\n\\n## Files\\n\\n| File | Purpose |\\n|------|---------|\\n| `index.js` | Basic session example with default in-memory store |\\n| `redis.js` | Production-oriented example using Redis as session store |\\n\\n---\\n\\n## `index.js` \u2014 In-Memory Session Store\\n\\nMinimal demonstration of session middleware. Uses the default `MemoryStore` (not suitable for production).\\n\\n### Prerequisites\\n\\n```bash\\nnpm install express-session\\n```\\n\\n### Configuration\\n\\n```javascript\\napp.use(session({\\n resave: false, // Skip save if session unmodified\\n saveUninitialized: false, // Skip creating empty sessions\\n secret: 'keyboard cat' // Signing key for session cookie\\n}));\\n```\\n\\n### Session Logic\\n\\nThe root route implements a page view counter:\\n\\n| Condition | Behavior |\\n|-----------|----------|\\n| `req.session.views` exists | Increment counter |\\n| First visit | Initialize counter to `1`, show welcome message |\\n\\n```javascript\\napp.get('/', function(req, res){\\n var body = '';\\n if (req.session.views) {\\n ++req.session.views;\\n } else {\\n req.session.views = 1;\\n body += '\nFirst time visiting? view this page in several browsers :)<\\/p>';\\n }\\n res.send(body + '\nviewed ' + req.session.views + '<\\/strong> times.<\\/p>');\\n});\\n```\\n\\n### Startup Behavior\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\nThe `!module.parent` guard allows the file to be required in tests without starting the server.\\n\\n---\\n\\n## `redis.js` \u2014 Redis-Backed Session Store\\n\\nExtends the basic example with persistent, shared session storage suitable for production deployments.\\n\\n### Prerequisites\\n\\n```bash\\n# Install and start Redis server\\n# https://redis.io/\\n\\nnpm install redis morgan connect-redis express-session\\nredis-server\\n```\\n\\n### Architecture\\n\\n```mermaid\\ngraph LR\\n A[Client] -->|HTTP| B[Express]\\n B -->|req.session| C[express-session]\\n C -->|read/write| D[RedisStore]\\n D -->|TCP| E[(Redis)]\\n B -->F[morganlogging]\\n```\\n\\n### Store Initialization\\n\\n`connect-redis` requires the `session` object to inherit from `session.Store`:\\n\\n```javascript\\nvar RedisStore = require('connect-redis')(session);\\n```\\n\\nThis pattern\u2014passing `session` to the factory function\u2014is specific to `connect-redis` versions compatible with `express-session` 1.x.\\n\\n### Middleware Stack\\n\\n```javascript\\napp.use(logger('dev')); // Request logging\\n\\napp.use(session({\\n resave: false,\\n saveUninitialized: false,\\n secret: 'keyboard cat',\\n store: new RedisStore // <-- Redis instead of MemoryStore\\n}));\\n```\\n\\n### Route Handler\\n\\nIdentical to `index.js`\u2014the store implementation is transparent to route code.\\n\\n---\\n\\n## Key Differences\\n\\n| Aspect | `index.js` | `redis.js` |\\n|--------|-----------|------------|\\n| **Store** | `MemoryStore` (default) | `RedisStore` |\\n| **Persistence** | Process lifetime only | Survives restarts, shared across instances |\\n| **Logging** | None | `morgan` dev format |\\n| **Startup** | Conditional (`!module.parent`) | Unconditional |\\n| **Production suitability** | No | Yes |\\n\\n---\\n\\n## Integration with Express\\n\\nBoth examples use `require('../..')` to load Express from the repository root, making them self-testing against the local codebase rather than an installed npm package.\\n\\nThe `res.send` calls route through Express's response machinery (`test/Router.js` in the call graph), demonstrating standard response flow with session-populated dynamic content.\",\"static-files-example\":\"# Static Files Example\\n\\n# Static Files Example\\n\\nAn Express.js application demonstrating how to serve static files using the `express.static()` middleware with multiple mounting strategies.\\n\\n## Purpose\\n\\nThis example shows developers how to:\\n- Serve static assets (HTML, CSS, JS, text files) from a filesystem directory\\n- Mount static file serving at URL prefixes\\n- Combine multiple static directories with different URL mappings\\n\\n## Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 HTTP Client \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 Express App \u2502\u2500\u2500\u2500\u2500\u25b6\u2502 morgan logger \u2502\\n\u2502 (browser/curl) \u2502 \u2502 (port 3000) \u2502 \u2502 (request log) \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 express.static \u2502\\n \u2502 middlewares \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u253c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u25bc \u25bc \u25bc\\n \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510 \u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n \u2502 /public \u2502 \u2502/public \u2502 \u2502/public \u2502\\n \u2502 (root) \u2502 \u2502/static \u2502 \u2502 /css \u2502\\n \u2502 \u2502 \u2502 prefix \u2502 \u2502 \u2502\\n \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518 \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n```\\n\\n## Application Setup\\n\\n```javascript\\nvar express = require('../..'); // Express framework (local build)\\nvar logger = require('morgan'); // HTTP request logging\\nvar path = require('node:path'); // Cross-platform path resolution\\nvar app = express();\\n```\\n\\nThe example uses a relative require (`'../..'`) because it lives within the Express repository's `examples/` directory, loading the local Express build rather than an npm-installed version.\\n\\n## Middleware Stack\\n\\n| Order | Middleware | Configuration | Purpose |\\n|-------|-----------|---------------|---------|\\n| 1 | `logger('dev')` | default dev format | Log request method, URL, status, response time |\\n| 2 | `express.static(path.join(__dirname, 'public'))` | root mount `/` | Serve files from `./public` at URL root |\\n| 3 | `express.static(path.join(__dirname, 'public'))` | mount path `/static` | Same files, accessible via `/static/` prefix |\\n| 4 | `express.static(path.join(__dirname, 'public', 'css'))` | root mount `/` | Serve CSS files directly from root URL |\\n\\n## Static File Resolution\\n\\n### Mount Point 1: Root (`/`)\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n\\n| Request URL | Filesystem Path | Result |\\n|-------------|-----------------|--------|\\n| `GET /hello.txt` | `./public/hello.txt` | \u2705 \\\"hey\\\" |\\n| `GET /js/app.js` | `./public/js/app.js` | \u2705 `// foo` |\\n| `GET /css/style.css` | `./public/css/style.css` | \u2705 `body { }` |\\n\\n### Mount Point 2: Prefixed (`/static`)\\n\\n```javascript\\napp.use('/static', express.static(path.join(__dirname, 'public')));\\n```\\n\\nThe mount path `/static` is stripped before `express.static` processes the request:\\n\\n| Request URL | Internal Path | Filesystem Path | Result |\\n|-------------|-------------|-----------------|--------|\\n| `GET /static/hello.txt` | `/hello.txt` | `./public/hello.txt` | \u2705 \\\"hey\\\" |\\n| `GET /static/js/app.js` | `/js/app.js` | `./public/js/app.js` | \u2705 `// foo` |\\n\\n### Mount Point 3: Additional Directory (`/`)\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public', 'css')));\\n```\\n\\nThis creates a fallback search path. Files in `./public/css/` become accessible at the URL root:\\n\\n| Request URL | Searches | Resolved Path | Result |\\n|-------------|----------|---------------|--------|\\n| `GET /style.css` | `./public/style.css` (first mount) \u2192 `./public/css/style.css` (second mount) | `./public/css/style.css` | \u2705 `body { }` |\\n\\n> **Note:** The first `express.static` mount attempts `./public/style.css` first. If not found, Express continues to the next matching middleware. Since `./public/css/style.css` exists, the second mount serves it as `/style.css`.\\n\\n## Request Flow\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Logger\\n participant Static1 as static(/public)\\n participant Static2 as static(/static)\\n participant Static3 as static(/public/css)\\n participant FS as Filesystem\\n\\n Client->>Express: GET /js/app.js\\n Express->>Logger: log request\\n Logger-->>Express: continue\\n Express->>Static1: try /js/app.js\\n Static1->>FS: read ./public/js/app.js\\n FS-->>Static1: file content\\n Static1-->>Express: serve file\\n Express-->>Client: 200 OK + app.js\\n\\n Client->>Express: GET /static/hello.txt\\n Express->>Logger: log request\\n Express->>Static2: strip /static, try /hello.txt\\n Static2->>FS: read ./public/hello.txt\\n FS-->>Static2: \\\"hey\\\"\\n Static2-->>Express: serve file\\n Express-->>Client: 200 OK + \\\"hey\\\"\\n```\\n\\n## File Structure\\n\\n```\\nexamples/static-files/\\n\u251c\u2500\u2500 index.js # Application entry point\\n\u2514\u2500\u2500 public/ # Static asset root\\n \u251c\u2500\u2500 hello.txt # Plain text sample\\n \u251c\u2500\u2500 js/\\n \u2502 \u2514\u2500\u2500 app.js # JavaScript sample\\n \u2514\u2500\u2500 css/\\n \u2514\u2500\u2500 style.css # Stylesheet sample\\n```\\n\\n## Running the Example\\n\\n```bash\\nnode examples/static-files/index.js\\n```\\n\\nConsole output:\\n```\\nlistening on port 3000\\ntry:\\n GET /hello.txt\\n GET /js/app.js\\n GET /css/style.css\\n```\\n\\n## Test Commands\\n\\n```bash\\n# Root-mounted files\\ncurl http://localhost:3000/hello.txt\\ncurl http://localhost:3000/js/app.js\\ncurl http://localhost:3000/css/style.css\\n\\n# Prefixed access to same files\\ncurl http://localhost:3000/static/hello.txt\\ncurl http://localhost:3000/static/js/app.js\\n\\n# Direct CSS access via additional mount\\ncurl http://localhost:3000/style.css\\n```\\n\\n## Key Patterns Demonstrated\\n\\n| Pattern | Code | Use Case |\\n|---------|------|----------|\\n| Basic static serving | `app.use(express.static('public'))` | Simple asset hosting |\\n| URL prefixing | `app.use('/static', express.static(...))` | Versioned assets, CDN paths |\\n| Multiple search paths | Multiple `express.static()` calls | Flattened URLs, fallback directories |\\n\\n## Connection to Express Core\\n\\nThis example directly exercises the `express.static` middleware, which is a thin wrapper around the `serve-static` npm package bundled with Express. The `require('../..')` pattern demonstrates that examples run against the local Express source, making this useful for:\\n- Verifying `express.static` behavior during Express development\\n- Testing middleware mounting logic\\n- Validating path resolution across platforms\",\"view-constructor-example\":\"# View Constructor Example\\n\\n# View Constructor Example\\n\\nThis example demonstrates how to replace Express's default view system with a custom `View` constructor that loads templates from remote sources \u2014 specifically, GitHub's raw content CDN. Instead of reading templates from the local filesystem, `GithubView` fetches them over HTTPS at render time.\\n\\n## Architecture Overview\\n\\nThe module consists of two files that work together to override Express's view resolution and rendering pipeline:\\n\\n```mermaid\\nflowchart LR\\n subgraph Express[\\\"Express Application\\\"]\\n direction TB\\n A[\\\"app.set('view', GithubView)\\\"]\\n B[\\\"app.engine('md', ...)\\\"]\\n C[\\\"res.render('path/to/file.md')\\\"]\\n end\\n \\n subgraph GithubView[\\\"GithubView Instance\\\"]\\n D[\\\"constructor(name, options)\\\"]\\n E[\\\"render(options, fn)\\\"]\\n end\\n \\n subgraph Remote[\\\"GitHub Raw CDN\\\"]\\n F[\\\"raw.githubusercontent.com\\\"]\\n end\\n \\n C --> D\\n D --> E\\n E -->|HTTPS GET| F\\n F -->|template string| E\\n E -->|engine(buf, options, fn)| B\\n B -->|fn(null, html)| C\\n```\\n\\n## Components\\n\\n### `github-view.js`\\n\\nCustom view constructor implementing the interface Express expects from a view class.\\n\\n#### `GithubView(name, options)`\\n\\n| Parameter | Description |\\n|-----------|-------------|\\n| `name` | Template identifier passed to `res.render()`, e.g. `'examples/markdown/views/index.md'` |\\n| `options` | Configuration object from Express, including `options.engines` and `options.root` |\\n\\nThe constructor resolves the template engine by mapping the file extension through `options.engines`, and constructs a GitHub raw URL path from `options.root` (configured as `app.set('views', ...)`).\\n\\n```javascript\\nthis.engine = options.engines[extname(name)]; // looks up 'md' \u2192 marked renderer\\nthis.path = '/' + options.root + '/master/' + name; // e.g. /expressjs/express/master/Readme.md\\n```\\n\\n#### `GithubView.prototype.render(options, fn)`\\n\\nFetches the remote template via HTTPS, then delegates to the registered engine for actual string-to-HTML transformation.\\n\\nThe callback signature `fn(err, html)` matches Express's internal expectations, allowing seamless integration with `res.render()`.\\n\\n### `index.js`\\n\\nApplication bootstrap that wires the custom view system into Express.\\n\\n| Configuration | Purpose |\\n|---------------|---------|\\n| `app.engine('md', ...)` | Registers `.md` extension handler using `marked.parse` with `{name}` interpolation |\\n| `app.set('views', 'expressjs/express')` | Sets target GitHub repo; consumed by `GithubView` as `options.root` |\\n| `app.set('view', GithubView)` | **Replaces** Express's default `View` class with `GithubView` |\\n\\n## Template Engine: Markdown with Interpolation\\n\\nThe registered `'md'` engine extends `marked.parse` with simple variable substitution:\\n\\n```javascript\\nhtml = html.replace(/\\\\{([^}]+)\\\\}/g, function(_, name){\\n return options[name] || '';\\n});\\n```\\n\\nThis allows templates from GitHub to reference `app.locals`, `res.locals`, or directly-passed locals like `{ title: 'Example' }`.\\n\\n## Usage Patterns\\n\\n### Render with explicit locals\\n```javascript\\nres.render('examples/markdown/views/index.md', { title: 'Example' });\\n```\\n\\n### Render with no additional locals\\n```javascript\\nres.render('Readme.md');\\n// relies on any pre-configured app.locals or res.locals\\n```\\n\\n## Key Integration Points\\n\\n| Express Default | This Example's Override |\\n|---------------|------------------------|\\n| `express/lib/view.js` | `GithubView` |\\n| Local filesystem lookup (`path.join(viewsDir, name)`) | HTTPS fetch from `raw.githubusercontent.com` |\\n| Synchronous `fs.readFile` | Async `https.request` with buffered response |\\n\\nThe `GithubView` must conform to Express's internal view contract: expose a `render(options, fn)` method that ultimately calls `fn(err, html)` with rendered output. The constructor receives `(name, options)` where `options.engines` contains all registered engines and `options.root` holds the `views` setting.\",\"view-locals-example\":\"# View Locals Example\\n\\n# View Locals Example\\n\\nAn Express.js example demonstrating three progressively cleaner approaches to passing data to EJS views, illustrating the evolution from nested callbacks to middleware-based `res.locals`.\\n\\n## Purpose\\n\\nThis example teaches patterns for sharing data between asynchronous operations and view templates. It compares callback nesting, request object attachment, and `res.locals` \u2014 Express's dedicated mechanism for view-local variables.\\n\\n## Module Structure\\n\\n| File | Role |\\n|------|------|\\n| `index.js` | Express application with three route implementations |\\n| `user.js` | Faux user model with async `all()` and `count()` methods |\\n| `views/index.ejs` | Template rendering user list with `title`, `count`, and `users` |\\n\\n## User Model\\n\\n`user.js` exports a constructor and two static methods simulating database access via `process.nextTick`:\\n\\n```javascript\\nUser.all(fn) // fn(err, users) \u2014 returns all users\\nUser.count(fn) // fn(err, count) \u2014 returns total user count\\n```\\n\\nThe faux database contains five users: three ferrets (`Tobi`, `Loki`, `Jane`) and two cats (`Luna`, `Manny`).\\n\\n## Route Implementations\\n\\n### Approach 1: Nested Callbacks (`GET /`)\\n\\nThe naive implementation nests `User.count` inside `User.all`, passing locals directly to `res.render()`:\\n\\n```javascript\\napp.get('/', function(req, res, next){\\n User.count(function(err, count){\\n if (err) return next(err);\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.render('index', {\\n title: 'Users',\\n count: count,\\n users: users.filter(ferrets)\\n });\\n })\\n })\\n});\\n```\\n\\n**Drawback**: Deep nesting; `count` and `users` are trapped in closure scope, unavailable to other middleware.\\n\\n### Approach 2: Middleware with `req` Attachment (`GET /middleware`)\\n\\nExtracts data fetching into reusable middleware, attaching results to `req`:\\n\\n```javascript\\nfunction count(req, res, next) {\\n User.count(function(err, count){\\n if (err) return next(err);\\n req.count = count;\\n next();\\n })\\n}\\n\\nfunction users(req, res, next) {\\n User.all(function(err, users){\\n if (err) return next(err);\\n req.users = users;\\n next();\\n })\\n}\\n\\napp.get('/middleware', count, users, function (req, res) {\\n res.render('index', {\\n title: 'Users',\\n count: req.count,\\n users: req.users.filter(ferrets)\\n });\\n});\\n```\\n\\n**Advantage**: Flat structure, reusable middleware, filtering deferred to final handler.\\n\\n### Approach 3: Middleware with `res.locals` (`GET /middleware-locals`)\\n\\nExplicitly exposes locals to the view layer, minimizing `res.render()` arguments:\\n\\n```javascript\\nfunction count2(req, res, next) {\\n User.count(function(err, count){\\n if (err) return next(err);\\n res.locals.count = count;\\n next();\\n })\\n}\\n\\nfunction users2(req, res, next) {\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.locals.users = users.filter(ferrets);\\n next();\\n })\\n}\\n\\napp.get('/middleware-locals', count2, users2, function (req, res) {\\n res.render('index', { title: 'Users' }); // count, users auto-available\\n});\\n```\\n\\n**Trade-off**: Filtering occurs in middleware, reducing flexibility for routes needing unfiltered data.\\n\\n## Data Flow Comparison\\n\\n```mermaid\\nflowchart LR\\n A[HTTP Request] --> B{Approach}\\n \\n B -->|Nested| C[Single HandlerUser.count \u2192 User.allres.render with all locals]\\n B -->|req.*| D[count middlewareusers middlewarefilter in handler]\\n B -->|res.locals| E[count2 middlewareusers2 middlewareminimal res.render]\\n \\n C --> F[EJS Template]\\n D --> F\\n E --> F\\n```\\n\\n## Global Locals Pattern\\n\\nThe commented sections demonstrate applying locals across route scopes:\\n\\n```javascript\\n// All routes\\napp.use(function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n\\n// Prefixed routes only\\napp.use('/api', function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n\\n// Route-pattern equivalent\\napp.all('/api/*', function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n```\\n\\n## View Template\\n\\n`views/index.ejs` expects three locals:\\n\\n| Local | Usage |\\n|-------|-------|\\n| `title` | Page `` and `\n` heading |\\n| `users` | Array iterated with `forEach` to list users |\\n| `count` | *Declared in code but unused in template* \u2014 available for extension |\\n\\nNote: The template contains a typo (`<% user.age %>` without `=`) preventing age display.\\n\\n## Running the Example\\n\\n```bash\\nnode examples/view-locals/index.js\\n```\\n\\nThe server listens on port 3000 when invoked directly (`!module.parent`). Visit:\\n- `http://localhost:3000/` \u2014 nested approach\\n- `http://localhost:3000/middleware` \u2014 `req` attachment\\n- `http://localhost:3000/middleware-locals` \u2014 `res.locals`\",\"virtual-hosts-example\":\"# Virtual Hosts Example\\n\\n# Virtual Hosts Example\\n\\nDemonstrates Express.js virtual host routing using the `vhost` middleware to serve different applications based on the hostname in incoming requests.\\n\\n## Overview\\n\\nThis example sets up a single Express server that handles three hostnames\u2014`example.com`, `foo.example.com`, and `bar.example.com`\u2014by routing each to distinct application logic. Wildcard subdomains redirect to the main domain with the subdomain preserved as a path segment, while the apex domain serves content directly.\\n\\n## Architecture\\n\\n```mermaid\\nflowchart LR\\n subgraph Hostnames\\n A[*.example.com]\\n B[example.com]\\n end\\n subgraph Apps\\n C[Redirect App]\\n D[Main App]\\n end\\n A -->|vhost wildcard| C\\n B -->|vhost exact| D\\n C -->|302 redirect| D\\n```\\n\\n## Components\\n\\n### Main Application (`main`)\\n\\nThe primary content server. Handles requests for the apex domain `example.com`.\\n\\n| Route | Response |\\n|-------|----------|\\n| `GET /` | `\\\"Hello from main app!\\\"` |\\n| `GET /:sub` | `\\\"requested {sub}\\\"` |\\n\\n```javascript\\nvar main = express();\\n\\nmain.get('/', function(req, res){\\n res.send('Hello from main app!');\\n});\\n\\nmain.get('/:sub', function(req, res){\\n res.send('requested ' + req.params.sub);\\n});\\n```\\n\\nThe `/:sub` route captures any single path segment, making `http://example.com:3000/foo` respond with `\\\"requested foo\\\"`.\\n\\n### Redirect Application (`redirect`)\\n\\nHandles all wildcard subdomain matches. Logs the parsed `vhost` object (when run standalone), then issues a 302 redirect to the main domain with the subdomain name appended as a path.\\n\\n```javascript\\nvar redirect = express();\\n\\nredirect.use(function(req, res){\\n if (!module.parent) console.log(req.vhost);\\n res.redirect('http://example.com:3000/' + req.vhost[0]);\\n});\\n```\\n\\nThe `req.vhost` property is populated by the `vhost` middleware as an array of captured groups. For `foo.example.com`, `req.vhost[0]` equals `\\\"foo\\\"`, producing a redirect to `http://example.com:3000/foo`.\\n\\n### VHost Router (`app`)\\n\\nThe top-level Express application that composes the `vhost` middleware instances. Registration order matters: more specific or wildcard patterns should typically precede exact matches if they overlap, though in this case `*.example.com` and `example.com` are disjoint.\\n\\n```javascript\\nvar app = module.exports = express();\\n\\napp.use(vhost('*.example.com', redirect));\\napp.use(vhost('example.com', main));\\n```\\n\\n## Execution Modes\\n\\nThe example supports two execution contexts controlled by `module.parent`:\\n\\n| Context | Behavior |\\n|---------|----------|\\n| **Required as module** (`module.parent` truthy) | Exports `app` without starting server or logging; omits `morgan` logger |\\n| **Run directly** (`node examples/vhost/index.js`) | Binds to port 3000, enables request logging, prints startup message, logs `req.vhost` objects |\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\n## Local Testing Setup\\n\\nThe example requires `/etc/hosts` entries for local resolution:\\n\\n```\\n127.0.0.1 foo.example.com\\n127.0.0.1 bar.example.com\\n127.0.0.1 example.com\\n```\\n\\n### Request Flow Examples\\n\\n| Request | Host Matched | Handling Application | Result |\\n|---------|-------------|----------------------|--------|\\n| `GET http://example.com:3000/` | `example.com` | `main` | `\\\"Hello from main app!\\\"` |\\n| `GET http://foo.example.com:3000/` | `*.example.com` | `redirect` | 302 \u2192 `http://example.com:3000/foo` |\\n| `GET http://bar.example.com:3000/` | `*.example.com` | `redirect` | 302 \u2192 `http://example.com:3000/bar` |\\n\\n## Dependencies\\n\\n- **`../..`** \u2014 Express framework (relative path resolves to repository root)\\n- **`morgan`** \u2014 HTTP request logger (`dev` format)\\n- **`vhost`** \u2014 Virtual host middleware; parses `Host` header and mounts sub-applications conditionally\",\"web-service-example\":\"# Web Service Example\\n\\n# Web Service Example\\n\\nA minimal REST API demonstrating Express middleware patterns, API key validation, error handling, and content negotiation through JSON responses.\\n\\n## Overview\\n\\nThis module implements a read-only web service that exposes user and repository data through authenticated endpoints. It demonstrates several core Express concepts:\\n\\n- **Path-specific middleware** for API key validation on `/api` routes\\n- **Custom error objects** with HTTP status codes\\n- **Error handling middleware** (arity of 4)\\n- **Fallback 404 handler** as terminal middleware\\n- **In-memory data stores** simulating database access\\n\\n## Request Flow\\n\\n```mermaid\\nflowchart LR\\n A[Client Request] --> B{Path startswith /api?}\\n B -->|Yes| C[API Key Validation]\\n B -->|No| G[404 Handler]\\n C -->|Invalid| D[Error Handler]\\n C -->|Valid| E[Route Handler]\\n E --> F[JSON Response]\\n E -->|Not Found| G\\n G --> H[404 JSON Response]\\n D --> I[Error JSON Response]\\n```\\n\\n## Module Exports\\n\\nThe Express application is exported directly, enabling testing and mounting in parent applications:\\n\\n```javascript\\nvar app = module.exports = express();\\n```\\n\\nThe server only binds to port 3000 when this file is the entry point (`!module.parent`), preventing port conflicts during testing or when imported as a submodule.\\n\\n## API Key Validation Middleware\\n\\nMounted at `/api`, this middleware intercepts all routes under that path prefix:\\n\\n```javascript\\napp.use('/api', function(req, res, next){\\n var key = req.query['api-key'];\\n\\n if (!key) return next(error(400, 'api key required'));\\n if (apiKeys.indexOf(key) === -1) return next(error(401, 'invalid api key'))\\n\\n req.key = key; // Stashed for downstream route access\\n next();\\n});\\n```\\n\\nKey behaviors:\\n- Returns `400` when `api-key` query parameter is missing\\n- Returns `401` when the key is not in the `apiKeys` whitelist\\n- Stores validated key on `req.key` for potential rate-limiting or audit logging by route handlers\\n\\n## Error Factory\\n\\nThe `error()` helper creates Error instances with an attached `.status` property, which both Express and Connect recognize for HTTP status code propagation:\\n\\n```javascript\\nfunction error(status, msg) {\\n var err = new Error(msg);\\n err.status = status;\\n return err;\\n}\\n```\\n\\nThis pattern allows middleware to remain agnostic about response formatting\u2014the error handler centralizes how errors are serialized.\\n\\n## Data Layer\\n\\nThree in-memory structures simulate persistent storage:\\n\\n| Variable | Type | Purpose |\\n|----------|------|---------|\\n| `apiKeys` | `Array` | Valid API key whitelist |\\n| `repos` | `Array<{name, url}>` | Global repository catalog |\\n| `users` | `Array<{name}>` | User directory |\\n| `userRepos` | `Object>` | User-to-repository mapping |\\n\\n## Route Handlers\\n\\n| Method | Path | Description | Example |\\n|--------|------|-------------|---------|\\n| GET | `/api/users` | List all users | `?api-key=foo` |\\n| GET | `/api/repos` | List all repositories | `?api-key=foo` |\\n| GET | `/api/user/:name/repos` | Repositories for specific user | `/user/tobi/repos?api-key=foo` |\\n\\nThe user repository route demonstrates parametric routing with fallback to `next()` for 404 handling:\\n\\n```javascript\\napp.get('/api/user/:name/repos', function(req, res, next){\\n var name = req.params.name;\\n var user = userRepos[name];\\n\\n if (user) res.send(user);\\n else next(); // Falls through to 404 handler\\n});\\n```\\n\\n## Error Handling Stack\\n\\nTwo terminal middleware handlers process requests that escape the route layer:\\n\\n### Error Handler (4-arity)\\n\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500);\\n res.send({ error: err.message });\\n});\\n```\\n\\nExpress distinguishes this as error middleware by its signature `(err, req, res, next)`. It is only invoked when `next(err)` is called or a synchronous error is thrown in prior middleware.\\n\\n### 404 Handler (2-arity)\\n\\n```javascript\\napp.use(function(req, res){\\n res.status(404);\\n res.send({ error: \\\"Sorry, can't find that\\\" })\\n});\\n```\\n\\nPlaced last in the middleware stack, this catches any request that reaches it without a prior response. The consistent JSON shape (`{ error: string }`) maintains API contract uniformity.\\n\\n## Connection to Express Core\\n\\nThis example imports Express via a relative path (`../../`), indicating it resides within the Express repository's `examples/` directory. It exercises:\\n\\n- `app.use([path], fn)` \u2014 path-specific middleware mounting\\n- `app.get(path, fn)` \u2014 route registration\\n- `res.send(body)` \u2014 JSON serialization (delegated to `test/Router.js` per call graph)\\n- `res.status(code)` \u2014 status code setting\\n\\nThe `res.send` calls route through Express's response machinery, which handles content negotiation and JSON stringification.\"};\nvar TREE = [{\"name\":\"Project Documentation\",\"slug\":\"project-documentation\",\"files\":[\"History.md\",\"Readme.md\"]},{\"name\":\"Core Framework\",\"slug\":\"core-framework\",\"files\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"]},{\"name\":\"Application Configuration\",\"slug\":\"application-configuration\",\"files\":[\"package.json\"]},{\"name\":\"Authentication Example\",\"slug\":\"authentication-example\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Content Negotiation Example\",\"slug\":\"content-negotiation-example\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Cookie Sessions Example\",\"slug\":\"cookie-sessions-example\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Cookies Example\",\"slug\":\"cookies-example\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Downloads Example\",\"slug\":\"downloads-example\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"EJS Templating Example\",\"slug\":\"ejs-templating-example\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Error Handling Examples\",\"slug\":\"error-handling-examples\",\"files\":[\"examples/error/index.js\",\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Hello World Example\",\"slug\":\"hello-world-example\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Markdown Example\",\"slug\":\"markdown-example\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Multi-Router Example\",\"slug\":\"multi-router-example\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"MVC Example\",\"slug\":\"mvc-example\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Online Example\",\"slug\":\"online-example\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Route Parameters Example\",\"slug\":\"route-parameters-example\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Resource Example\",\"slug\":\"resource-example\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Route Map Example\",\"slug\":\"route-map-example\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Route Middleware Example\",\"slug\":\"route-middleware-example\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Route Separation Example\",\"slug\":\"route-separation-example\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Search Example\",\"slug\":\"search-example\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Session Example\",\"slug\":\"session-example\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Static Files Example\",\"slug\":\"static-files-example\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Virtual Hosts Example\",\"slug\":\"virtual-hosts-example\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"View Constructor Example\",\"slug\":\"view-constructor-example\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"View Locals Example\",\"slug\":\"view-locals-example\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Web Service Example\",\"slug\":\"web-service-example\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}];\nvar META = {\"fromCommit\":\"f873ac23124ffcff8c040b4bd257b32c29828d53\",\"generatedAt\":\"2026-05-09T02:54:42.430Z\",\"model\":\"kimi-for-coding\",\"moduleFiles\":{\"Project Documentation\":[\"History.md\",\"Readme.md\"],\"Core Framework\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"],\"Application Configuration\":[\"package.json\"],\"Authentication Example\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"],\"Content Negotiation Example\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"],\"Cookie Sessions Example\":[\"examples/cookie-sessions/index.js\"],\"Cookies Example\":[\"examples/cookies/index.js\"],\"Downloads Example\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"],\"EJS Templating Example\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"],\"Error Handling Examples\":[\"examples/error/index.js\",\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"],\"Hello World Example\":[\"examples/hello-world/index.js\"],\"Markdown Example\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"],\"Multi-Router Example\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"],\"MVC Example\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"],\"Online Example\":[\"examples/online/index.js\"],\"Route Parameters Example\":[\"examples/params/index.js\"],\"Resource Example\":[\"examples/resource/index.js\"],\"Route Map Example\":[\"examples/route-map/index.js\"],\"Route Middleware Example\":[\"examples/route-middleware/index.js\"],\"Route Separation Example\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"],\"Search Example\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"],\"Session Example\":[\"examples/session/index.js\",\"examples/session/redis.js\"],\"Static Files Example\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"],\"Virtual Hosts Example\":[\"examples/vhost/index.js\"],\"View Constructor Example\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"],\"View Locals Example\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"],\"Web Service Example\":[\"examples/web-service/index.js\"],\"Other\":[\"examples/README.md\",\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\",\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\",\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"],\"Other \u2014 examples\":[\"examples/README.md\"],\"Other \u2014 test\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"],\"Other \u2014 acceptance\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"],\"Other \u2014 support\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]},\"moduleTree\":[{\"name\":\"Project Documentation\",\"slug\":\"project-documentation\",\"files\":[\"History.md\",\"Readme.md\"]},{\"name\":\"Core Framework\",\"slug\":\"core-framework\",\"files\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"]},{\"name\":\"Application Configuration\",\"slug\":\"application-configuration\",\"files\":[\"package.json\"]},{\"name\":\"Authentication Example\",\"slug\":\"authentication-example\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Content Negotiation Example\",\"slug\":\"content-negotiation-example\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Cookie Sessions Example\",\"slug\":\"cookie-sessions-example\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Cookies Example\",\"slug\":\"cookies-example\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Downloads Example\",\"slug\":\"downloads-example\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"EJS Templating Example\",\"slug\":\"ejs-templating-example\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Error Handling Examples\",\"slug\":\"error-handling-examples\",\"files\":[\"examples/error/index.js\",\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Hello World Example\",\"slug\":\"hello-world-example\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Markdown Example\",\"slug\":\"markdown-example\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Multi-Router Example\",\"slug\":\"multi-router-example\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"MVC Example\",\"slug\":\"mvc-example\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Online Example\",\"slug\":\"online-example\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Route Parameters Example\",\"slug\":\"route-parameters-example\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Resource Example\",\"slug\":\"resource-example\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Route Map Example\",\"slug\":\"route-map-example\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Route Middleware Example\",\"slug\":\"route-middleware-example\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Route Separation Example\",\"slug\":\"route-separation-example\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Search Example\",\"slug\":\"search-example\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Session Example\",\"slug\":\"session-example\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Static Files Example\",\"slug\":\"static-files-example\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Virtual Hosts Example\",\"slug\":\"virtual-hosts-example\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"View Constructor Example\",\"slug\":\"view-constructor-example\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"View Locals Example\",\"slug\":\"view-locals-example\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Web Service Example\",\"slug\":\"web-service-example\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}]};\n\n(function() {\n var activePage = 'overview';\n\n document.addEventListener('DOMContentLoaded', function() {\n mermaid.initialize({ startOnLoad: false, theme: 'neutral', securityLevel: 'loose' });\n renderMeta();\n renderNav();\n document.getElementById('menu-toggle').addEventListener('click', function() {\n document.getElementById('sidebar').classList.toggle('open');\n });\n if (location.hash && location.hash.length > 1) {\n activePage = decodeURIComponent(location.hash.slice(1));\n }\n navigateTo(activePage);\n });\n\n function renderMeta() {\n if (!META) return;\n var el = document.getElementById('meta-info');\n var parts = [];\n if (META.generatedAt) {\n parts.push(new Date(META.generatedAt).toLocaleDateString());\n }\n if (META.model) parts.push(META.model);\n if (META.fromCommit) parts.push(META.fromCommit.slice(0, 8));\n el.textContent = parts.join(' \\u00b7 ');\n }\n\n function renderNav() {\n var container = document.getElementById('nav-tree');\n var html = '\n';\n html += 'Overview';\n html += '';\n if (TREE.length > 0) {\n html += '\nModules';\n html += buildNavTree(TREE);\n }\n container.innerHTML = html;\n container.addEventListener('click', function(e) {\n var target = e.target;\n while (target && !target.dataset.page) { target = target.parentElement; }\n if (target && target.dataset.page) {\n e.preventDefault();\n navigateTo(target.dataset.page);\n }\n });\n }\n\n function buildNavTree(nodes) {\n var html = '';\n for (var i = 0; i < nodes.length; i++) {\n var node = nodes[i];\n html += '\n';\n html += '' + escH(node.name) + '';\n if (node.children && node.children.length > 0) {\n html += '\n' + buildNavTree(node.children) + '';\n }\n html += '';\n }\n return html;\n }\n\n function escH(s) {\n var d = document.createElement('div');\n d.textContent = s;\n return d.innerHTML;\n }\n\n function navigateTo(page) {\n activePage = page;\n location.hash = encodeURIComponent(page);\n\n var items = document.querySelectorAll('.nav-item');\n for (var i = 0; i < items.length; i++) {\n if (items[i].dataset.page === page) {\n items[i].classList.add('active');\n } else {\n items[i].classList.remove('active');\n }\n }\n\n var contentEl = document.getElementById('content');\n var md = PAGES[page];\n\n if (!md) {\n contentEl.innerHTML = '\n\nPage not found\n' + escH(page) + '.md does not exist.';\n return;\n }\n\n contentEl.innerHTML = marked.parse(md);\n\n // Rewrite .md links to hash navigation\n var links = contentEl.querySelectorAll('a[href]');\n for (var i = 0; i < links.length; i++) {\n var href = links[i].getAttribute('href');\n if (href && href.endsWith('.md') && href.indexOf('://') === -1) {\n var slug = href.replace(/\\.md$/, '');\n links[i].setAttribute('href', '#' + encodeURIComponent(slug));\n (function(s) {\n links[i].addEventListener('click', function(e) {\n e.preventDefault();\n navigateTo(s);\n });\n })(slug);\n }\n }\n\n // Convert mermaid code blocks into mermaid divs\n var mermaidBlocks = contentEl.querySelectorAll('pre code.language-mermaid');\n for (var i = 0; i < mermaidBlocks.length; i++) {\n var pre = mermaidBlocks[i].parentElement;\n var div = document.createElement('div');\n div.className = 'mermaid';\n div.textContent = mermaidBlocks[i].textContent;\n pre.parentNode.replaceChild(div, pre);\n }\n try { mermaid.run({ querySelector: '.mermaid' }); } catch(e) {}\n\n window.scrollTo(0, 0);\n document.getElementById('sidebar').classList.remove('open');\n }\n})();\n\n\n\n", "creation_timestamp": "2026-05-09T02:54:50.000000Z"}