{"uuid": "e5353b83-bf83-40b8-970d-d6a3d6c1fee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/Adcbda/1903b9267561971f4b148df4c6e3182f", "content": "\n\n\n\n\nexpress \u2014 Wiki\n\n\n\n\n*{margin:0;padding:0;box-sizing:border-box}\n:root{\n --bg:#ffffff;--sidebar-bg:#f8f9fb;--border:#e5e7eb;\n --text:#1e293b;--text-muted:#64748b;--primary:#2563eb;\n --primary-soft:#eff6ff;--hover:#f1f5f9;--code-bg:#f1f5f9;\n --radius:8px;--shadow:0 1px 3px rgba(0,0,0,.08);\n}\nbody{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;\n line-height:1.65;color:var(--text);background:var(--bg)}\n\n.layout{display:flex;min-height:100vh}\n.sidebar{width:280px;background:var(--sidebar-bg);border-right:1px solid var(--border);\n position:fixed;top:0;left:0;bottom:0;overflow-y:auto;padding:24px 16px;\n display:flex;flex-direction:column;z-index:10}\n.content{margin-left:280px;flex:1;padding:48px 64px;max-width:960px}\n\n.sidebar-header{margin-bottom:20px;padding-bottom:16px;border-bottom:1px solid var(--border)}\n.sidebar-title{font-size:16px;font-weight:700;color:var(--text);display:flex;align-items:center;gap:8px}\n.sidebar-title svg{flex-shrink:0}\n.sidebar-meta{font-size:11px;color:var(--text-muted);margin-top:6px}\n.nav-section{margin-bottom:2px}\n.nav-item{display:block;padding:7px 12px;border-radius:var(--radius);cursor:pointer;\n font-size:13px;color:var(--text);text-decoration:none;transition:all .15s;\n white-space:nowrap;overflow:hidden;text-overflow:ellipsis}\n.nav-item:hover{background:var(--hover)}\n.nav-item.active{background:var(--primary-soft);color:var(--primary);font-weight:600}\n.nav-item.overview{font-weight:600;margin-bottom:4px}\n.nav-children{padding-left:14px;border-left:1px solid var(--border);margin-left:12px}\n.nav-group-label{font-size:11px;font-weight:600;color:var(--text-muted);\n text-transform:uppercase;letter-spacing:.5px;padding:12px 12px 4px;user-select:none}\n.sidebar-footer{margin-top:auto;padding-top:16px;border-top:1px solid var(--border);\n font-size:11px;color:var(--text-muted);text-align:center}\n\n.content h1{font-size:28px;font-weight:700;margin-bottom:8px;line-height:1.3}\n.content h2{font-size:22px;font-weight:600;margin:32px 0 12px;padding-bottom:6px;border-bottom:1px solid var(--border)}\n.content h3{font-size:17px;font-weight:600;margin:24px 0 8px}\n.content h4{font-size:15px;font-weight:600;margin:20px 0 6px}\n.content p{margin:12px 0}\n.content ul,.content ol{margin:12px 0 12px 24px}\n.content li{margin:4px 0}\n.content a{color:var(--primary);text-decoration:none}\n.content a:hover{text-decoration:underline}\n.content blockquote{border-left:3px solid var(--primary);padding:8px 16px;margin:16px 0;\n background:var(--primary-soft);border-radius:0 var(--radius) var(--radius) 0;\n color:var(--text-muted);font-size:14px}\n.content code{font-family:'SF Mono',Consolas,'Courier New',monospace;font-size:13px;\n background:var(--code-bg);padding:2px 6px;border-radius:4px}\n.content pre{background:#1e293b;color:#e2e8f0;border-radius:var(--radius);padding:16px;\n overflow-x:auto;margin:16px 0}\n.content pre code{background:none;padding:0;font-size:13px;line-height:1.6;color:inherit}\n.content table{border-collapse:collapse;width:100%;margin:16px 0}\n.content th,.content td{border:1px solid var(--border);padding:8px 12px;text-align:left;font-size:14px}\n.content th{background:var(--sidebar-bg);font-weight:600}\n.content img{max-width:100%;border-radius:var(--radius)}\n.content hr{border:none;border-top:1px solid var(--border);margin:32px 0}\n.content .mermaid{margin:20px 0;text-align:center}\n\n.menu-toggle{display:none;position:fixed;top:12px;left:12px;z-index:20;\n background:var(--bg);border:1px solid var(--border);border-radius:var(--radius);\n padding:8px 12px;cursor:pointer;font-size:18px;box-shadow:var(--shadow)}\n@media(max-width:768px){\n .sidebar{transform:translateX(-100%);transition:transform .2s}\n .sidebar.open{transform:translateX(0);box-shadow:2px 0 12px rgba(0,0,0,.1)}\n .content{margin-left:0;padding:24px 20px;padding-top:56px}\n .menu-toggle{display:block}\n}\n.empty-state{text-align:center;padding:80px 20px;color:var(--text-muted)}\n.empty-state h2{font-size:20px;margin-bottom:8px;border:none}\n\n\n\n\n☰\n\n\n\n\n\n\n\n\n\nexpress\n\n\n\n\n\n\n\nGenerated by GitNexus\n\n\n\n\n\nLoading\u2026\n\n\n\nvar PAGES = {\"application-core\":\"# Application Core\\n\\n# Application Core Module\\n\\n## Overview\\nThe Application Core module provides the foundational factory, prototype, and request lifecycle logic for the Express framework. It exposes `createApplication()` as the primary entry point, constructs the callable `app` object, and defines the `application` prototype that handles configuration, middleware mounting, routing delegation, view rendering, and HTTP server creation.\\n\\n## Initialization & Architecture\\nThe module is structured around a factory pattern combined with prototype mixing:\\n\\n- **Entry Point**: `index.js` re-exports `./lib/express`\\n- **Factory**: `lib/express.js` exports `createApplication()`, which returns a callable function `app(req, res, next)`\\n- **Prototype Mixing**: `merge-descriptors` is used to attach `EventEmitter.prototype` and the `application` prototype (`proto`) to the `app` function\\n- **Request/Response Prototypes**: `app.request` and `app.response` are created via `Object.create()` with an `app` property descriptor. These serve as the base prototypes for incoming Node.js `req` and `res` objects\\n- **Lazy Router**: The `app.router` property is defined via `Object.defineProperty` with a getter that instantiates a `Router` only on first access, configured with `caseSensitive` and `strict` settings\\n\\n## Core API Reference\\n\\n### Configuration & Settings\\nSettings are stored in `this.settings` and managed through a unified API:\\n- `app.set(setting, val)` / `app.set(setting)`: Assigns or retrieves a setting. Triggers compilation for `etag`, `query parser`, and `trust proxy` via `compileETag`, `compileQueryParser`, and `compileTrust`\\n- `app.enable(setting)` / `app.disable(setting)`: Shorthand for `app.set(setting, true/false)`\\n- `app.enabled(setting)` / `app.disabled(setting)`: Boolean checks against stored settings\\n- `app.defaultConfiguration()`: Initializes defaults (`x-powered-by`, `etag: 'weak'`, `env`, `query parser: 'simple'`, `subdomain offset: 2`, `trust proxy: false`, `view cache` in production)\\n\\n### Routing & Middleware\\nRouting methods delegate to the lazily initialized `Router` instance:\\n- `app.use([path], ...fn)`: Proxies to `router.use()`. Handles argument flattening via `Array.prototype.flat`. If `fn` is an Express app, it mounts it, sets `fn.mountpath` and `fn.parent`, and wraps execution to restore original `req`/`res` prototypes after the sub-app finishes\\n- `app.route(path)`: Returns a new `Route` instance for isolated middleware stacks\\n- `app.param(name, fn)`: Proxies to `router.param()`. Accepts arrays of parameter names\\n- `app.all(path, ...fn)`: Registers middleware/callbacks for all HTTP methods\\n- **HTTP Verbs**: Dynamically generated via `methods.forEach`. `app.get(path)` acts as a settings getter when called with a single argument; otherwise, it delegates to `route.get()`\\n\\n### Request Handling Pipeline\\n- `app.handle(req, res, callback)`: Core dispatch function. Sets up circular references (`req.res`, `res.req`), attaches `app.request`/`app.response` prototypes to incoming objects, initializes `res.locals`, and delegates to `this.router.handle(req, res, done)`\\n- If no callback is provided, `finalhandler` is used as the terminal error handler, configured with `this.get('env')` and `logerror`\\n\\n### View Rendering\\n- `app.render(name, options, callback)`: Resolves views using the `View` constructor. Merges `this.locals`, `opts._locals`, and `opts`. Supports view caching via `this.cache` when `view cache` is enabled\\n- `app.engine(ext, fn)`: Registers template engine callbacks keyed by file extension\\n- `tryRender(view, options, callback)`: Internal wrapper that catches synchronous rendering errors and passes them to the callback\\n\\n### Server Lifecycle\\n- `app.listen()`: Creates an `http.Server` with `this` as the request handler. Wraps the final callback argument with `once` to prevent duplicate error event emissions, then delegates to `server.listen()`\\n\\n## Request Execution Flow\\n```mermaid\\ngraph TD\\n A[Incoming HTTP Request] --> B[app(req, res, next)]\\n B --> C[app.handle]\\n C --> D[Set req/res prototypes & locals]\\n D --> E[router.handle]\\n E --> F[Middleware/Route Execution]\\n F --> G[finalhandler / logerror]\\n```\\n\\n1. The callable `app` function receives the raw Node.js request\\n2. `app.handle()` initializes the pipeline, optionally attaching `finalhandler`\\n3. `X-Powered-By` header is set if enabled\\n4. `req` and `res` prototypes are swapped to `app.request` and `app.response`\\n5. `res.locals` is initialized if absent\\n6. Control passes to `this.router.handle()`, which executes the middleware stack\\n7. Unhandled errors or completed responses trigger `finalhandler`, which logs via `logerror` in non-test environments\\n\\n## Key Implementation Patterns\\n\\n### Prototype Restoration for Mounted Apps\\nWhen a sub-application is mounted via `app.use()`, the wrapper function captures `req.app` before execution. After the sub-app's `handle()` completes, it restores the original prototypes:\\n```javascript\\nObject.setPrototypeOf(req, orig.request)\\nObject.setPrototypeOf(res, orig.response)\\n```\\nThis ensures middleware chains outside the mounted app continue using the parent's prototype chain.\\n\\n### Lazy Router Instantiation\\nThe router is not created during `app.init()`. Instead, a getter defers instantiation until the first routing or middleware call:\\n```javascript\\nObject.defineProperty(this, 'router', {\\n get: function getrouter() {\\n if (router === null) {\\n router = new Router({ ... });\\n }\\n return router;\\n }\\n});\\n```\\nThis avoids overhead for applications that only use `app.set()` or `app.render()`.\\n\\n### Settings Compilation & Inheritance\\nSpecial settings (`etag`, `query parser`, `trust proxy`) trigger immediate compilation into internal `fn` properties. The `trustProxyDefaultSymbol` tracks whether the default trust proxy state should be inherited from a parent app during `mount` events, maintaining backward compatibility with Express 4.x behavior.\\n\\n### Error Handling & Logging\\n`logerror()` is bound to the app instance and invoked by `finalhandler` when errors bubble up. It suppresses output in `test` environments and logs `err.stack` or `err.toString()` otherwise.\",\"other-acceptance\":\"# Other \u2014 acceptance\\n\\n# Acceptance Test Module\\n\\n## Purpose\\nThe `test/acceptance/` directory contains end-to-end integration tests for the Express.js example applications. Each file validates the HTTP behavior, routing logic, middleware execution, and response formatting of a specific example. The suite ensures that examples function correctly as standalone applications before deployment or documentation publication.\\n\\n## Architecture & Tooling\\n- **Test Runner**: Mocha (`describe`, `it`, `done`)\\n- **HTTP Simulation**: `supertest` (`request(app)`)\\n- **Assertion Pattern**: Chained `.expect()` calls for status codes, headers, response bodies (regex or exact strings), and redirects\\n- **Execution Model**: Tests import Express app instances directly from `../../examples/` and pass them to `supertest`. This bypasses the need for a live HTTP server, enabling fast, isolated test execution.\\n\\n```mermaid\\nflowchart LR\\n A[Test File] -->|require| B[Express App]\\n A -->|request| C[supertest]\\n C -->|HTTP Simulation| B\\n B -->|Response| C\\n C -->|expect| D[Assertions]\\n A -->|getCookie / getCookies| E[Cookie Helpers]\\n A -->|shouldNotHaveHeader| F[test/support/utils.js]\\n```\\n\\n## Execution Flow\\nEach test follows a consistent asynchronous pattern:\\n1. **App Initialization**: `var app = require('../../examples/')`\\n2. **Request Construction**: `request(app).('/path')`\\n3. **Payload/Headers**: `.type('urlencoded')`, `.send({})`, `.set('Header', 'value')`\\n4. **Validation**: `.expect(status, body, done)` or chained `.expect()` calls\\n5. **Stateful Follow-up**: Capture `Set-Cookie` headers, parse with helper functions, and attach to subsequent requests via `.set('Cookie', ...)`\\n\\nThe `send` method routes payloads through the test simulation layer, which interfaces with the underlying Express router to trigger middleware and route handlers.\\n\\n## Test Domains & Coverage\\n| File | Feature Validated | Key Behaviors |\\n|------|-------------------|---------------|\\n| `auth.js` | Session-based authentication | Login redirects, credential validation, protected route access, session persistence |\\n| `cookie-sessions.js` | Cookie-backed sessions | View counters, `Set-Cookie` header generation, session state across requests |\\n| `cookies.js` | Manual cookie management | Cookie setting/clearing, conditional header emission, form-driven state |\\n| `content-negotiation.js` | `Accept` header routing | Default `text/html`, `text/plain`, and `application/json` response formatting |\\n| `downloads.js` | Static file serving | `Content-Disposition` headers, 404 for missing files, 403 for path traversal |\\n| `ejs.js` / `markdown.js` | Template rendering | HTML output generation, error handling on render failure |\\n| `error.js` / `error-pages.js` | Error handling | 404/500 status codes, format-aware error payloads (JSON/HTML/plain text) |\\n| `multi-router.js` / `route-map.js` / `route-separation.js` | Routing architecture | Nested routers, HTTP method mapping, modular route organization |\\n| `mvc.js` | CRUD & MVC patterns | Resource creation, form submission (`PUT`/`POST`), redirects, 404/500 handling |\\n| `params.js` / `resource.js` | Parameter parsing & REST | Range parsing (`1..3`), integer validation, resource deletion, JSON fallback |\\n| `vhost.js` | Virtual host routing | `Host` header matching, subdomain redirection |\\n| `web-service.js` | API security | API key validation (`400`/`401`), protected endpoints, JSON error responses |\\n| `hello-world.js` | Baseline routing | Simple GET response, default 404 handling |\\n\\n## State Management & Helpers\\nStateful tests (authentication, sessions, cookies) rely on two internal helper functions:\\n- `getCookie(res)`: Extracts the first cookie from `res.headers['set-cookie'][0]` by splitting on `;`\\n- `getCookies(res)`: Maps all `set-cookie` headers, extracts the key-value pairs, and joins them with `; ` for multi-cookie requests\\n\\nBoth helpers are used to maintain session state across sequential HTTP requests within a single test case.\\n\\nExternal assertions are imported from `test/support/utils.js`:\\n- `utils.shouldNotHaveHeader('Header-Name')`: Validates that a specific header is absent from the response (e.g., ensuring `Set-Cookie` is not emitted when no session is created).\\n\\n## Integration Points\\n- **Test Support**: `test/support/utils.js` provides shared assertion utilities\\n- **Example Apps**: All tests target modules under `examples/`, importing the exported Express app instance\\n- **Request Simulation**: `supertest` intercepts Express's internal routing, allowing `.send()` to trigger middleware chains without network overhead\\n- **Async Control**: All tests use the Mocha `done` callback pattern to handle asynchronous HTTP simulation and assertion resolution\\n\\n## Adding New Tests\\n1. Create a new file in `test/acceptance/` matching the target example name\\n2. Import the app: `var app = require('../../examples/')`\\n3. Structure tests using `describe` for routes/features and `it` for individual assertions\\n4. Use `.expect()` for status codes, headers, and body content. Prefer regex for HTML and exact strings for JSON\\n5. For stateful flows, capture cookies via `getCookie(res)` or `getCookies(res)` and attach them to follow-up requests using `.set('Cookie', ...)`\\n6. Always pass `done` to the final `.expect()` call or return a promise to ensure proper async resolution\",\"other-auth\":\"# Other \u2014 auth\\n\\n# Other \u2014 auth\\n\\nThis Express.js example demonstrates session-based user authentication using `express-session` and `pbkdf2-password`. It provides a complete, self-contained flow for login, session lifecycle management, route protection, and logout, backed by an in-memory user store.\\n\\n## Architecture & Request Flow\\n\\nThe application follows a standard Express middleware pipeline:\\n1. **Parsing & Session Initialization**: `express.urlencoded()` parses form data, while `express-session` attaches a session object to `req`.\\n2. **Flash Message Handling**: A custom middleware extracts `req.session.error` and `req.session.success`, formats them into HTML, assigns them to `res.locals.message`, and immediately deletes them from the session.\\n3. **Routing & Protection**: Public routes (`/`, `/login`) render views or redirect. Protected routes (`/restricted`) pass through the `restrict` guard.\\n4. **Authentication**: `POST /login` invokes `authenticate()`, which verifies credentials against a pre-hashed in-memory user object. Successful authentication triggers session regeneration and user storage.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Session\\n participant Auth\\n Client->>Express: POST /login\\n Express->>Session: Load/attach session\\n Express->>Auth: authenticate(username, password)\\n Auth-->>Express: Callback(err, user)\\n alt Valid Credentials\\n Express->>Session: regenerate()\\n Express->>Session: Store req.session.user\\n Express-->>Client: Redirect to referrer\\n else Invalid Credentials\\n Express->>Session: Set req.session.error\\n Express-->>Client: Redirect to /login\\n end\\n```\\n\\n## Key Components\\n\\n### Session & Message Middleware\\n- **`express-session`**: Configured with `resave: false` and `saveUninitialized: false` to prevent unnecessary session writes. Uses a hardcoded secret (`'shhhh, very secret'`).\\n- **Message Middleware**: Intercepts session-stored flash messages before route handlers execute. Clears them immediately after assignment to `res.locals.message` to prevent duplicate rendering on subsequent requests.\\n\\n### Password Hashing & Verification\\n- **Initialization**: On startup, `pbkdf2-password` hashes the password `'foobar'` for the user `tj`. The resulting `salt` and `hash` are stored in the `users` object.\\n- **`authenticate(name, pass, fn)`**: Retrieves the user by username. Re-hashes the provided password using the stored salt via `pbkdf2-password`. Compares the resulting hash against `user.hash`. Invokes the callback with `(err, user)` on match, or `(err, null)` on mismatch.\\n\\n### Route Protection (`restrict`)\\n- **`restrict(req, res, next)`**: Middleware that checks for `req.session.user`. If present, calls `next()`. If absent, sets `req.session.error = 'Access denied!'` and redirects to `/login`. Applied to `GET /restricted`.\\n\\n### Login & Session Lifecycle\\n- **`POST /login`**: Validates `req.body`, calls `authenticate()`. On success, calls `req.session.regenerate()` to issue a new session ID (preventing fixation), stores the user object in `req.session.user`, sets a success message, and redirects. On failure, sets an error message and redirects to `/login`.\\n- **`GET /logout`**: Calls `req.session.destroy()` to invalidate the session server-side and redirects to `/`.\\n- **`GET /restricted`**: Uses `res.send()` to render a protected message with a logout link.\\n\\n## Views & Templating\\n- **Engine**: EJS (`app.set('view engine', 'ejs')`)\\n- **Layout**: Composed of `head.ejs` (HTML boilerplate, CSS for `.error`/`.success` classes) and `foot.ejs`.\\n- **`login.ejs`**: Includes the layout partials, renders `<%- message %>` for flash notifications, and provides a POST form targeting `/login`.\\n\\n## Security Considerations\\n- **Session Fixation Prevention**: `req.session.regenerate()` is called immediately after successful authentication, ensuring the session ID changes post-login.\\n- **Password Storage**: PBKDF2 with per-user salt is used. Never store plaintext passwords.\\n- **In-Memory Store**: The `users` object is strictly for demonstration. Production systems should use a persistent database and a dedicated session store (e.g., Redis, `connect-pg-simple`).\\n- **Secret Management**: The session secret is hardcoded. Replace with `process.env.SESSION_SECRET` in production.\\n\\n## Running the Example\\n```bash\\nnode examples/auth/index.js\\n```\\nThe server starts on `http://localhost:3000`. Default credentials are `tj` / `foobar`. Access `/restricted` to trigger the authentication guard, or navigate directly to `/login`.\",\"other-content-negotiation\":\"# Other \u2014 content-negotiation\\n\\n# Other \u2014 content-negotiation\\n\\n## Overview\\nThis module demonstrates HTTP content negotiation in Express using the `res.format()` API. It provides two distinct patterns for serving the same underlying data (`users`) in multiple representations (`html`, `text`, `json`) based on the client's `Accept` header.\\n\\n## Architecture & Components\\nThe module is structured across three files:\\n\\n| File | Purpose |\\n|------|---------|\\n| `db.js` | In-memory data store exporting an array of user objects (`{ name: string }`). |\\n| `index.js` | Express application entry point. Defines routes and implements a reusable `format()` middleware factory. |\\n| `users.js` | External format handler module exporting `html`, `text`, and `json` response functions. |\\n\\n## Content Negotiation Patterns\\n\\n### 1. Inline Format Handlers (`GET /`)\\nThe root route demonstrates direct, inline content negotiation. An object mapping MIME types to handler functions is passed directly to `res.format()`:\\n```javascript\\nres.format({\\n html: function() { res.send('\n...<\\/ul>'); },\\n text: function() { res.send(' - Tobi\\\\n...'); },\\n json: function() { res.json(users); }\\n});\\n```\\nExpress automatically parses the `Accept` header, selects the highest-priority matching type, and executes the corresponding handler.\\n\\n### 2. Modular Format Handlers (`GET /users`)\\nThe `/users` route demonstrates a declarative, reusable approach using a custom middleware factory:\\n```javascript\\nfunction format(path) {\\n var obj = require(path);\\n return function(req, res) {\\n res.format(obj);\\n };\\n}\\n\\napp.get('/users', format('./users'));\\n```\\nThe `format(path)` function dynamically loads a module (e.g., `users.js`) that exports format-specific functions. This separates routing logic from response formatting, making it easier to maintain and test.\\n\\n## Execution Flow\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Route\\n participant FormatHandler\\n Client->>Express: GET /users (Accept: application/json)\\n Express->>Route: Match /users\\n Route->>FormatHandler: res.format({html, text, json})\\n FormatHandler->>Express: Select best match (json)\\n Express->>Client: 200 OK + JSON payload\\n```\\n\\n## Integration & Testing\\n- **Test Coverage:** The negotiation logic is validated by `test/res.format.js`, which exercises handler selection and execution.\\n- **Cross-Module References:** The `format()` factory pattern is referenced in `examples/error-pages/index.js` as a reusable abstraction for declarative response formatting.\\n- **Response Delegation:** All format handlers ultimately delegate to `res.send()` or `res.json()`, ensuring consistent Express response lifecycle behavior.\\n\\n## Developer Notes\\n- **MIME Type Matching:** `res.format()` supports exact matches (`json`), type aliases (`html`), and wildcards. If no match is found, Express returns a `406 Not Acceptable` response.\\n- **Extensibility:** To add a new format (e.g., `xml`), simply export an `xml` function from `users.js` or add it to the inline object. No route changes are required.\\n- **Middleware Factory:** The `format(path)` helper relies on Node's synchronous `require()` cache. For dynamic or async format loading, replace `require()` with a custom loader or async middleware pattern.\\n- **Data Source:** `db.js` is intentionally minimal. In production, replace the static array with a database query or service call, ensuring the query executes before `res.format()` is invoked.\",\"other-cookie-sessions\":\"# Other \u2014 cookie-sessions\\n\\n# Other \u2014 cookie-sessions\\n\\n## Purpose\\nThis module is a self-contained Express.js example demonstrating stateless, client-side session management using the `cookie-session` middleware. It provides a minimal implementation for tracking per-user state (a page-view counter) without relying on external databases or server-side session stores.\\n\\n## Architecture & Request Flow\\nThe application follows a standard Express middleware pipeline. Incoming HTTP requests pass through the `cookie-session` middleware before reaching route handlers. The middleware intercepts the request, parses the signed session cookie, and attaches a mutable `req.session` object. After the route handler executes, Express automatically serializes the updated session data back into a `Set-Cookie` header on the response.\\n\\n```mermaid\\nflowchart LR\\n A[Client Request] --> B[cookieSession Middleware]\\n B --> C{Parse & Verify Cookie}\\n C -->|Valid| D[Attach req.session]\\n C -->|Missing/Invalid| D\\n D --> E[app.get('/') Handler]\\n E --> F[Increment req.session.count]\\n F --> G[res.send Response]\\n G --> H[Serialize & Set-Cookie]\\n H --> I[Client Response]\\n```\\n\\n## Core Components\\n\\n| Component | Description |\\n|-----------|-------------|\\n| `express()` | Initializes the application instance. Exported via `module.exports` to allow external mounting or testing. |\\n| `app.use(cookieSession({ secret: 'manny is cool' }))` | Registers the session middleware. The `secret` option is required for HMAC signing to prevent client-side tampering. |\\n| `app.get('/', handler)` | Defines the root route. Reads and mutates `req.session.count` on each invocation. |\\n| `res.send()` | Finalizes the HTTP response. Triggers Express's internal response pipeline, which includes session cookie serialization. |\\n| `if (!module.parent)` | Standard Node.js guard that starts the HTTP server on port `3000` only when the file is executed directly. |\\n\\n## Session Mechanics\\nUnlike traditional server-side sessions, `cookie-session` stores the entire session payload in the client's browser cookie. Key behaviors demonstrated in this module:\\n\\n- **Initialization**: `req.session` is automatically created as an empty object if no valid cookie is present.\\n- **State Mutation**: `req.session.count = (req.session.count || 0) + 1` demonstrates safe read-modify-write semantics. The fallback `|| 0` handles first-time visitors.\\n- **Serialization**: On response, the middleware JSON-encodes the session object, signs it with the provided `secret`, and attaches it to the `Set-Cookie` header.\\n- **Constraints**: Session data is limited by browser cookie size restrictions (~4KB). Sensitive data should never be stored here, as it is client-accessible (though cryptographically signed).\\n\\n## Execution & Startup\\nWhen run directly via `node index.js`, the module:\\n1. Exports the Express app instance.\\n2. Evaluates `!module.parent` as `true`.\\n3. Calls `app.listen(3000)` and logs `Express started on port 3000`.\\n4. Begins accepting HTTP requests on `http://localhost:3000`.\\n\\nEach subsequent `GET /` request increments the counter and returns a plain-text response: `viewed N times\\\\n`.\\n\\n## Integration Notes\\n- **Testing & Mounting**: Because the app is assigned to `module.exports`, it can be required in test suites or mounted as a sub-app in larger Express routers without triggering the standalone server.\\n- **Outgoing Calls**: The primary external interaction is `res.send()`, which delegates to Express's response layer for header management, body formatting, and session cookie attachment.\\n- **Middleware Order**: `cookieSession` must be registered before any route that accesses `req.session`. Placing it after route definitions will result in `undefined` session objects.\\n- **Security Considerations**: The hardcoded `secret` is for demonstration only. Production deployments should use environment variables or secure key management for the `secret` option.\",\"other-cookies\":\"# Other \u2014 cookies\\n\\n# Other \u2014 cookies\\n\\n## Overview\\nThis module is an Express.js example demonstrating HTTP cookie management using the `cookie-parser` middleware. It implements a minimal \\\"remember me\\\" workflow to illustrate how to read, set, and clear cookies across request/response cycles, and how to integrate cookie parsing with body parsing middleware.\\n\\n## Middleware Stack\\nThe application configures three middleware functions in sequence. Order is critical for correct request processing:\\n\\n1. **`logger` (morgan)**: Logs incoming requests using the custom format `:method :url`. Automatically disabled when `process.env.NODE_ENV === 'test'`.\\n2. **`cookieParser('my secret here')`**: Parses the `Cookie` header from incoming requests. Populates `req.cookies` with unsigned cookies and `req.signedCookies` with verified signed cookies. The provided secret string is used to verify and sign cookies.\\n3. **`express.urlencoded()`**: Parses `application/x-www-form-urlencoded` payloads from POST requests, making form data available via `req.body`.\\n\\n## Route Handlers\\n\\n### `GET /`\\nChecks for the presence of `req.cookies.remember`:\\n- If truthy: Responds with a confirmation message and a link to `/forget`.\\n- If falsy/missing: Responds with an HTML form containing a `remember` checkbox.\\n\\n### `POST /`\\nProcesses form submissions:\\n- Evaluates `req.body.remember`.\\n- If present, sets a cookie using `res.cookie('remember', 1, { maxAge: 60000 })`. The `maxAge` is set to 60,000ms (1 minute).\\n- Redirects to the `Referrer` header or falls back to `/`.\\n\\n### `GET /forget`\\nClears the session state:\\n- Calls `res.clearCookie('remember')` to instruct the browser to delete the cookie.\\n- Redirects to the `Referrer` header or falls back to `/`.\\n\\n## Cookie Lifecycle & API Usage\\nThe module demonstrates three core Express response methods for cookie management:\\n\\n| Method | Purpose | Usage in Module |\\n|--------|---------|-----------------|\\n| `res.cookie(name, value, options)` | Sets a `Set-Cookie` header | `res.cookie('remember', 1, { maxAge: minute })` |\\n| `res.clearCookie(name)` | Sets an expired `Set-Cookie` header | `res.clearCookie('remember')` |\\n| `req.cookies` | Parsed cookie object | `req.cookies.remember` |\\n\\nThe `cookie-parser` middleware automatically handles cookie decoding and signature verification. When a secret is provided, `cookie-parser` will populate `req.signedCookies` for any cookies prefixed with `s:` and verified against the secret. This example uses unsigned cookies for simplicity.\\n\\n## Request Flow\\n```mermaid\\nflowchart TD\\n A[Client Request] --> B{Method & Path}\\n B -->|GET /| C[Check req.cookies.remember]\\n B -->|POST /| D[Parse req.body via urlencoded]\\n B -->|GET /forget| E[Clear cookie & redirect]\\n \\n C -->|Exists| F[Send 'Remembered' HTML]\\n C -->|Missing| G[Send Form HTML]\\n \\n D --> H{req.body.remember?}\\n H -->|Yes| I[res.cookie maxAge: 60000]\\n H -->|No| J[Skip cookie set]\\n I --> K[Redirect to Referrer]\\n J --> K\\n \\n E --> K\\n```\\n\\n## Running & Testing\\n- **Start server**: `node index.js` (listens on port `3000` when executed directly)\\n- **Module export**: The app is exported via `module.exports = express()` for integration testing or mounting in larger applications.\\n- **Test environment**: Set `NODE_ENV=test` to suppress `morgan` logging during automated test runs.\\n\\n## Production Considerations\\nThis example is intentionally minimal. For production deployments, consider:\\n- **Security flags**: Add `httpOnly: true` and `secure: true` to `res.cookie` options to prevent XSS and enforce HTTPS.\\n- **Secret management**: Replace the hardcoded `'my secret here'` with an environment variable or secure vault.\\n- **CSRF protection**: Pair cookie-based state with CSRF tokens when handling POST requests.\\n- **SameSite attribute**: Set `sameSite: 'lax'` or `'strict'` to mitigate cross-site request forgery.\",\"other-downloads\":\"# Other \u2014 downloads\\n\\n# Other \u2014 Downloads Module\\n\\n## Overview\\nThis module is a standalone Express.js example demonstrating secure file downloads using `res.download()`. It serves files from a designated directory, handles nested paths via wildcard route parameters, and implements explicit error handling to distinguish between missing files and server-level failures.\\n\\n## Request Flow\\nThe module exposes two primary endpoints. The download route processes requests through Express's routing layer, resolves the target file path, and streams the file to the client or triggers an error callback.\\n\\n```mermaid\\nflowchart TD\\n A[Client Request] --> B{Route Match}\\n B -->|GET /| C[Render HTML Index]\\n B -->|GET /files/*| D[Parse req.params.file]\\n D --> E[res.download with root option]\\n E --> F{Callback Result}\\n F -->|Success| G[Stream File to Client]\\n F -->|Non-404 Error| H[next err]\\n F -->|404 Error| I[Custom 404 Response]\\n```\\n\\n## Core Implementation\\n\\n### Route Configuration\\nThe application defines two routes using `app.get()`:\\n- `GET /`: Returns a static HTML list containing direct links to test files, including nested paths and Unicode filenames.\\n- `GET /files/*file`: Captures any path following `/files/` using a wildcard parameter. The `*file` syntax instructs Express to populate `req.params.file` as an array of path segments.\\n\\n### File Download Handler\\nThe download logic relies on `res.download()` with a configuration object:\\n```javascript\\nres.download(req.params.file.join('/'), { root: FILES_DIR }, callback)\\n```\\n- **Path Resolution**: `req.params.file.join('/')` reconstructs the relative path from the array of captured segments (e.g., `['notes', 'groceries.txt']` becomes `'notes/groceries.txt'`).\\n- **Root Directory**: The `{ root: FILES_DIR }` option explicitly sets the base directory for file resolution. `FILES_DIR` is computed using `path.join(__dirname, 'files')` to ensure cross-platform compatibility.\\n- **Callback Execution**: The third argument is a completion callback invoked after the transfer finishes or fails.\\n\\n### Error Handling Strategy\\nThe callback implements a three-tier error resolution pattern:\\n1. **Success**: `if (!err) return;` \u2014 The file was successfully sent. No further action is required.\\n2. **Server/Non-404 Errors**: `if (err.status !== 404) return next(err);` \u2014 Passes permission errors, I/O failures, or malformed requests to Express's default error handler.\\n3. **Missing Files**: `res.statusCode = 404; res.send('Cant find that file, sorry!');` \u2014 Catches `ENOENT` or similar 404-status errors and returns a custom plain-text response.\\n\\n## Security & Path Traversal Prevention\\nThe module mitigates directory traversal attacks by strictly binding file resolution to `FILES_DIR` via the `root` option in `res.download()`. Express automatically normalizes the requested path and rejects any attempts to escape the root directory using `../` sequences. This eliminates the need for manual path validation while maintaining secure file access.\\n\\n## Execution Context & Dependencies\\n- **Dependencies**: `express` (core framework), `node:path` (path resolution)\\n- **Module Pattern**: Uses CommonJS `module.exports = express()` to allow the app to be required by test runners or other modules.\\n- **Standalone Execution**: The `if (!module.parent)` guard ensures the server only starts on port 3000 when executed directly via `node index.js`, preventing port conflicts when imported.\\n- **Call Graph**: The module contains no internal cross-file dependencies. All outgoing calls route directly to Express response methods (`res.send`, `res.download`) and the `next()` error propagation chain.\\n\\n## Running the Example\\n1. Ensure dependencies are installed: `npm install`\\n2. Start the server: `node examples/downloads/index.js`\\n3. Access the index page: `http://localhost:3000`\\n4. Test download behavior:\\n - Valid file: `http://localhost:3000/files/amazing.txt`\\n - Nested file: `http://localhost:3000/files/notes/groceries.txt`\\n - Missing file: `http://localhost:3000/files/missing.txt` (triggers custom 404)\\n - Unicode filename: `http://localhost:3000/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt`\",\"other-ejs\":\"# Other \u2014 ejs\\n\\n# Other \u2014 ejs\\n\\n## Overview\\nThis module demonstrates how to configure an Express.js application to use the EJS templating engine while maintaining `.html` file extensions for views. It covers custom view engine registration, layout composition via includes, static asset serving, and conditional server startup.\\n\\n## View Engine Configuration\\nThe core configuration maps the `.html` extension to EJS's internal rendering method:\\n\\n```javascript\\napp.engine('.html', require('ejs').__express);\\napp.set('view engine', 'html');\\n```\\n\\n- `app.engine('.html', require('ejs').__express)` registers EJS's `__express` function as the handler for `.html` files. This bypasses the default `.ejs` extension requirement.\\n- `app.set('view engine', 'html')` sets the default extension for `res.render()`, allowing calls like `res.render('users')` instead of `res.render('users.html')`.\\n- `app.set('views', path.join(__dirname, 'views'))` explicitly defines the template directory. While Express defaults to `./views`, this ensures predictable resolution regardless of the working directory.\\n\\n## Routing & Data Flow\\nThe application defines a single route that renders a dynamic user list:\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.render('users', {\\n users: users,\\n title: \\\"EJS example\\\",\\n header: \\\"Some users\\\"\\n });\\n});\\n```\\n\\n- `res.render('users', ...)` triggers Express to locate `views/users.html`, compile it through the registered EJS engine, and inject the provided context object.\\n- The context passes an array of user objects (`{ name, email }`) and metadata (`title`, `header`) to the template.\\n\\n## Template Architecture\\nViews are split into reusable partials using EJS includes and interpolation syntax:\\n\\n| File | Purpose | Key EJS Patterns |\\n|------|---------|------------------|\\n| `views/header.html` | Document head & opening body | `<%= title %>` (escaped interpolation) |\\n| `views/users.html` | Main content & iteration | `<%- include('header.html') -%>`, `<% users.forEach(...) %>`, `<%= user.name %>` |\\n| `views/footer.html` | Closing tags | Static HTML closure |\\n\\n**Syntax Notes:**\\n- `<%- include('...') -%>` uses unescaped output (`<%-`) to inject raw HTML partials without double-encoding. The trailing `-` trims surrounding whitespace.\\n- `<%= ... %>` safely escapes HTML entities, preventing XSS when rendering user-provided or dynamic strings.\\n- `<% ... %>` executes JavaScript logic (e.g., `forEach`) without outputting to the template.\\n\\n## Static Asset Serving\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n- Mounts the `public/` directory at the root path (`/`).\\n- `views/header.html` references `/stylesheets/style.css`, which is resolved to `public/stylesheets/style.css` by the static middleware.\\n\\n## Module Execution & Export Pattern\\n```javascript\\nvar app = module.exports = express();\\n\\n/* istanbul ignore next */\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n- `module.exports = express()` allows the file to be required as a module in tests or parent applications without triggering the server.\\n- The `!module.parent` guard ensures `app.listen(3000)` only executes when the file is run directly via `node index.js`.\\n- The `/* istanbul ignore next */` comment excludes the startup block from code coverage instrumentation.\\n\\n## Request Flow\\n```mermaid\\ngraph LR\\n Client[Client Request] --> Route[GET / Handler]\\n Route --> Render[res.render users]\\n Render --> EJS[EJS Engine]\\n EJS --> Header[header.html]\\n EJS --> Users[users.html]\\n EJS --> Footer[footer.html]\\n EJS --> Response[Compiled HTML]\\n```\",\"other-error-pages\":\"# Other \u2014 error-pages\\n\\n# Other \u2014 error-pages\\n\\n## Overview\\nThis module is an Express.js example application demonstrating production-ready error handling, content negotiation, and environment-aware configuration. It illustrates how to intentionally trigger HTTP errors, propagate them through the middleware stack, and render appropriate responses using Express's built-in error-handling patterns and EJS templating.\\n\\n## Request & Error Flow\\nThe application follows a standard Express middleware pipeline. Successful requests are handled by route-specific callbacks. Unmatched routes or explicitly passed errors bypass standard middleware and fall through to dedicated error-handling layers.\\n\\n```mermaid\\nflowchart TD\\n A[Incoming Request] --> B{Route Match?}\\n B -->|Yes| C[Route Handler]\\n B -->|No| D[404 Catch-All Middleware]\\n C -->|next()| D\\n C -->|next(err)| E[500 Error Handler]\\n D --> F[res.format: HTML/JSON/TXT]\\n E --> G[Render 500.ejs]\\n F --> H[Response]\\n G --> H\\n```\\n\\n## Key Components\\n\\n### Configuration & Environment\\nThe application configures view resolution and a custom application setting to control error verbosity:\\n- `app.set('views', path.join(__dirname, 'views'))` and `app.set('view engine', 'ejs')` establish the templating engine.\\n- `app.enable('verbose errors')` creates a custom setting accessible in templates via `settings['verbose errors']`.\\n- Production environments automatically disable verbose output: `if (app.settings.env === 'production') app.disable('verbose errors')`.\\n- Logging is conditionally applied: `silent || app.use(logger('dev'))` suppresses `morgan` output when `NODE_ENV=test`.\\n\\n### Route Handlers (Error Triggers)\\nRoutes are designed to demonstrate different error propagation techniques:\\n- `GET /` renders the landing page (`index.ejs`).\\n- `GET /404` calls `next()` without arguments. Since no subsequent middleware matches, the request falls through to the 404 catch-all.\\n- `GET /403` instantiates an `Error`, attaches `err.status = 403`, and passes it via `next(err)`. This immediately routes to error-handling middleware.\\n- `GET /500` passes a generic error via `next(new Error('keyboard cat!'))`, demonstrating default 500 fallback behavior.\\n\\n### Error-Handling Middleware\\nExpress distinguishes error-handling middleware by its **4-arity signature**: `(err, req, res, next)`.\\n\\n**404 Catch-All**\\n```javascript\\napp.use(function(req, res, next){\\n res.status(404);\\n res.format({ ... })\\n});\\n```\\nPlaced after all standard routes, this handler assumes any request reaching it is unmatched. It sets the HTTP status and delegates response formatting to `res.format()`.\\n\\n**500 Error Handler**\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500);\\n res.render('500', { error: err });\\n});\\n```\\nThis is the final middleware in the stack. It extracts the HTTP status from `err.status` (defaulting to `500`) and renders the error view. Calling `next()` or `next(err)` here would either continue to remaining non-error middleware or re-invoke error handlers, but the example terminates the response directly.\\n\\n### View Templates\\nEJS templates use partials for consistent layout and conditional rendering:\\n- `error_header.ejs` & `footer.ejs`: Shared HTML shell.\\n- `404.ejs`: Displays the requested `url` passed from the middleware.\\n- `500.ejs`: Conditionally renders stack traces:\\n ```ejs\\n <% if (settings['verbose errors']) { %>\\n \n<%= error.stack %><\\/pre>\\n <% } else { %>\\n \nAn error occurred!<\\/p>\\n <% } %>\\n ```\\n\\n## Content Negotiation\\nThe 404 handler uses `res.format()` to serve different representations based on the `Accept` header:\\n- `html`: Renders `404.ejs` with the requested URL.\\n- `json`: Returns `{ error: 'Not found' }` via `res.json()`.\\n- `default`: Sets `Content-Type: text/plain` and sends `'Not found'` via `res.send()`.\\n\\nThis pattern allows the same endpoint to serve browser clients, API consumers, and CLI tools (e.g., `curl`) without duplicating routing logic.\\n\\n## Running & Testing\\nStart the server:\\n```bash\\nnode examples/error-pages/index.js\\n```\\n\\nTest error responses:\\n```bash\\n# Trigger 404 (HTML)\\ncurl http://localhost:3000/notfound\\n\\n# Trigger 404 (JSON)\\ncurl http://localhost:3000/notfound -H \\\"Accept: application/json\\\"\\n\\n# Trigger 403\\ncurl http://localhost:3000/403\\n\\n# Trigger 500\\ncurl http://localhost:3000/500\\n```\\n\\nRun in production mode to verify verbose error suppression:\\n```bash\\nNODE_ENV=production node examples/error-pages/index.js\\n```\",\"other-error\":\"# Other \u2014 error\\n\\n# Other \u2014 Error Module\\n\\n## Overview\\nThis module demonstrates Express.js error handling patterns, focusing on synchronous error throwing, asynchronous error propagation, and the implementation of a centralized error-handling middleware. It serves as a reference implementation for routing exceptions to a dedicated handler while maintaining environment-aware logging.\\n\\n## Execution Flow & Architecture\\nRequests enter the Express router and match defined route handlers. If an error occurs\u2014either synchronously via `throw` or asynchronously via `next(err)`\u2014Express bypasses standard middleware and routes the error to the first registered middleware with a 4-argument signature. The error handler logs the stack trace (conditionally), sets an HTTP 500 status, and terminates the response.\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B{Route Match}\\n B -->|GET /| C[Sync: throw Error]\\n B -->|GET /next| D[Async: next Error]\\n C --> E[Express Error Router]\\n D --> E\\n E --> F[error Middleware]\\n F --> G[res.send 500]\\n```\\n\\n## Key Components\\n\\n### `error(err, req, res, next)`\\nThe core error-handling middleware. Express identifies this function as an error handler strictly by its 4-argument arity.\\n- **Error Logging**: Conditionally outputs `err.stack` to `console.error` when `app.get('env') !== 'test'`.\\n- **Response Handling**: Sets `res.status(500)` and calls `res.send('Internal Server Error')` to terminate the request cycle.\\n- **Signature Requirement**: Must maintain `(err, req, res, next)` exactly. Omitting or reordering parameters will cause Express to treat it as standard middleware, breaking error routing.\\n\\n### Route Handlers\\n- **`app.get('/')`**: Demonstrates synchronous error handling. Uses `throw new Error('something broke!')`. Express automatically catches the thrown exception and passes it down the middleware chain.\\n- **`app.get('/next')`**: Demonstrates asynchronous error handling. Wraps the error propagation in `process.nextTick()` to simulate non-blocking I/O (e.g., database queries or HTTP requests). Explicitly passes the error to `next(new Error('oh no!'))`.\\n\\n### Environment & Configuration\\n- **Test Gating**: `var test = app.get('env') === 'test'` suppresses `morgan` logging and console error output during automated test runs.\\n- **Module Export**: `var app = module.exports = express()` allows the application to be required by test suites or mounted as a sub-app in larger Express architectures.\\n- **Standalone Execution**: The `if (!module.parent)` block starts the server on port 3000 only when the file is executed directly.\\n\\n## Middleware Ordering & Integration\\nThe error handler is registered **after** all route definitions:\\n```javascript\\napp.get('/', ...);\\napp.get('/next', ...);\\napp.use(error); // Must be last\\n```\\nPlacing `app.use(error)` before route definitions will prevent it from receiving errors thrown or passed by those routes. Express evaluates middleware sequentially; error handlers are only invoked when an error is explicitly passed or thrown downstream.\\n\\n## Contributor Guidelines\\n- **Maintain 4-Arity**: Any new error-handling middleware must accept exactly four parameters. Use `(err, req, res, next)` even if `req` or `next` are unused.\\n- **Preserve Order**: Always register error-handling middleware at the end of the middleware stack.\\n- **Async Safety**: Never rely on `try/catch` for asynchronous operations. Always pass errors to `next(err)` to ensure they reach the error handler.\\n- **Environment Checks**: Keep logging and verbose error details gated behind `app.get('env') !== 'test'` to maintain clean CI/CD output.\\n- **Response Termination**: Ensure the error handler calls a response method (`res.send`, `res.json`, `res.end`) to prevent hanging requests.\",\"other-examples\":\"# Other \u2014 examples\\n\\n# Other \u2014 Examples Module\\n\\n## Overview\\nThe `examples/` directory contains a curated collection of standalone Express.js applications. Each subdirectory demonstrates a specific framework capability, common web development pattern, or integration technique. This module serves as a reference implementation, learning resource, and testing ground for developers working with Express.\\n\\n## Example Catalog\\nThe examples are organized by functional domain. Each entry corresponds to a self-contained directory within `examples/`.\\n\\n### Routing & Middleware\\n- `hello-world` \u2014 Simple request handler\\n- `params` \u2014 Working with route parameters\\n- `route-middleware` \u2014 Working with route middleware\\n- `route-separation` \u2014 Organizing routes per each resource\\n- `multi-router` \u2014 Working with multiple Express routers\\n- `route-map` \u2014 Organizing routes using a map\\n- `resource` \u2014 Multiple HTTP operations on the same resource\\n\\n### Sessions, Cookies & Authentication\\n- `auth` \u2014 Authentication with login and password\\n- `cookie-sessions` \u2014 Working with cookie-based sessions\\n- `cookies` \u2014 Working with cookies\\n- `session` \u2014 User sessions\\n- `online` \u2014 Tracking online user activity with `online` and `redis` packages\\n\\n### Views & Templating\\n- `ejs` \u2014 Working with Embedded JavaScript templating (ejs)\\n- `markdown` \u2014 Markdown as template engine\\n- `view-constructor` \u2014 Rendering views dynamically\\n- `view-locals` \u2014 Saving data in request object between middleware calls\\n- `error-pages` \u2014 Creating error pages\\n\\n### HTTP, API & Infrastructure\\n- `content-negotiation` \u2014 HTTP content negotiation\\n- `downloads` \u2014 Transferring files to client\\n- `static-files` \u2014 Serving static files\\n- `search` \u2014 Search API\\n- `web-service` \u2014 Simple API service\\n- `vhost` \u2014 Working with virtual hosts\\n\\n### Architecture & Error Handling\\n- `mvc` \u2014 MVC-style controllers\\n- `error` \u2014 Working with error middleware\\n\\n## Execution Model & Isolation\\nBased on the module's call graph analysis:\\n- **No Internal Calls:** Examples do not import or reference each other. Each directory is a completely isolated Express application.\\n- **No Shared Execution Flows:** There are no cross-module execution paths. Each example initializes its own `express()` instance, configures middleware, and starts an independent HTTP server.\\n- **Dependency Scope:** Dependencies are scoped locally to each example's `package.json`. Running one example does not affect the runtime state of another.\\n\\n## Getting Started\\nTo run any example locally:\\n1. Navigate to the target directory: `cd examples/`\\n2. Install dependencies: `npm install`\\n3. Start the server: `node app.js` (or `node index.js`, depending on the entry point defined in the example)\\n4. Access the application at `http://localhost:` (port configuration varies per example; check the source or console output)\\n\\n## Contribution Guidelines\\nWhen adding or modifying examples:\\n- **Maintain Isolation:** Do not introduce cross-directory imports or shared state. Each example must run independently.\\n- **Document Entry Points:** Ensure the primary server file is clearly named (`app.js` or `index.js`) and includes a startup log indicating the listening port.\\n- **Update Index:** Add new examples to this `README.md` with a concise, one-line description matching the existing format.\\n- **Keep Dependencies Minimal:** Only include packages strictly required to demonstrate the target concept. Avoid bundling unrelated utilities.\\n- **Follow Express Conventions:** Use standard middleware ordering, explicit error handling, and clear route definitions.\\n\\n## Key Patterns Demonstrated\\nThis module covers foundational and advanced Express patterns:\\n- **Middleware Chaining:** Demonstrated in `route-middleware`, `error`, and `view-locals`\\n- **Router Composition:** Illustrated in `multi-router`, `route-separation`, and `route-map`\\n- **State Management:** Covered via `cookies`, `cookie-sessions`, `session`, and `online`\\n- **Response Formatting:** Shown in `content-negotiation`, `downloads`, and `static-files`\\n- **View Engine Integration:** Implemented in `ejs`, `markdown`, and `view-constructor`\\n- **Architectural Layouts:** Structured in `mvc` and `resource`\",\"other-hello-world\":\"# Other \u2014 hello-world\\n\\n# Other \u2014 hello-world\\n\\n## Overview\\nThe `hello-world` module (`examples/hello-world/index.js`) is a minimal, self-contained Express.js application. It demonstrates foundational framework patterns including application initialization, route registration, response handling, and conditional server startup. The module is designed to function both as a standalone executable and as a reusable component for testing or integration.\\n\\n## Usage Patterns\\n\\n### Standalone Execution\\nRun directly via Node.js to start a local HTTP server:\\n```bash\\nnode examples/hello-world/index.js\\n```\\nThe server binds to port `3000` and responds to `GET /` with `Hello World`.\\n\\n### Module Import\\nImport the configured application instance without triggering the server listener:\\n```javascript\\nconst app = require('./examples/hello-world');\\n// Use `app` in test suites, middleware chains, or custom server wrappers\\n```\\n\\n## Architecture & Key Components\\n\\n| Component | Purpose |\\n|-----------|---------|\\n| `express()` | Initializes the core Express application instance. |\\n| `app.get('/', handler)` | Registers a route handler for HTTP `GET` requests to the root path. |\\n| `res.send('Hello World')` | Terminates the request cycle by sending a plain-text response. |\\n| `module.exports = app` | Exposes the application instance for external consumption. |\\n| `if (!module.parent)` | Node.js module guard that detects direct execution vs. `require()`. |\\n| `app.listen(3000)` | Binds the HTTP server to port 3000 when executed directly. |\\n\\n## Execution Flow\\n\\n```mermaid\\nflowchart TD\\n A[Module Load] --> B[Initialize Express App]\\n B --> C[Register GET / Route]\\n C --> D{Run Directly?}\\n D -->|Yes| E[app.listen(3000)]\\n D -->|No| F[Export App Instance]\\n E --> G[Handle Incoming Requests]\\n G --> H[Invoke Route Handler]\\n H --> I[res.send Response]\\n```\\n\\n1. **Initialization**: The module loads, imports the Express framework from the parent directory, and instantiates the application.\\n2. **Route Registration**: A single `GET` route is attached to `/`. The handler receives `(req, res)` and immediately calls `res.send()`.\\n3. **Conditional Startup**: The `!module.parent` check determines execution context. If the file is the entry point, `app.listen(3000)` starts the server. If required elsewhere, the listener is skipped, allowing the exported `app` to be mounted or tested.\\n4. **Request Handling**: Incoming requests matching `GET /` trigger the registered callback, which writes the response and closes the connection.\\n\\n## Testing & Coverage Notes\\n- **Coverage Exclusion**: The `/* istanbul ignore next */` directive explicitly excludes the standalone execution block from code coverage reports. This is intentional, as the block only runs during direct execution and is not part of the module's reusable API.\\n- **Test Compatibility**: Exporting `app` enables standard Express testing patterns. Tools like `supertest` can inject mock requests directly into the exported instance without opening a real network port.\\n- **Dependency Scope**: The module relies solely on the local Express build (`require('../../')`). It contains no internal middleware, error handlers, or additional routing layers, making it a clean baseline for example expansion or framework validation.\",\"other-history-md\":\"# Other \u2014 History.md\\n\\n# History.md \u2014 Express.js Release Changelog\\n\\n## Overview\\n`History.md` serves as the canonical release log and migration reference for the Express.js framework. It documents every public API change, dependency update, security patch, and behavioral adjustment across all major, minor, and patch versions. Developers use this file to:\\n- Plan version upgrades and identify breaking changes\\n- Understand the evolution of request/response contracts\\n- Track dependency lifecycles and security advisories\\n- Verify deprecation timelines and replacement APIs\\n\\n## Format & Conventions\\nThe changelog follows a strict, machine-parseable structure optimized for rapid scanning and automated tooling:\\n\\n| Prefix | Meaning | Example |\\n|--------|---------|---------|\\n| `breaking:` | Incompatible API or behavioral changes requiring code updates | `res.status()` now validates integer range |\\n| `change:` | Modified behavior that remains backward-compatible | `req.query` converted from property to getter |\\n| `add:` | New features, methods, or configuration options | `res.sendStatus()`, `Uint8Array` support in `res.send()` |\\n| `remove:` | Deleted APIs, dependencies, or legacy behaviors | `app.del`, `req.param()`, `express.query` middleware |\\n| `deprecate:` | APIs scheduled for removal in future major versions | `res.redirect(url, status)` \u2192 `res.redirect(status, url)` |\\n| `fix:` | Bug corrections, edge-case handling, or spec compliance | `res.jsonp` handling of `undefined`, `qs` prototype pollution |\\n| `perf:` | Runtime optimizations or reduced overhead | Loop-based `acceptParams`, removed `Buffer` allocations |\\n| `deps:` | Third-party package version bumps or removals | `body-parser@^2.2.1`, removal of `safe-buffer` |\\n\\n## API Evolution & Migration Reference\\n\\n### Response Object (`res.*`)\\nThe response API has shifted from flexible, overloaded signatures to strict, chainable, and type-safe patterns.\\n\\n| Legacy Pattern | Current Pattern | Notes |\\n|----------------|-----------------|-------|\\n| `res.send(body, status)` | `res.status(status).send(body)` | Removed in 5.0.0-alpha.6 |\\n| `res.json(obj, status)` | `res.status(status).json(obj)` | Deprecated in 4.7.0, removed in 5.0.0-alpha.3 |\\n| `res.redirect(url, status)` | `res.redirect(status, url)` | Deprecated in 4.6.0, removed in 5.0.0-alpha.6 |\\n| `res.redirect('back')` | `res.redirect(req.get('Referrer') || '/')` | Magic string removed in 5.0.0 |\\n| `res.sendfile()` | `res.sendFile()` | Deprecated in 4.8.0, requires absolute path or `root` option |\\n| `res.clearCookie(name, { maxAge, expires })` | `res.clearCookie(name)` | `maxAge`/`expires` ignored in v5; cookie is expired immediately |\\n\\n**Recent Behavioral Updates:**\\n- `res.status(code)` now throws `RangeError` for codes outside `100\u2013999` and `TypeError` for non-integers (5.0.0)\\n- `res.send()` natively supports `Uint8Array` payloads (5.1.0)\\n- `res.sendFile()` accepts an `etag` option for cache control (5.1.0)\\n- `res.links()` supports multiple headers with identical `rel` attributes (5.1.0)\\n- `res.redirect()` HTML responses now include proper ``, ``, and `` structure for browser compatibility (Unreleased)\\n\\n### Request & Routing (`req.*`, `app.*`, `Router`)\\nRouting and request parsing have been decoupled from Connect and hardened against prototype pollution and ambiguous parameter resolution.\\n\\n- `req.param(name)` removed; use `req.params`, `req.body`, or `req.query` explicitly (5.0.0-alpha.2)\\n- `req.host` returns `hostname:port`; use `req.hostname` for hostname-only (4.5.0)\\n- `req.query` is now a getter instead of a plain property (5.0.0-alpha.1)\\n- `app.param(fn)` removed; use `app.param(name, fn)` without leading `:` (5.0.0-alpha.2)\\n- `app.set('query parser', parser)` controls parsing strategy:\\n - `'simple'` (default in 5.0.0-beta.1): uses Node's `querystring`\\n - `'extended'`: uses `qs` with depth/length limits\\n - `false`: disables parsing\\n- `Router` now supports `next(\\\"router\\\")` to exit router scope early (4.15.0)\\n- `app.render('view', null, callback)` correctly handles `null` options, matching omitted/empty object behavior (Unreleased)\\n\\n### Application Configuration\\n- `app.set('etag', val)` supports `'weak'`, `'strong'`, `false`, `true`, or a custom generator function (4.4.0)\\n- `app.set('trust proxy', trust)` accepts hop counts, IP ranges, subnets, or `'loopback'` (4.3.0)\\n- `app.set('views', array)` enables sequential view directory lookup (4.10.0)\\n- `app.router` is no longer a configurable middleware; it is a reference to the base router instance (4.0.0)\\n\\n## Security & Dependency Tracking\\nThe changelog explicitly tracks security patches, CVE resolutions, and dependency lifecycle changes.\\n\\n- **CVE Tracking:** Security fixes are linked to CVE records and GitHub Security Advisories (e.g., `CVE-2024-51999`, `CVE-2024-47764`)\\n- **Open Redirect Mitigation:** `res.redirect()` and `res.location()` now validate and encode URLs to prevent allow-list bypasses (4.19.0)\\n- **Query Parser Hardening:** `qs` depth defaults to `32` (previously `Infinity`) to prevent ReDoS and memory exhaustion (4.20.0)\\n- **Prototype Pollution Prevention:** `qs` and `app.set`/`app.get` ignore `Object.prototype` keys (4.17.3, 4.18.0)\\n- **Dependency Pruning:** Legacy polyfills and utilities (`setprototypeof`, `safe-buffer`, `utils-merge`, `methods`, `depd`, `path-is-absolute`) have been removed in favor of native Node.js APIs or modern replacements (5.1.0)\\n\\n## Developer Workflow & Upgrade Strategy\\n\\n1. **Identify Target Version:** Locate the desired version header (e.g., `5.0.0 / 2024-09-10`)\\n2. **Scan for `breaking:` and `remove:` Entries:** These require immediate code changes before upgrading\\n3. **Check `deprecate:` Warnings:** Plan refactoring for the next major release\\n4. **Review `deps:` Updates:** Verify compatibility with your existing middleware stack, especially `body-parser`, `qs`, and `serve-static`\\n5. **Validate Security Patches:** Cross-reference CVE links with your threat model and compliance requirements\\n6. **Test with `app.render` and `res.send` Edge Cases:** Recent fixes address `null` options, `Uint8Array` handling, and Content-Type deduplication\\n\\nWhen contributing to Express, follow the established changelog format. Prefix entries with the appropriate category, link to PRs and issues, and include minimal code examples for breaking changes or new APIs.\",\"other-markdown\":\"# Other \u2014 markdown\\n\\n# Other \u2014 Markdown\\n\\n## Overview\\nThis module demonstrates how to register a custom view engine in Express.js to render Markdown (`.md`) files as HTML. It integrates the `marked` library for parsing and implements a lightweight, secure template interpolation system using `{variable}` syntax. The example serves as a reference for extending Express's view system without relying on third-party templating engines.\\n\\n## Architecture & Request Flow\\nWhen a route calls `res.render()`, Express delegates rendering to the registered `.md` engine. The engine asynchronously reads the file, parses Markdown to HTML, interpolates variables, and returns the result via a callback.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Engine\\n participant FS\\n Client->>Express: GET /\\n Express->>Express: res.render('index', {title})\\n Express->>Engine: app.engine('md', path, options, fn)\\n Engine->>FS: fs.readFile(path, 'utf8')\\n FS-->>Engine: raw markdown string\\n Engine->>Engine: marked.parse() + regex interpolation\\n Engine-->>Express: fn(null, html)\\n Express-->>Client: 200 OK (HTML)\\n```\\n\\n## Core Components\\n\\n### Custom View Engine Registration\\nThe engine is registered using `app.engine('md', callback)`. Express invokes this callback whenever a `.md` view is rendered.\\n\\n```javascript\\napp.engine('md', function(path, options, fn){\\n fs.readFile(path, 'utf8', function(err, str){\\n if (err) return fn(err);\\n var html = marked.parse(str).replace(/\\\\{([^}]+)\\\\}/g, function(_, name){\\n return escapeHtml(options[name] || '');\\n });\\n fn(null, html);\\n });\\n});\\n```\\n\\n**Parameters:**\\n- `path`: Absolute file path to the `.md` template.\\n- `options`: Object containing variables passed from `res.render(view, locals)`.\\n- `fn`: Callback following the `(err, html)` signature expected by Express.\\n\\n**Processing Steps:**\\n1. Reads the template file asynchronously via `fs.readFile`.\\n2. Converts Markdown to HTML using `marked.parse()`.\\n3. Replaces `{placeholder}` patterns with corresponding values from `options`.\\n4. Escapes interpolated values using `escapeHtml` to prevent XSS.\\n5. Returns the final HTML string or propagates errors.\\n\\n### Template Interpolation\\nThe module uses a simple regex-based substitution pattern: `/\\\\{([^}]+)\\\\}/g`. Placeholders in the template are replaced with values from the `options` object. If a key is missing, it defaults to an empty string (`''`).\\n\\n**Example (`views/index.md`):**\\n```markdown\\n# {title}\\n\\nJust an example view rendered with _markdown_.\\n```\\nWhen rendered with `{ title: 'Markdown Example' }`, the output becomes:\\n```html\\n\nMarkdown Example<\\/h1>\\n\nJust an example view rendered with markdown<\\/em>.<\\/p>\\n```\\n\\n### Route Handlers\\n- `GET /`: Successfully renders `index.md` and passes `{ title: 'Markdown Example' }`.\\n- `GET /fail`: Intentionally attempts to render a non-existent `missing.md` file. This triggers the `fs.readFile` error path, demonstrating how errors are propagated to Express via `fn(err)`.\\n\\n## Configuration\\n```javascript\\napp.set('views', path.join(__dirname, 'views'));\\napp.set('view engine', 'md');\\n```\\n- `views`: Sets the directory where Express looks for template files.\\n- `view engine`: Registers `md` as the default extension. This allows `res.render('index')` to automatically resolve to `index.md`.\\n\\n## Error Handling\\nFile system errors (e.g., missing templates, permission issues) are caught in the `fs.readFile` callback and passed directly to `fn(err)`. Express intercepts this error and invokes its default error-handling middleware, typically resulting in a `500 Internal Server Error` response. The `/fail` route explicitly validates this behavior.\\n\\n## Execution & Standalone Usage\\nThe module exports the configured Express application:\\n```javascript\\nvar app = module.exports = express();\\n```\\nIt includes a standard execution guard to allow standalone testing:\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\nRun directly with `node index.js` to start the server. Require it in another module to mount or test the routes.\\n\\n## Dependencies\\n| Package | Purpose |\\n|---------|---------|\\n| `express` | Web framework and view system |\\n| `marked` | Markdown-to-HTML parser |\\n| `escape-html` | HTML entity escaping for safe interpolation |\\n| `node:fs` | Asynchronous file reading |\\n| `node:path` | Cross-platform path resolution |\",\"other-multi-router\":\"# Other \u2014 multi-router\\n\\n# Other \u2014 multi-router\\n\\n## Overview\\nThe `multi-router` module demonstrates Express.js's modular routing architecture using `express.Router()`. It illustrates how to isolate route definitions into separate controller files and mount them at distinct base paths (`/api/v1` and `/api/v2`) within a single Express application. This pattern is standard for API versioning, feature isolation, and maintaining decoupled route hierarchies.\\n\\n## Architecture & File Structure\\n```\\nexamples/multi-router/\\n\u251c\u2500\u2500 index.js # Main application entry point & server bootstrap\\n\u2514\u2500\u2500 controllers/\\n \u251c\u2500\u2500 api_v1.js # Router instance for API v1 endpoints\\n \u2514\u2500\u2500 api_v2.js # Router instance for API v2 endpoints\\n```\\n\\n## Core Components\\n\\n### `controllers/api_v1.js` & `controllers/api_v2.js`\\nBoth controller files follow an identical structural pattern:\\n1. Import Express: `var express = require('../../..');`\\n2. Instantiate an isolated router: `var apiv1 = express.Router();` (or `apiv2`)\\n3. Register route handlers using `router.get(path, callback)`\\n4. Export the router: `module.exports = apiv1;`\\n\\nEach router defines two endpoints:\\n- `GET /` \u2192 Responds with a version-specific root message\\n- `GET /users` \u2192 Responds with a version-specific user list message\\n\\nBoth handlers terminate the request-response cycle using `res.send()`.\\n\\n### `index.js`\\nThe application entry point orchestrates routing and server lifecycle:\\n- Creates the main Express app: `var app = module.exports = express();`\\n- Mounts versioned routers using `app.use(basePath, router)`:\\n ```js\\n app.use('/api/v1', require('./controllers/api_v1'));\\n app.use('/api/v2', require('./controllers/api_v2'));\\n ```\\n- Defines a fallback root route: `app.get('/', function(req, res) { ... })`\\n- Conditionally starts the HTTP server on port `3000` when executed directly:\\n ```js\\n if (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n }\\n ```\\n\\n## Routing & Mounting Behavior\\nExpress routers function as mini-applications. When mounted via `app.use()`, Express automatically prefixes all routes defined within the router with the specified base path. This allows controllers to define routes relative to their own context (`/`, `/users`) while remaining completely agnostic of their final public paths.\\n\\n```mermaid\\ngraph TD\\n App[Express App index.js] -->|/api/v1| V1[api_v1 Router]\\n App -->|/api/v2| V2[api_v2 Router]\\n App -->|/| Root[Root Handler]\\n V1 -->|GET /| V1Root[res.send APIv1 root]\\n V1 -->|GET /users| V1Users[res.send APIv1 users]\\n V2 -->|GET /| V2Root[res.send APIv2 root]\\n V2 -->|GET /users| V2Users[res.send APIv2 users]\\n```\\n\\n## Request Execution Flow\\n1. An incoming HTTP request reaches the Express app instance\\n2. Express evaluates mounted middleware/routers in registration order\\n3. If the request path begins with `/api/v1` or `/api/v2`, Express strips the prefix and delegates control to the corresponding router\\n4. The router matches the remaining path segment against its internal `router.get()` definitions\\n5. The matched handler executes and calls `res.send()` to finalize the response\\n6. Requests targeting `/` bypass both routers and trigger the root handler defined directly in `index.js`\\n\\n## Extension Guidelines\\n- **Adding API Versions:** Create a new controller file following the existing pattern, export the router, and mount it in `index.js` with `app.use('/api/vX', require('./controllers/api_vX'))`.\\n- **Version-Specific Middleware:** Attach middleware directly to the router instance before route definitions (e.g., `apiv1.use(express.json())`). This scopes the middleware exclusively to that version's endpoints.\\n- **Testing:** The exported `app` instance in `index.js` can be passed directly to testing utilities like `supertest`. Mock `req`/`res` objects or use integration tests to verify `res.send()` payloads.\\n- **Standalone Execution:** The `if (!module.parent)` guard ensures the server only starts when the file is run directly via `node index.js`, preventing port conflicts when the module is imported as a dependency.\",\"other-mvc\":\"# Other \u2014 mvc\\n\\n## Module Overview\\n\\nThe `mvc` module is a reference Express.js application demonstrating a convention-over-configuration approach to structuring Model-View-Controller (MVC) applications. It dynamically loads controllers from the `controllers/` directory, automatically generates RESTful routes based on exported method names, and supports per-controller view engine configuration. This module serves as an architectural blueprint for scaling Express apps without manual route registration.\\n\\n## Architecture & Directory Structure\\n\\n```\\nexamples/mvc/\\n\u251c\u2500\u2500 index.js # Main Express app, middleware, and bootstrapper entry\\n\u251c\u2500\u2500 lib/boot.js # Dynamic controller loader and route generator\\n\u251c\u2500\u2500 db.js # In-memory mock database\\n\u251c\u2500\u2500 controllers/ # Modular controller directories\\n\u2502 \u251c\u2500\u2500 main/ # Root redirect controller\\n\u2502 \u251c\u2500\u2500 user/ # User CRUD (uses Handlebars)\\n\u2502 \u251c\u2500\u2500 pet/ # Pet CRUD (uses EJS)\\n\u2502 \u2514\u2500\u2500 user-pet/ # Nested resource creation\\n\u251c\u2500\u2500 views/ # Global error templates (404, 5xx)\\n\u2514\u2500\u2500 public/ # Static assets\\n```\\n\\n## Core Components\\n\\n### Application Entry (`index.js`)\\nInitializes the Express application and configures foundational middleware:\\n- Sets default view engine to `ejs` and global views directory.\\n- Extends `res` with `res.message(msg)` to store flash messages in `req.session.messages`.\\n- Configures `express-session`, `express.urlencoded({ extended: true })`, and `method-override('_method')`.\\n- Injects `messages` and `hasMessages` into `res.locals` for template rendering, then flushes the session array.\\n- Mounts controllers via `require('./lib/boot')(app, { verbose: !module.parent })`.\\n- Defines fallback 404 and 500 error handlers.\\n\\n### Controller Bootstrapper (`lib/boot.js`)\\nThe `boot` function scans `controllers/`, loads each directory as a module, and maps exported functions to Express routes. It respects reserved exports (`name`, `prefix`, `engine`, `before`) and applies the following routing convention:\\n\\n| Exported Method | HTTP Method | Generated URL Pattern |\\n|-----------------|-------------|--------------------------------|\\n| `index` | `GET` | `/` |\\n| `list` | `GET` | `/s` |\\n| `show` | `GET` | `//:_id` |\\n| `edit` | `GET` | `//:_id/edit` |\\n| `update` | `PUT` | `//:_id` |\\n| `create` | `POST` | `/` |\\n\\nIf a controller exports a `before` function, it is injected as middleware before the route handler. The generated routes are mounted on a sub-app and attached to the parent Express instance.\\n\\n### Controllers\\nEach controller is a Node.js module exporting route handlers and optional configuration:\\n- `main/index.js`: Exports `index` to redirect `/` to `/users`.\\n- `user/index.js`: Exports `list`, `show`, `edit`, `update`. Sets `exports.engine = 'hbs'`. Uses `exports.before` to asynchronously load `req.user` from `db.users` based on `req.params.user_id`. Calls `next('route')` if not found.\\n- `pet/index.js`: Exports `show`, `edit`, `update`. Sets `exports.engine = 'ejs'`. Uses `exports.before` to load `req.pet` from `db.pets` via `req.params.pet_id`.\\n- `user-pet/index.js`: Exports `create`. Sets `exports.name = 'pet'` and `exports.prefix = '/user/:user_id'` to create nested routes like `POST /user/:user_id/pet`.\\n\\n### Mock Database (`db.js`)\\nProvides `exports.pets` and `exports.users` arrays with pre-seeded data. Used by controllers to simulate database queries and mutations.\\n\\n## Key Features & Patterns\\n\\n### Flash Messaging System\\nMessages are stored in the session via `res.message('Information updated!')`. A middleware in `index.js` exposes them to templates:\\n```javascript\\nres.locals.messages = req.session.messages || [];\\nres.locals.hasMessages = !!res.locals.messages.length;\\nreq.session.messages = []; // Flush after exposure\\n```\\nTemplates (e.g., `user/views/show.hbs`) conditionally render messages using `{{#if hasMessages}}`.\\n\\n### Per-Controller View Engines\\nWhile the app defaults to `ejs`, individual controllers can override this. The `user` controller sets `exports.engine = 'hbs'`, causing `boot.js` to call `app.set('view engine', 'hbs')` for that sub-app. Views are resolved from `controllers//views/`.\\n\\n### HTTP Method Override\\nHTML forms only support `GET` and `POST`. The app uses `method-override('_method')` to interpret `?_method=put` in form actions as `PUT` requests, enabling RESTful `update` operations.\\n\\n## Request Lifecycle & Routing Flow\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B[Middleware: session/body/method-override]\\n B --> C[boot.js Generated Routes]\\n C --> D{exports.before?}\\n D -->|Yes| E[Run before middleware]\\n D -->|No| F[Route Handler]\\n E --> F\\n F --> G[Render View / Redirect]\\n```\\n\\n## Extending the Module\\n\\nTo add a new resource:\\n1. Create a directory under `controllers/` (e.g., `controllers/article/`).\\n2. Create `index.js` exporting route handlers (`list`, `show`, `create`, etc.).\\n3. Optionally export `before` for pre-route logic, `engine` to change the template engine, or `prefix`/`name` to customize URL generation.\\n4. Add a `views/` subdirectory with templates matching the exported handler names (e.g., `list.ejs`, `show.ejs`).\\n5. Restart the app; `lib/boot.js` will automatically register the routes.\\n\\n## Notes for Contributors\\n- Route generation relies on exact function name matches. Custom handlers outside the convention will throw `unrecognized route: .`.\\n- The `before` middleware must call `next()` to proceed or `next('route')` to skip to the next matching route.\\n- Session secret is hardcoded for example purposes. Replace with environment variables in production.\\n- The mock `db.js` uses array indices as IDs. Real implementations should replace this with a proper ORM or database client.\",\"other-online\":\"# Other \u2014 online\\n\\n# Other \u2014 online\\n\\n## Overview\\nThis module demonstrates how to track and display recently active users in an Express application using the `online` package backed by Redis. It implements a fire-and-forget activity tracking middleware and provides a simple endpoint to query and render the most recent active identifiers.\\n\\n## Prerequisites\\n- Running Redis server (`redis-server`)\\n- npm packages: `express`, `online`, `redis`\\n- Node.js environment\\n\\n## Architecture & Data Flow\\nThe module initializes a Redis client and binds it to the `online` package. An Express middleware intercepts every incoming request, extracts an identifier, and asynchronously records it in Redis. A separate route handler queries the last N active identifiers and renders them as HTML.\\n\\n```mermaid\\ngraph LR\\n Client -->|HTTP Request| Express\\n Express -->|Middleware| online.add\\n online.add -->|Async Write| Redis\\n Express -->|GET /| online.last\\n online.last -->|Sorted Set Query| Redis\\n Redis -->|Return IDs| Express\\n Express -->|res.send| Client\\n```\\n\\n## Key Components\\n\\n### Redis & Online Initialization\\n```javascript\\nvar redis = require('redis');\\nvar db = redis.createClient();\\nonline = online(db);\\n```\\nThe `online` package is instantiated with a Redis client instance. This configuration enables the package to use Redis sorted sets for time-based activity tracking, allowing efficient retrieval of recently active keys.\\n\\n### Activity Tracking Middleware\\n```javascript\\napp.use(function(req, res, next){\\n online.add(req.headers['user-agent']);\\n next();\\n});\\n```\\nThis middleware executes on every request. It calls `online.add()` with the `User-Agent` header as the tracking identifier. The operation is fire-and-forget: it does not await Redis acknowledgment before calling `next()`, ensuring zero latency impact on the request pipeline.\\n\\n**Production Note:** Replace `req.headers['user-agent']` with a stable, unique identifier such as `req.user.id`, session ID, or device token.\\n\\n### Route Handler & Response\\n```javascript\\napp.get('/', function(req, res, next){\\n online.last(5, function(err, ids){\\n if (err) return next(err);\\n res.send('\nUsers online: ' + ids.length + '<\\/p>' + list(ids));\\n });\\n});\\n```\\nThe `GET /` route queries the last 5 active identifiers using `online.last(5, callback)`. Errors are delegated to Express's error handling pipeline via `next(err)`. On success, the response payload is constructed and sent using `res.send()`.\\n\\n### Helper Function\\n```javascript\\nfunction list(ids) {\\n return '\n' + ids.map(function(id){\\n return '\n' + id + '<\\/li>';\\n }).join('') + '<\\/ul>';\\n}\\n```\\nA synchronous utility that transforms an array of identifiers into an HTML unordered list. It is invoked internally by the route handler and contains no external dependencies.\\n\\n## Integration & Extension Guidelines\\n\\n- **Identifier Strategy:** The example uses `User-Agent` for demonstration purposes. For accurate user tracking, integrate with your authentication layer and pass `req.user.id` or equivalent to `online.add()`.\\n- **Error Handling:** The route handler forwards Redis/query errors to Express's default error middleware. Implement custom logging or fallback behavior as required by your application's error policy.\\n- **Performance & Scaling:** `online.add()` is non-blocking, but high-throughput applications should monitor Redis memory consumption. Configure appropriate Redis eviction policies or TTLs if tracking long-term activity. Multiple Express instances can safely share the same Redis backend without additional synchronization.\\n- **Module Boundaries:** This example operates as a standalone Express application. It has no incoming module dependencies and exposes no public API. Internal calls flow from `index.js` to the `list` helper, while outgoing calls delegate to Express's `res.send` for response delivery.\",\"other-package-json\":\"# Other \u2014 package.json\\n\\n# Module: `package.json`\\n\\n## Purpose & Scope\\nThis manifest defines the project metadata, dependency graph, engine constraints, published file boundaries, and development lifecycle scripts for **Express.js v5.2.1**. As a declarative configuration file, it contains no executable logic or internal call graphs. It serves as the single source of truth for dependency resolution, package publishing, and contributor tooling.\\n\\n## Package Identity\\n- **Name:** `express`\\n- **Version:** `5.2.1`\\n- **License:** MIT\\n- **Repository:** `expressjs/express`\\n- **Funding:** OpenCollective (`https://opencollective.com/express`)\\n- **Keywords:** `express`, `framework`, `sinatra`, `web`, `http`, `rest`, `restful`, `router`, `app`, `api`\\n\\n## Runtime Dependency Architecture\\nExpress v5 delegates core HTTP, routing, and response handling to a modular set of upstream packages. Dependencies are pinned to caret (`^`) ranges to allow minor/patch updates while maintaining API compatibility.\\n\\n| Functional Area | Dependencies |\\n|----------------|--------------|\\n| **HTTP & Request Parsing** | `body-parser`, `qs`, `type-is`, `accepts`, `content-type`, `content-disposition` |\\n| **Routing & Middleware Pipeline** | `router`, `finalhandler`, `parseurl`, `merge-descriptors` |\\n| **Response & Static Assets** | `send`, `serve-static`, `mime-types`, `etag`, `fresh`, `range-parser`, `vary` |\\n| **Error Handling & Status Codes** | `http-errors`, `statuses` |\\n| **Cookies & Security** | `cookie`, `cookie-signature`, `proxy-addr` |\\n| **Utilities & Debugging** | `debug`, `depd`, `on-finished`, `once`, `encodeurl`, `escape-html` |\\n\\n## Development & Testing Toolchain\\nThe `devDependencies` block configures the testing, linting, coverage, and integration fixture environment:\\n- **Test Runner & Assertions:** `mocha`, `supertest`, `after`\\n- **Code Coverage:** `nyc`\\n- **Linting:** `eslint`\\n- **Template Engines (Test/Example Fixtures):** `ejs`, `hbs`\\n- **Session & State Management (Integration Tests):** `express-session`, `cookie-parser`, `cookie-session`, `connect-redis`\\n- **HTTP Utilities & Logging:** `morgan`, `method-override`, `vhost`\\n- **Documentation & Auth Fixtures:** `marked`, `pbkdf2-password`\\n\\n## Engine & Distribution Constraints\\n- **Node.js Requirement:** `>= 18.0.0`\\n- **Published Files:** The `files` array restricts the npm package to:\\n - `LICENSE`\\n - `Readme.md`\\n - `index.js` (Primary entry point)\\n - `lib/` (Core framework source)\\n- All other directories (e.g., `test/`, `examples/`, `benchmarks/`, `devDependencies`) are excluded from the published tarball.\\n\\n## Lifecycle Scripts\\n| Command | Description |\\n|---------|-------------|\\n| `npm run lint` | Runs `eslint .` across the project |\\n| `npm run lint:fix` | Runs `eslint . --fix` to auto-correct lint violations |\\n| `npm test` | Executes `mocha` with `test/support/env` preloaded, `spec` reporter, and `--check-leaks` across `test/` and `test/acceptance/` |\\n| `npm run test-ci` | Runs tests with `nyc` coverage (lcovonly + text), excluding `examples`, `test`, and `benchmarks` |\\n| `npm run test-cov` | Generates HTML + text coverage reports via `nyc` |\\n| `npm run test-tap` | Runs tests with the `tap` reporter |\\n\\n## Integration Notes for Contributors\\n- **Entry Point:** `index.js` bootstraps the framework. All core logic resides in `lib/`.\\n- **Dependency Updates:** When upgrading runtime dependencies, verify compatibility with the `router` and `finalhandler` pipelines, as these form the backbone of Express v5's request lifecycle.\\n- **Testing Environment:** The `test/support/env` module (referenced in `npm test`) configures global test state. Always run `npm test` or `npm run test-cov` before submitting PRs to ensure leak checks and coverage thresholds pass.\\n- **No Execution Flow:** This file is purely declarative. It does not participate in runtime call graphs or execution flows. All framework behavior is implemented in `lib/` and orchestrated via `index.js`.\",\"other-params\":\"# Other \u2014 params\\n\\n# `examples/params/index.js` \u2014 Route Parameter Preprocessing\\n\\n## Overview\\nThis module demonstrates Express's `app.param()` middleware for intercepting, validating, and transforming route parameters before they reach the main route handler. It establishes a pattern for preprocessing request data, attaching resolved objects to the request context, and short-circuiting invalid requests with standardized HTTP errors.\\n\\n## Execution Flow & Architecture\\nWhen a request matches a route containing `:user`, `:from`, or `:to`, Express automatically invokes the registered `app.param` middleware. These handlers execute sequentially before the route callback, allowing parameter normalization and data preloading.\\n\\n```mermaid\\ngraph LR\\n A[Incoming Request] --> B{Route Match}\\n B -->|:user| C[app.param('user')]\\n B -->|:from/:to| D[app.param(['to','from'])]\\n C --> E[Route Handler]\\n D --> E\\n E --> F[res.send]\\n```\\n\\nIf a param handler calls `next(err)`, Express skips the route handler and forwards the error to the default error middleware. Successful handlers call `next()` to proceed to the route callback, which then uses the preprocessed data via `req.params` or attached properties like `req.user`.\\n\\n## Parameter Middleware Handlers\\n\\n### Integer Conversion Handler\\n```javascript\\napp.param(['to', 'from'], function(req, res, next, num, name){ ... })\\n```\\n- **Triggered by:** `:from` and `:to` parameters in `/users/:from-:to`\\n- **Behavior:** \\n - Parses the raw string parameter as a base-10 integer using `parseInt(num, 10)`\\n - Assigns the converted value back to `req.params[name]`\\n - Validates the result with `isNaN()`\\n - Calls `next(createError(400, 'failed to parseInt '+num))` on failure\\n - Calls `next()` on success\\n\\n### User Preloading Handler\\n```javascript\\napp.param('user', function(req, res, next, id){ ... })\\n```\\n- **Triggered by:** `:user` parameter in `/user/:user`\\n- **Behavior:**\\n - Uses the parameter value as an array index to fetch from the `users` mock database\\n - Attaches the resolved object to `req.user`\\n - Calls `next(createError(404, 'failed to find user'))` if the index is out of bounds or undefined\\n - Calls `next()` if the user exists\\n\\n## Route Definitions\\n\\n| Route | Handler | Data Source | Response |\\n|-------|---------|-------------|----------|\\n| `GET /` | Index | None | Instructional text |\\n| `GET /user/:user` | User Detail | `req.user` (preloaded) | `user ` |\\n| `GET /users/:from-:to` | User Range | `req.params.from`, `req.params.to` (parsed) | Comma-separated names from `users.slice(from, to + 1)` |\\n\\nThe `/users/:from-:to` route uses a literal hyphen in the path pattern. Express matches it as a single segment, splitting the captured values into `req.params.from` and `req.params.to` after the param middleware processes them.\\n\\n## Integration & Usage\\n- **Export:** `module.exports = express()` allows the app to be mounted in larger Express applications via `app.use('/params', require('./examples/params'))`\\n- **Standalone Execution:** Runs on port `3000` when executed directly (`node index.js`), guarded by `if (!module.parent)`\\n- **Dependencies:** \\n - `express` (core framework)\\n - `http-errors` (standardized error object creation)\\n\\n## Developer Notes & Extension Points\\n- **Callback Signature:** `app.param` handlers receive `(req, res, next, value, name)`. The `value` argument is the raw string from the URL, and `name` is the parameter key.\\n- **Error Propagation:** Errors passed to `next()` bypass route handlers. The `http-errors` package ensures consistent `status` and `message` properties for downstream error middleware.\\n- **Mock Data:** The `users` array is a placeholder. In production, replace the synchronous array lookup with an asynchronous database query, ensuring `next()` is called inside the query callback or `async/await` block.\\n- **Range Logic:** The route handler uses `slice(from, to + 1)` to create an inclusive upper bound. Adjust this logic if exclusive ranges are preferred.\\n- **Response Method:** All routes terminate with `res.send()`, which serializes the string payload and sets appropriate `Content-Type` headers before closing the connection.\",\"other-readme-md\":\"# Other \u2014 Readme.md\\n\\n# Other \u2014 Readme.md\\n\\n## Overview\\nThe `Readme.md` file serves as the primary entry point and public-facing documentation for the Express.js repository. It is a static Markdown artifact that defines the developer onboarding path, installation requirements, canonical usage patterns, and project governance structure. While it contains no executable runtime logic, it acts as the authoritative reference for interacting with the Express ecosystem, tooling, and contribution workflows.\\n\\n## Developer Onboarding & Setup\\nThe module outlines a strict prerequisite and installation workflow:\\n- **Runtime Requirement:** Node.js 18 or higher.\\n- **Project Initialization:** Recommends `npm init` for new projects before dependency installation.\\n- **Installation Command:** `npm install express`\\n- **Quick Start CLI:** Utilizes the `express-generator` package (`npm install -g express-generator@4`) to scaffold applications via `express /tmp/foo && cd /tmp/foo`, followed by `npm install` and `npm start`.\\n\\n## API Entry Point & Usage Pattern\\nThe README establishes the canonical Express application bootstrap pattern:\\n```js\\nimport express from 'express'\\n\\nconst app = express()\\n\\napp.get('/', (req, res) => {\\n res.send('Hello World')\\n})\\n\\napp.listen(3000, () => {\\n console.log('Server is running on http://localhost:3000')\\n})\\n```\\nThis pattern demonstrates the core API surface:\\n- `express()` factory function for application initialization\\n- `app.get(path, handler)` for route definition\\n- `app.listen(port, callback)` for HTTP server binding\\n\\n## Ecosystem & Tooling Integration\\nThe documentation maps Express to its surrounding toolchain and architectural philosophy:\\n- **Template Engines:** Supports 14+ engines via `@ladjs/consolidate`\\n- **HTTP Helpers:** Built-in support for redirection, caching, and content negotiation\\n- **Examples Directory:** Runnable demos located in `examples/` (e.g., `node examples/content-negotiation`)\\n- **Migration Path:** Directs developers to the v5 migration guide for version upgrades\\n- **External Resources:** Links to the official website, GitHub organization, and discussion forums\\n\\n## Contribution & Governance\\nThe module formalizes the project's open-source workflow:\\n- **Testing:** `npm install` followed by `npm test` to execute the test suite\\n- **Security:** Directs vulnerability reports to the official Security Policies and Procedures\\n- **Governance Structure:** Lists active Technical Committee (TC) members, Triagers, and Emeritus contributors\\n- **Documentation Links:** References `GOVERNANCE.md`, `CODE_OF_CONDUCT.md`, and `CONTRIBUTING.md` for policy and workflow details\\n\\n## Execution Context & Call Graph\\nAs a static documentation file, `Readme.md` does not participate in the runtime call graph or execution flow. It contains zero internal, outgoing, or incoming runtime calls. Its function is purely informational, serving as a reference map that points developers to:\\n- Package registry endpoints (`npm install`)\\n- CLI tooling (`express-generator`)\\n- Repository directories (`examples/`)\\n- External documentation and CI/CD status badges (Coveralls, GitHub Actions, OpenSSF Scorecard)\\n\\n## Developer Workflow Diagram\\nThe following diagram illustrates how developers interact with the repository through the guidance provided in this module:\\n\\n```mermaid\\ngraph TD\\n A[Read Readme.md] --> B{Primary Goal}\\n B -->|Install & Run| C[npm install express]\\n B -->|Scaffold App| D[express-generator CLI]\\n B -->|Contribute| E[npm test & PR]\\n C --> F[app.get / app.listen]\\n D --> G[Generated Project]\\n E --> H[CI/CD Validation]\\n```\",\"other-resource\":\"# Other \u2014 resource\\n\\n# Other \u2014 Resource Module\\n\\n## Overview\\nThe `examples/resource/index.js` module demonstrates a custom RESTful resource routing pattern for Express. It extends the Express application instance with an `app.resource()` method that automatically maps HTTP verbs and URL patterns to a controller object. The module includes an in-memory mock data store (`users`) and a sample controller (`User`) to illustrate how route handlers can delegate to controller methods, parse parameters, and format responses.\\n\\nThis module is intended as an educational example and is not a production-ready resource router. It relies on Express routing patterns compatible with older versions of `path-to-regexp` (e.g., `{.:format}` syntax).\\n\\n## Custom Router API: `app.resource(path, obj)`\\nThe module attaches a `resource` method directly to the Express app instance. When invoked, it registers four routes using `this.get()` and `this.delete()`:\\n\\n```javascript\\napp.resource = function(path, obj) {\\n this.get(path, obj.index);\\n this.get(path + '/:a..:b{.:format}', function(req, res){ ... });\\n this.get(path + '/:id', obj.show);\\n this.delete(path + '/:id', function(req, res){ ... });\\n};\\n```\\n\\n### Route Registration\\n| HTTP Method | Path Pattern | Handler / Controller Method |\\n|-------------|-------------------------------|-----------------------------|\\n| `GET` | `/:path` | `obj.index(req, res)` |\\n| `GET` | `/:path/:a..:b{.:format}` | Inline handler \u2192 `obj.range(req, res, a, b, format)` |\\n| `GET` | `/:path/:id` | `obj.show(req, res)` |\\n| `DELETE` | `/:path/:id` | Inline handler \u2192 `obj.destroy(req, res, id)` |\\n\\n## Controller Contract\\nThe `obj` parameter passed to `app.resource()` must implement the following methods. The `User` object in this module serves as the reference implementation:\\n\\n| Method | Signature | Responsibility |\\n|--------|-----------|----------------|\\n| `index` | `(req, res)` | Returns the full collection. Calls `res.send(users)`. |\\n| `show` | `(req, res)` | Returns a single record by `req.params.id`. Handles missing records with `{ error: 'Cannot find user' }`. |\\n| `destroy` | `(req, res, id)` | Deletes a record by numeric `id`. Returns `'destroyed'` or `'Cannot find user'`. |\\n| `range` | `(req, res, a, b, format)` | Returns a slice of the collection from `a` to `b` (inclusive). Supports `json` and `html` formatting. |\\n\\n## Route Resolution & Parameter Parsing\\nThe module uses inline route handlers to bridge Express request objects and the controller contract:\\n\\n- **Range Route (`/:a..:b{.:format}`)**: Parses `req.params.a` and `req.params.b` as base-10 integers using `parseInt(req.params.a, 10)`. Extracts the optional `format` parameter to determine response serialization.\\n- **Delete Route (`/:id`)**: Parses `req.params.id` as an integer before passing it to `obj.destroy()`.\\n- **Show Route (`/:id`)**: Passes `req.params.id` directly to `obj.show()`, which uses it as an array index.\\n\\nAll controller methods ultimately delegate to `res.send()` to terminate the request-response cycle.\\n\\n## Execution Flow\\nRequests flow through Express's routing layer into the registered handlers, which parse parameters and invoke the corresponding controller method. The controller processes the mock data and calls `res.send()`.\\n\\n```mermaid\\nflowchart TD\\n A[Incoming Request] --> B{Route Match}\\n B -->|GET /users| C[obj.index]\\n B -->|GET /users/:id| D[obj.show]\\n B -->|GET /users/:a..:b| E[Inline Handler]\\n B -->|DELETE /users/:id| F[Inline Handler]\\n E --> G[obj.range]\\n F --> H[obj.destroy]\\n C --> I[res.send]\\n D --> I\\n G --> I\\n H --> I\\n```\\n\\nThe call graph confirms that `index.js` delegates to `range` and `destroy`, while all controller methods (`index`, `show`, `range`, `destroy`) funnel into `res.send()`.\\n\\n## Usage Examples\\nThe module exposes a root route (`GET /`) that lists available endpoints. Example interactions:\\n\\n```bash\\n# List all users\\ncurl http://localhost:3000/users\\n\\n# Get user by index\\ncurl http://localhost:3000/users/1\\n\\n# Get range of users (indices 1 to 3)\\ncurl http://localhost:3000/users/1..3\\n\\n# Get range as JSON\\ncurl http://localhost:3000/users/1..3.json\\n\\n# Delete user by index\\ncurl -X DELETE http://localhost:3000/users/1\\n```\\n\\n## Integration & Testing Notes\\n- **Direct Method Invocation**: The `destroy` and `range` methods are referenced externally by other modules (`examples/auth/index.js` and `test/req.range.js` respectively). This indicates they are sometimes imported or called directly for testing or cross-example integration.\\n- **Mock Data State**: The `users` array is module-scoped and mutable. `destroy` permanently removes entries using `delete users[id]`. Subsequent requests to the same index will return `undefined` or trigger the error path.\\n- **Path Syntax Compatibility**: The `/:a..:b{.:format}` pattern uses legacy Express routing syntax. Modern Express applications using `path-to-regexp` v1+ should replace `{.:format}` with `/:format?` or use explicit regex patterns.\\n- **Server Bootstrap**: The module conditionally starts the server on port `3000` when executed directly (`!module.parent`). It exports the `app` instance via `module.exports` for testing or mounting in larger applications.\",\"other-search\":\"# Other \u2014 search\\n\\n# Other \u2014 Search Module\\n\\n## Overview\\nThe **search** module is a lightweight Express.js example demonstrating real-time, client-driven search backed by Redis. It serves a static HTML interface where user keystrokes trigger asynchronous HTTP requests. The server uses the input string as a Redis key, retrieves all members of the corresponding set, and returns them to the browser for immediate display.\\n\\n## Architecture & Data Flow\\nThe module follows a straightforward client-server pattern with Redis acting as an in-memory key-value store.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client as Browser (client.js)\\n participant Server as Express (index.js)\\n participant Redis as Redis DB\\n Client->>Server: GET /search/{:query}\\n Server->>Redis: SMEMBERS {query}\\n Redis-->>Server: Array of members\\n Server-->>Client: res.send(vals)\\n Client->>Client: Update \n with response\\n```\\n\\n## Key Components\\n\\n### Server (`examples/search/index.js`)\\nThe server manages Redis connectivity, data seeding, routing, and static asset delivery.\\n\\n#### Redis Initialization (`initializeRedis`)\\n- Establishes a connection to the local Redis instance via `redis.createClient()`.\\n- Seeds two sets using `db.sAdd()`:\\n - `ferret` \u2192 `['tobi', 'loki', 'jane']`\\n - `cat` \u2192 `['manny', 'luna']`\\n- Wrapped in an `async` function and executed before server startup. Catches connection/seeding errors and terminates the process with `process.exit(1)`.\\n\\n#### Route Handlers\\n- **`GET /search/{:query}`**: Extracts the search term from `req.params.query`. Calls `db.sMembers(query)` to fetch all members of the Redis set matching the exact key. Returns the resulting array via `res.send()`. Redis errors are caught and forwarded to Express's error middleware using `next(err)`.\\n- **`GET /client.js`**: Explicitly serves the frontend script using `res.sendFile(path.join(__dirname, 'client.js'))`. This prevents `express.static()` from exposing server-side files (e.g., `index.js` or template files) that reside in the same directory.\\n\\n#### Server Startup\\n- Uses an async IIFE to `await initializeRedis()` before conditionally calling `app.listen(3000)`.\\n- The `!module.parent` guard ensures the HTTP server only starts when the file is executed directly, not when imported as a dependency.\\n\\n### Client (`examples/search/public/`)\\n- **`index.html`**: Minimal UI containing a `` and a `\n` element for output. Loads `client.js` at the end of the body.\\n- **`client.js`**: Attaches a `keyup` event listener to the search input. On each keystroke, it instantiates an `XMLHttpRequest`, opens a `GET` request to `/search/{search.value}`, and updates the `\n` element's `textContent` when `readyState === 4`.\\n\\n## Setup & Usage\\n1. **Prerequisites**: Install and start a local Redis server (`redis-server`).\\n2. **Dependencies**: Run `npm install redis` in the project root.\\n3. **Execution**: Run `node examples/search/index.js`.\\n4. **Access**: Navigate to `http://localhost:3000`. Typing `ferret` or `cat` into the search box will return the seeded members in real-time.\\n\\n## Implementation Notes\\n- **Route Syntax**: The source defines the route as `/search/{:query}`. Express will parse `:query` as a route parameter, but the literal `{` and `}` characters will be part of the URL path. Adjust to `/search/:query` if standard Express routing is preferred.\\n- **Data Model**: The example relies on exact Redis key matching via `SMEMBERS`. It does not support partial matches, wildcards, or fuzzy search.\\n- **Error Handling**: Search route errors are passed to `next(err)`, relying on Express's default error handler. Initialization failures halt the process to prevent serving an unseeded or disconnected state.\\n- **Static Serving**: `express.static()` is scoped to `public/`, but `/client.js` is explicitly routed to avoid directory traversal risks and unintended file exposure.\\n\\n## Extending the Module\\n- Replace `db.sMembers()` with `db.sScan()` or `db.keys()` to support pattern-based or paginated lookups.\\n- Add input debouncing in `client.js` to throttle `XMLHttpRequest` calls during rapid typing.\\n- Switch `res.send(vals)` to `res.json(vals)` for structured JSON responses.\\n- Externalize Redis connection configuration using environment variables instead of relying on default localhost settings.\",\"other-session\":\"# Other \u2014 session\\n\\n# Other \u2014 Session Module\\n\\n## Purpose\\nDemonstrates HTTP session management in Express using the `express-session` middleware. The module provides two standalone examples: a default in-memory session store and a Redis-backed persistent store. Both examples track per-user page views by attaching state to `req.session`.\\n\\n## Architecture & Components\\nThe module consists of two independent entry points that share identical routing logic but differ in session storage configuration:\\n\\n| File | Storage Backend | Additional Dependencies |\\n|------|----------------|-------------------------|\\n| `examples/session/index.js` | Default `MemoryStore` (in-memory) | `express`, `express-session` |\\n| `examples/session/redis.js` | `connect-redis` (Redis-backed) | `express`, `express-session`, `connect-redis`, `morgan` |\\n\\nBoth files follow the same structural pattern:\\n1. Initialize an Express application via `express()`\\n2. Attach session middleware using `app.use(session({...}))`\\n3. Define a `GET /` route handler that reads/writes `req.session.views`\\n4. Start the HTTP server on port `3000`\\n\\n## Session Middleware Configuration\\nThe `express-session` middleware is configured with identical core options across both examples:\\n\\n```javascript\\napp.use(session({\\n resave: false, // Prevents saving unmodified sessions\\n saveUninitialized: false, // Defers session creation until data is stored\\n secret: 'keyboard cat', // Signs the session ID cookie\\n store: new RedisStore // (redis.js only) Overrides default MemoryStore\\n}));\\n```\\n\\n- `resave: false` avoids race conditions and unnecessary writes when session data hasn't changed.\\n- `saveUninitialized: false` complies with privacy regulations by not creating empty sessions for anonymous visitors.\\n- `secret` is used to cryptographically sign the session cookie. In production, this should be a strong, environment-specific value.\\n\\n## Store Implementations\\n### In-Memory Store (`index.js`)\\nRelies on `express-session`'s built-in `MemoryStore`. Suitable for development and testing. Session data is lost on process restart and does not scale across multiple Node.js instances.\\n\\n### Redis Store (`redis.js`)\\nIntegrates `connect-redis` by passing the `session` module to it, allowing the Redis store to inherit from `session.Store`:\\n```javascript\\nvar RedisStore = require('connect-redis')(session);\\n```\\nThe store instance is passed to the middleware via `store: new RedisStore`. This enables persistent, distributed session storage suitable for production environments.\\n\\n## Request Execution Flow\\nThe following diagram illustrates the request lifecycle for both examples:\\n\\n```mermaid\\ngraph LR\\n A[HTTP Request] --> B[session Middleware]\\n B --> C{req.session exists?}\\n C -->|Yes| D[Load session data]\\n C -->|No| E[Create new session]\\n D --> F[Route Handler GET /]\\n E --> F\\n F --> G[Increment req.session.views]\\n G --> H[res.send HTML Response]\\n```\\n\\n1. Incoming requests pass through the `session` middleware, which parses the session cookie and attaches a `req.session` object.\\n2. The `GET /` route handler checks `req.session.views`. If present, it increments the counter; otherwise, it initializes it to `1` and appends a first-visit message.\\n3. The handler responds using `res.send()`, which serializes the HTML string and ends the response.\\n4. The session middleware automatically persists modified session data before the response completes.\\n\\n## Running the Examples\\n### In-Memory Variant\\n```bash\\nnode examples/session/index.js\\n```\\nThe server starts on `http://localhost:3000`. The `if (!module.parent)` guard ensures the server only starts when the file is executed directly, not when required as a module.\\n\\n### Redis Variant\\nPrerequisites:\\n- Redis server running locally (`redis-server`)\\n- Dependencies installed: `npm install redis connect-redis morgan express-session`\\n\\n```bash\\nnode examples/session/redis.js\\n```\\nThe server starts on `http://localhost:3000` with `morgan` logging enabled in `dev` format. Session state persists across server restarts and is shared across Redis clients.\\n\\n## Integration Notes\\n- These files are standalone examples and do not export middleware or utilities for consumption by other modules.\\n- The `res.send()` calls route through Express's response pipeline. No custom routing or internal module calls are present.\\n- When adapting this pattern for production:\\n - Replace `'keyboard cat'` with a cryptographically secure secret loaded from environment variables.\\n - Configure `connect-redis` with connection options (host, port, password, TTL) as needed.\\n - Consider adding session cookie options (`cookie: { secure: true, httpOnly: true, sameSite: 'strict' }`) for security compliance.\",\"other-static-files\":\"# Other \u2014 static-files\\n\\n# Other \u2014 static-files\\n\\n## Overview\\nThis module is an Express.js example demonstrating how to serve static assets using the built-in `express.static()` middleware. It illustrates three distinct routing patterns for mapping HTTP requests to filesystem directories, along with request logging via `morgan`.\\n\\n## Core Middleware & Configuration\\n\\nThe module relies on `express.static(root)` to intercept incoming requests, check for matching files in the specified directory, and serve them with appropriate MIME types. If no file matches, the middleware calls `next()` to pass control down the stack.\\n\\n### Pattern 1: Direct Root Mapping\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n- **Behavior**: Serves files from `./public` at the root URL path.\\n- **Example**: `GET /js/app.js` \u2192 resolves to `./public/js/app.js`\\n- **Use Case**: Simple applications where static assets share the same base path as API or view routes.\\n\\n### Pattern 2: Prefixed/Mounted Routing\\n```javascript\\napp.use('/static', express.static(path.join(__dirname, 'public')));\\n```\\n- **Behavior**: Mounts the static middleware at `/static`. Express automatically strips the mount path before resolving the file.\\n- **Example**: `GET /static/js/app.js` \u2192 strips `/static` \u2192 resolves to `./public/js/app.js`\\n- **Use Case**: Namespacing static assets to avoid collisions with dynamic routes or API endpoints.\\n\\n### Pattern 3: Multiple Static Directories\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public', 'css')));\\n```\\n- **Behavior**: Registers an additional static directory. Express evaluates middleware in registration order.\\n- **Example**: `GET /style.css` \u2192 resolves to `./public/css/style.css`\\n- **Use Case**: Serving assets from disparate directories without requiring URL prefixes, or overriding files in earlier directories with later ones.\\n\\n## Request Resolution Flow\\n\\nThe following diagram illustrates how incoming requests are evaluated against the registered middleware stack:\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B{Logger: morgan}\\n B --> C{Static: ./public}\\n C -->|File Found| D[Serve File]\\n C -->|Not Found| E{Static: /static -> ./public}\\n E -->|File Found| D\\n E -->|Not Found| F{Static: ./public/css}\\n F -->|File Found| D\\n F -->|Not Found| G[404 / Next Middleware]\\n```\\n\\n## Project Structure\\n```\\nexamples/static-files/\\n\u251c\u2500\u2500 index.js # Express app entry point & middleware configuration\\n\u2514\u2500\u2500 public/ # Root static directory\\n \u251c\u2500\u2500 hello.txt # Plain text asset\\n \u251c\u2500\u2500 js/\\n \u2502 \u2514\u2500\u2500 app.js # JavaScript asset\\n \u2514\u2500\u2500 css/\\n \u2514\u2500\u2500 style.css # Stylesheet asset\\n```\\n\\n## Running & Testing\\n1. Start the server: `node index.js`\\n2. Verify endpoints:\\n - `GET /hello.txt` \u2192 served by Pattern 1\\n - `GET /js/app.js` \u2192 served by Pattern 1\\n - `GET /static/js/app.js` \u2192 served by Pattern 2\\n - `GET /css/style.css` \u2192 served by Pattern 1 (if `public/css` is traversed) or Pattern 3 (direct root mapping)\\n - `GET /style.css` \u2192 served by Pattern 3\\n\\n## Implementation Notes\\n- **Path Resolution**: `path.join(__dirname, 'public')` ensures cross-platform compatibility. Avoid hardcoding forward/backward slashes.\\n- **Middleware Order**: Express evaluates `app.use()` calls sequentially. Place `express.static()` before route handlers if you want static files to take precedence, or after if you want dynamic routes to override them.\\n- **Caching & Headers**: `express.static()` automatically sets `Cache-Control`, `ETag`, and `Last-Modified` headers. These can be customized via the optional `options` object (e.g., `maxAge`, `immutable`).\\n- **Security**: The middleware prevents directory traversal attacks by default. Requests containing `../` are safely rejected or normalized.\",\"other-support\":\"# Other \u2014 support\\n\\n# Other \u2014 Support Module\\n\\n## Overview\\nThe `test/support` module provides foundational utilities for the project's test suite. It handles environment bootstrapping, supplies a lightweight template engine for dynamic test fixtures, and exports assertion factories compatible with `supertest` for validating HTTP responses. This module is strictly internal to the testing infrastructure and is not intended for production use.\\n\\n## Environment Configuration (`env.js`)\\nBootstraps the Node.js process for test execution by setting environment variables before any application code loads:\\n- `NODE_ENV`: Forced to `'test'` to ensure test-specific behavior in dependencies.\\n- `NO_DEPRECATION`: Suppresses deprecation warnings from `body-parser` and `express` to keep test output clean.\\n\\n**Usage:** Require this file at the very beginning of your test runner or entry script:\\n```js\\nrequire('./test/support/env');\\n```\\n\\n## Template Engine (`tmpl.js`)\\nExports a minimal, synchronous-style template renderer designed for generating dynamic test fixtures.\\n\\n### `renderFile(fileName, options, callback)`\\nReads a file from disk and performs variable substitution before returning the result.\\n- **Parameters:**\\n - `fileName` (string): Path to the template file.\\n - `options` (object): Key-value map for variable resolution. Supports dot-notation paths (e.g., `$user.profile.name`).\\n - `callback` (function): Node-style `(err, str)` callback.\\n- **Behavior:**\\n - Uses `fs.readFile` with `utf8` encoding.\\n - Matches variables via `/\\\\$([0-9a-zA-Z\\\\.]+)/g`.\\n - Delegates path resolution to `generateVariableLookup(data)`, which traverses nested objects.\\n - Catches substitution errors and attaches `err.name = 'RenderError'` before invoking the callback.\\n\\n## Assertion Utilities (`utils.js`)\\nExports factory functions that return assertion callbacks compatible with `supertest`'s `.expect()` chain. All assertions use `node:assert` and operate on the `res` object provided by `supertest`.\\n\\n### Body Assertions\\n- `shouldHaveBody(buf)`: Validates that the response body exactly matches the provided `Buffer`. Normalizes string responses to `Buffer` and compares hex representations for strict equality.\\n- `shouldNotHaveBody()`: Asserts that `res.text` is either an empty string or `undefined`.\\n\\n### Header Assertions\\n- `shouldHaveHeader(header)`: Asserts the presence of a header. Performs case-insensitive matching against `res.headers`.\\n- `shouldNotHaveHeader(header)`: Asserts the absence of a header using the same case-insensitive logic.\\n\\n### Version Gating\\n- `shouldSkipQuery(versionString)`: Returns `true` if the Node.js major version is `< 22`. Used to conditionally skip HTTP `QUERY` method tests, as full upstream support was introduced in Node 22.\\n- `getMajorVersion(versionString)`: Internal helper that extracts the major version segment from a semver string.\\n\\n## Test Integration & Call Flow\\nThe assertion utilities are designed to be passed directly into `supertest` chains. The module follows a factory pattern: each exported function returns a closure that captures the expected value and executes the assertion when invoked with a `supertest` response object.\\n\\n```mermaid\\ngraph TD\\n A[Test File] -->|import| B[utils.js]\\n B -->|exports| C[shouldHaveBody]\\n B -->|exports| D[shouldHaveHeader]\\n B -->|exports| E[shouldNotHaveBody]\\n B -->|exports| F[shouldNotHaveHeader]\\n C -->|passed to| G[supertest.expect]\\n D -->|passed to| G\\n E -->|passed to| G\\n F -->|passed to| G\\n H[tmpl.js] -->|renderFile| I[Test Fixtures]\\n I -->|used by| A\\n```\\n\\n**Typical Usage Pattern:**\\n```js\\nconst request = require('supertest');\\nconst { shouldHaveBody, shouldNotHaveHeader } = require('../support/utils');\\n\\nrequest(app)\\n .get('/download')\\n .expect(shouldHaveBody(Buffer.from('expected content')))\\n .expect(shouldNotHaveHeader('x-custom-header'))\\n .end(done);\\n```\\n\\n## Development Notes\\n- **Hex Comparison:** `shouldHaveBody` converts both expected and actual bodies to hex strings before comparison. This avoids encoding pitfalls and ensures byte-level accuracy.\\n- **Header Case-Insensitivity:** HTTP headers are normalized to lowercase in `res.headers`. The assertion helpers automatically call `.toLowerCase()` on the input header name to match this behavior.\\n- **Node Version Gating:** `shouldSkipQuery` is tied to Node 22 due to incomplete `HTTP QUERY` method support in earlier versions. Update the threshold only after verifying upstream Node.js and Express compatibility.\\n- **Error Handling in `tmpl.js`:** The renderer catches template substitution errors and explicitly names them `RenderError`. Test code should check for this error name when validating malformed template inputs.\",\"other-vhost\":\"# Other \u2014 vhost\\n\\n# Other \u2014 vhost Module\\n\\n## Purpose\\nThis module is an Express.js example demonstrating hostname-based routing using the `vhost` middleware. It illustrates how to mount multiple independent Express applications behind a single HTTP server and delegate incoming requests to the appropriate app based on the `Host` header.\\n\\n## Architecture\\nThe module instantiates three separate Express applications:\\n- `main`: Handles requests for the top-level domain (`example.com`)\\n- `redirect`: Handles wildcard subdomain requests (`*.example.com`)\\n- `app`: The root application that exports the server and mounts the `vhost` middleware\\n\\nThe `vhost` middleware acts as a conditional router. It inspects the `Host` header, matches it against registered patterns, and forwards the request to the corresponding mounted application.\\n\\n## Key Components\\n\\n### `main` Application\\nHandles direct requests to `example.com`. Defines two route handlers:\\n- `GET /`: Returns a static greeting via `res.send('Hello from main app!')`\\n- `GET /:sub`: Captures a path parameter and echoes it back\\n\\n### `redirect` Application\\nHandles all subdomain requests matching `*.example.com`. Contains a single catch-all middleware:\\n- Extracts the matched subdomain from `req.vhost[0]` (populated by the `vhost` middleware)\\n- Issues a 302 redirect to `http://example.com:3000/`\\n- Conditionally logs the `req.vhost` object when executed directly (`!module.parent`)\\n\\n### Root `app` & Middleware Mounting\\nThe exported `app` instance registers two `vhost` middleware layers:\\n```javascript\\napp.use(vhost('*.example.com', redirect));\\napp.use(vhost('example.com', main));\\n```\\nOrder matters: Express evaluates middleware sequentially. The wildcard pattern is registered first, ensuring subdomains are intercepted before the exact domain match.\\n\\n## Request Routing Flow\\n```mermaid\\ngraph TD\\n A[Incoming HTTP Request] --> B{vhost Middleware}\\n B -->|Host: *.example.com| C[redirect App]\\n B -->|Host: example.com| D[main App]\\n C --> E[Extract req.vhost[0]]\\n E --> F[302 Redirect to /]\\n D --> G[Route: GET / or GET /:sub]\\n G --> H[res.send Response]\\n```\\n\\n1. Request arrives at the server with a `Host` header\\n2. `vhost` evaluates the hostname against registered patterns\\n3. If matched, `req.vhost` is populated as an array of regex capture groups\\n4. Control is passed to the mounted Express app (`redirect` or `main`)\\n5. The target app's route handlers or middleware execute and terminate the request via `res.send()` or `res.redirect()`\\n\\n## Local Configuration & Execution\\nThe example requires local DNS resolution to simulate virtual hosts. Add the following to `/etc/hosts` (or `C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts`):\\n```\\n127.0.0.1 foo.example.com\\n127.0.0.1 bar.example.com\\n127.0.0.1 example.com\\n```\\n\\nRun the server directly:\\n```bash\\nnode examples/vhost/index.js\\n```\\nThe `!module.parent` guard ensures `morgan` logging and `app.listen(3000)` only execute when the file is run as the entry point, not when required as a module in tests or other scripts.\\n\\n## Integration Notes\\n- **`req.vhost` Structure**: The `vhost` middleware attaches an array to `req.vhost` containing matched capture groups. For `*.example.com`, `req.vhost[0]` holds the subdomain string (e.g., `\\\"foo\\\"`).\\n- **Middleware Order**: Swapping the `vhost` registration order will cause `example.com` requests to incorrectly match the wildcard pattern. Always register specific patterns after wildcards, or use exact matches first if precedence requires it.\\n- **Testing**: When importing this module in test suites, the `module.parent` check prevents port binding conflicts. Route handlers can be tested by passing mock `req`/`res` objects or using `supertest` against the exported `app`.\",\"other-view-constructor\":\"# Other \u2014 view-constructor\\n\\n# Other \u2014 view-constructor\\n\\n## Overview\\nThe `view-constructor` module demonstrates how to override Express's default view resolution and rendering pipeline by providing a custom view constructor. Instead of reading template files from the local filesystem, this implementation fetches Markdown templates directly from a GitHub repository over HTTPS, compiles them using a custom engine, and returns the rendered HTML.\\n\\n## Architecture & Key Components\\n\\n### `GithubView` Constructor\\n```javascript\\nfunction GithubView(name, options)\\n```\\nRegistered via `app.set('view', GithubView)`, this constructor replaces Express's built-in `View` class. It receives the view name and an options object containing the registered template engines and the application's `views` directory setting.\\n\\n**Key Behavior:**\\n- Extracts the appropriate template engine using `options.engines[extname(name)]`.\\n- Constructs a remote file path: `/{root}/master/{name}`. The `root` value corresponds to `app.set('views', '...')`.\\n- Stores `name`, `engine`, and `path` as instance properties for use during rendering.\\n\\n### `GithubView.prototype.render`\\n```javascript\\nGithubView.prototype.render = function(options, fn)\\n```\\nThe core rendering method invoked by Express when `res.render()` is called. It handles asynchronous remote fetching and delegates compilation to the registered engine.\\n\\n**Execution Steps:**\\n1. Configures an HTTPS GET request to `raw.githubusercontent.com` using `this.path`.\\n2. Buffers the incoming response stream with `utf8` encoding.\\n3. On stream `end`, invokes `this.engine(buf, options, fn)`, passing the fetched Markdown, merged locals, and the Express callback.\\n4. Express receives the compiled HTML via `fn(null, html)` and sends the response.\\n\\n## Express Integration (`index.js`)\\n\\nThe application setup configures the custom view system and registers a Markdown processing engine:\\n\\n- **Custom Engine Registration:** `app.engine('md', ...)` registers a `.md` handler using `marked.parse`. The engine also performs basic string interpolation, replacing `{placeholder}` patterns with values from the `options` locals object.\\n- **View Configuration:** \\n - `app.set('views', 'expressjs/express')` defines the GitHub repository path.\\n - `app.set('view', GithubView)` swaps the default view constructor.\\n- **Route Definitions:** \\n - `GET /` renders `examples/markdown/views/index.md` with `{ title: 'Example' }`.\\n - `GET /Readme.md` renders the repository's root `Readme.md`.\\n\\n## Request Lifecycle\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant GithubView\\n participant GitHub API\\n participant MDEngine\\n Client->>Express: GET /\\n Express->>GithubView: new GithubView(name, opts)\\n Express->>GithubView: render(locals, fn)\\n GithubView->>GitHub API: HTTPS GET /{root}/master/{name}\\n GitHub API-->>GithubView: Markdown content\\n GithubView->>MDEngine: engine(content, locals, fn)\\n MDEngine-->>Express: fn(null, html)\\n Express-->>Client: 200 OK (HTML)\\n```\\n\\n## Implementation Notes & Caveats\\n\\n- **Error Handling:** The `https.request` implementation lacks explicit `.on('error', fn)` handlers. Network failures or non-2xx responses will not trigger the Express error callback in this example.\\n- **Branch Hardcoding:** The path construction explicitly uses `/master/`. Modern repositories default to `main`, and branch names should ideally be configurable.\\n- **Caching:** Every request triggers a fresh network call. Production implementations should implement in-memory or HTTP-level caching to avoid rate limits and latency.\\n- **Template Interpolation:** The custom `.md` engine uses a simple regex replacement (`/\\\\{([^}]+)\\\\}/g`). This does not support nested objects, escaping, or complex logic. Consider a dedicated templating engine for production use.\\n- **Extensibility Pattern:** This module serves as a reference for implementing alternative view sources (e.g., databases, CDNs, or remote APIs) by conforming to Express's `(name, options) => { render(options, fn) }` interface.\",\"other-view-locals\":\"# Other \u2014 view-locals\\n\\n# `view-locals` Module\\n\\n## Purpose\\nThe `view-locals` module demonstrates three progressive patterns for fetching asynchronous data and passing it to Express views. It contrasts inline callback nesting with middleware-based approaches, highlighting how `req` and `res.locals` can be used to decouple data fetching from route handlers, improve readability, and enable reusable view context composition.\\n\\n## Core Components\\n\\n| File | Role |\\n|------|------|\\n| `index.js` | Express application entry point. Defines routes, middleware chains, and view configuration. |\\n| `user.js` | Faux data model. Exports the `User` constructor and static async-like methods `User.all(fn)` and `User.count(fn)`. |\\n| `views/index.ejs` | EJS template expecting `title` and `users` locals. Renders a list of filtered users. |\\n\\n### Faux Model (`user.js`)\\n- `User(name, age, species)`: Constructor for user records.\\n- `User.all(fn)`: Simulates a database read. Uses `process.nextTick` to defer execution and invoke `fn(null, users)` with the in-memory array.\\n- `User.count(fn)`: Simulates a count query. Invokes `fn(null, users.length)` asynchronously.\\n- Maintains a static `users` array pre-populated with five `User` instances (three ferrets, two cats).\\n\\n### View Template (`views/index.ejs`)\\nExpects two locals:\\n- `title`: String rendered in `` and `\n`.\\n- `users`: Array of user objects. Iterates via `users.forEach()` to display `name`, `age`, and `species`.\\n\\n## Data-Passing Patterns\\n\\nThe module implements three routes, each demonstrating a different strategy for assembling view data.\\n\\n### 1. Inline Callback Nesting (`GET /`)\\n```javascript\\napp.get('/', function(req, res, next){\\n User.count(function(err, count){\\n if (err) return next(err);\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.render('index', {\\n title: 'Users',\\n count: count,\\n users: users.filter(ferrets)\\n });\\n })\\n })\\n});\\n```\\n- **Behavior**: Fetches data sequentially in nested callbacks. Filters users inline using the `ferrets(user)` helper.\\n- **Trade-offs**: High coupling between data fetching and rendering. Deep nesting reduces readability. Error handling is explicit but repetitive.\\n\\n### 2. Request-Scoped Middleware (`GET /middleware`)\\n```javascript\\nfunction count(req, res, next) { /* attaches req.count */ }\\nfunction users(req, res, next) { /* attaches req.users */ }\\n\\napp.get('/middleware', count, users, function (req, res) {\\n res.render('index', {\\n title: 'Users',\\n count: req.count,\\n users: req.users.filter(ferrets)\\n });\\n});\\n```\\n- **Behavior**: `count` and `users` middleware attach data to the `req` object. The final handler reads from `req`, applies filtering, and renders.\\n- **Trade-offs**: Eliminates callback nesting. Data remains available across the middleware chain. Filtering stays in the route handler, preserving flexibility.\\n\\n### 3. Response-Scoped Locals (`GET /middleware-locals`)\\n```javascript\\nfunction count2(req, res, next) { /* attaches res.locals.count */ }\\nfunction users2(req, res, next) { /* attaches res.locals.users (filtered) */ }\\n\\napp.get('/middleware-locals', count2, users2, function (req, res) {\\n res.render('index', { title: 'Users' });\\n});\\n```\\n- **Behavior**: Middleware writes directly to `res.locals`. Express automatically merges `res.locals` into the view context, so `res.render()` only needs to pass `title`.\\n- **Trade-offs**: Cleanest route handler. Best for routes sharing identical view payloads. Filtering is moved to middleware, which may reduce flexibility if different routes require different subsets of the same data.\\n\\n## Middleware & Locals Lifecycle\\n\\nExpress provides two primary attachment points for request-scoped data:\\n- `req.*`: Persists across middleware and route handlers. Ideal for raw data that may be transformed differently per route.\\n- `res.locals`: Automatically exposed to the view engine. Ideal for pre-formatted data, session state, or authentication context.\\n\\nThe module includes commented patterns for applying locals at different scopes:\\n```javascript\\n// Global: applies to all routes\\napp.use(function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n\\n// Path-scoped: applies to /api/* routes\\napp.use('/api', function(req, res, next){ ... });\\napp.all('/api/*', function(req, res, next){ ... });\\n```\\n\\n## Execution Flow\\n\\nThe following diagram illustrates the middleware chain for the `/middleware-locals` route, which represents the most idiomatic Express pattern demonstrated:\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant count2\\n participant users2\\n participant RouteHandler\\n participant EJS\\n\\n Client->>Express: GET /middleware-locals\\n Express->>count2: Execute middleware\\n count2->>User.count: Fetch count (async)\\n User.count-->>count2: Return count\\n count2->>Express: res.locals.count = count; next()\\n Express->>users2: Execute middleware\\n users2->>User.all: Fetch users (async)\\n User.all-->>users2: Return users\\n users2->>Express: res.locals.users = filtered; next()\\n Express->>RouteHandler: Execute route\\n RouteHandler->>EJS: res.render('index', {title})\\n EJS-->>Client: Rendered HTML\\n```\\n\\n## Integration & Extension Guidelines\\n\\n1. **Replace Faux Model**: Swap `User.all` and `User.count` with real database queries (e.g., `mongoose`, `pg`, `sequelize`). Maintain the `fn(err, data)` callback signature or convert to `async/await` with `try/catch` and `next(err)`.\\n2. **Error Handling**: All middleware consistently uses `if (err) return next(err);`. Ensure downstream error-handling middleware is registered to catch and format these errors.\\n3. **Filtering Strategy**: \\n - Use `req.*` middleware when routes need different transformations of the same dataset.\\n - Use `res.locals` middleware when multiple routes render the same view with identical data shapes.\\n4. **View Context Merging**: Express merges `res.locals` with the object passed to `res.render()`. Route-level locals override `res.locals` if keys collide.\\n5. **Performance**: The example uses `process.nextTick` to simulate async I/O. In production, ensure database connections are pooled and queries are optimized to avoid blocking the event loop.\",\"other-web-service\":\"# Other \u2014 web-service\\n\\n# Other \u2014 web-service\\n\\n## Overview\\nA standalone Express.js example demonstrating foundational patterns for building JSON APIs. The module implements API key validation, route parameter extraction, custom error propagation, and centralized error/404 handling. It serves as a reference for middleware composition and request lifecycle management in Express.\\n\\n## Request Processing Flow\\nAll requests targeting the `/api` namespace pass through a validation gate before reaching route handlers. Successful validation attaches metadata to the request object. Route handlers return JSON responses via `res.send()`. Unhandled errors or unmatched routes cascade to dedicated fallback middleware.\\n\\n## Core Components\\n\\n### API Key Validation Middleware\\nMounted at `/api`, this middleware intercepts all prefixed requests:\\n```javascript\\napp.use('/api', function(req, res, next){ ... })\\n```\\n- Extracts `api-key` from `req.query`\\n- Returns `400` if the key is missing\\n- Returns `401` if the key is not found in the `apiKeys` array\\n- On success, attaches the validated key to `req.key` and calls `next()`\\n\\n### Route Handlers\\nThree `GET` endpoints expose the in-memory data:\\n- `GET /api/users` \u2192 Returns the `users` array\\n- `GET /api/repos` \u2192 Returns the `repos` array\\n- `GET /api/user/:name/repos` \u2192 Extracts `req.params.name`, looks up `userRepos[name]`, and returns the result. Calls `next()` if the user is not found, allowing the request to fall through to the 404 handler.\\n\\n### Error & Fallback Handling\\nExpress distinguishes error-handling middleware by arity (4 parameters):\\n```javascript\\napp.use(function(err, req, res, next){ ... })\\n```\\n- Catches errors passed via `next(err)`\\n- Reads `err.status` (defaults to `500` if undefined)\\n- Responds with `{ error: err.message }`\\n\\nA final 2-parameter middleware acts as a catch-all 404 handler:\\n```javascript\\napp.use(function(req, res){ ... })\\n```\\n- Executes only if all preceding middleware and routes call `next()` without sending a response\\n- Returns `404` with `{ error: \\\"Sorry, can't find that\\\" }`\\n\\n### Error Factory\\nThe `error(status, msg)` helper creates standard `Error` instances augmented with a `.status` property. This pattern aligns with Connect/Express conventions, allowing downstream error handlers to inspect HTTP status codes directly on the error object.\\n\\n## Data Structures\\nThe module uses in-memory objects to simulate a database layer:\\n- `apiKeys`: Array of valid keys (`['foo', 'bar', 'baz']`)\\n- `users`: Array of user objects\\n- `repos`: Array of repository objects\\n- `userRepos`: Object mapping usernames to arrays of repository objects\\n\\n## Execution & Module Export\\nThe application instance is exported for testing or composition:\\n```javascript\\nvar app = module.exports = express();\\n```\\nThe server only starts when executed directly:\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\nThis pattern allows the module to be `require()`d in test suites without binding to a port, while remaining runnable as a standalone script.\\n\\n## Middleware Pipeline\\n```mermaid\\ngraph TD\\n A[Client Request] --> B{Path starts with /api?}\\n B -->|No| C[404 Fallback]\\n B -->|Yes| D[API Key Validation]\\n D -->|Invalid/Missing| E[Error Handler]\\n D -->|Valid| F[Route Handler]\\n F -->|Match Found| G[res.send JSON]\\n F -->|No Match| C\\n E --> H[Return Error JSON]\\n C --> I[Return 404 JSON]\\n```\",\"overview\":\"# express \u2014 Wiki\\n\\n# Express\\n\\nWelcome to the Express documentation. Express is a fast, unopinionated, minimalist web framework for Node.js. It provides a robust set of features for building web and mobile applications while keeping the core lightweight, flexible, and easy to extend.\\n\\n## Quick Start\\n\\nInstall Express in your project directory:\\n```bash\\nnpm install express\\n```\\n\\nCreate a basic server:\\n```javascript\\nconst express = require('express');\\nconst app = express();\\nconst port = 3000;\\n\\napp.get('/', (req, res) => {\\n res.send('Hello World!');\\n});\\n\\napp.listen(port, () => {\\n console.log(`Server running at http://localhost:${port}`);\\n});\\n```\\n\\n## Architecture Overview\\n\\nExpress is built around a prototype-mixing architecture that extends Node.js's native HTTP primitives. When a request arrives, the framework instantiates a callable application object, attaches extended request and response prototypes, and passes control through a configurable middleware stack.\\n\\n```mermaid\\ngraph TD\\n NodeHTTP[Node.js HTTP] --> App[Application Core]\\n App --> Req[Request API]\\n App --> Res[Response API]\\n App --> View[View Rendering]\\n App --> Utils[Utilities]\\n Req --> Utils\\n Res --> Utils\\n Res --> View\\n```\\n\\nThe [Application Core](application-core.md) serves as the central factory and lifecycle manager. It initializes the `app` object, handles configuration, mounts middleware, delegates routing, and bootstraps the underlying HTTP server.\\n\\nIncoming requests and outgoing responses are enhanced by the [Request API](request-api.md) and [Response API](response-api.md) modules. These extend `http.IncomingMessage` and `http.ServerResponse` respectively, adding Express-specific methods for header management, content negotiation, proxy resolution, and chainable response handling.\\n\\nTemplate rendering is abstracted through the [View Rendering](view-rendering.md) module, which dynamically loads engines, resolves file paths, and executes templates asynchronously. It is invoked internally by `app.render()` and `res.render()`.\\n\\nSupporting all of these layers is the [Utilities](utilities.md) module, which provides internal helpers for HTTP method normalization, ETag generation, query parsing, proxy trust evaluation, and configuration compilation.\\n\\n## Development & Testing\\n\\nThe repository includes a suite of npm scripts to streamline development and ensure code quality:\\n\\n- `npm run lint` / `npm run lint:fix` \u2014 Check and automatically fix code style issues\\n- `npm test` \u2014 Run the full test suite\\n- `npm run test-ci` \u2014 Run tests optimized for continuous integration environments\\n- `npm run test-cov` \u2014 Generate test coverage reports\\n- `npm run test-tap` \u2014 Run tests using the TAP reporter\\n\\nFor detailed contribution guidelines, security reporting procedures, and team information, please refer to the project's [Contributing](contributing.md) and [Code of Conduct](code-of-conduct.md) pages.\\n\\n## Next Steps\\n\\n- Dive into the [Application Core](application-core.md) to understand routing, middleware mounting, and server initialization.\\n- Explore the [Request API](request-api.md) and [Response API](response-api.md) to see how Express extends native HTTP objects.\\n- Review the [View Rendering](view-rendering.md) documentation for template engine integration.\\n- Check out the official [Express.js website](https://expressjs.com/) for guides, API references, and community resources.\",\"request-api\":\"# Request API\\n\\n# Request API Module (`lib/request.js`)\\n\\n## Overview\\nThe Request API module extends Node.js's native `http.IncomingMessage` prototype to provide Express-specific request handling capabilities. It exports a prototype object (`req`) that is mixed into every incoming HTTP request. The module adds methods and lazy-evaluated properties for header access, content negotiation, proxy resolution, URL parsing, and cache validation, while maintaining strict compatibility with the underlying Node.js HTTP implementation.\\n\\n## Architecture & Prototype Extension\\nThe module creates its prototype via `Object.create(http.IncomingMessage.prototype)` and attaches all custom functionality directly to it. This design ensures that:\\n- Native `IncomingMessage` properties and methods remain fully accessible.\\n- Express-specific features are added without modifying Node.js core objects.\\n- Performance is optimized through lazy evaluation: expensive operations (query parsing, proxy resolution, header normalization) are deferred until the property is first accessed.\\n\\n```mermaid\\ngraph TD\\n IncomingMessage[http.IncomingMessage] -->|extends| req[req Prototype]\\n req -->|lazy evaluation| defineGetter[defineGetter]\\n req -->|content negotiation| accepts[accepts]\\n req -->|type checking| typeis[type-is]\\n req -->|proxy resolution| proxyaddr[proxy-addr]\\n req -->|cache validation| fresh[fresh]\\n req -->|URL parsing| parseurl[parseurl]\\n req -->|range parsing| rangeparser[range-parser]\\n appConfig[Express App Settings] -->|trust proxy, query parser, subdomain offset| req\\n```\\n\\n## API Reference\\n\\n### Header Access\\n| Method | Description |\\n|--------|-------------|\\n| `req.get(name)` / `req.header(name)` | Retrieves a request header by name. Case-insensitive. Special-cased to handle both `Referer` and `Referrer` interchangeably. Throws `TypeError` if `name` is missing or not a string. |\\n\\n### Content Negotiation\\nAll negotiation methods wrap the `accepts` library and return the best matching type, an array of matches, or `false` if none are acceptable.\\n\\n| Method | Description |\\n|--------|-------------|\\n| `req.accepts(...types)` | Checks `Accept` header. Accepts MIME types, extensions, or arrays. |\\n| `req.acceptsEncodings(...encodings)` | Checks `Accept-Encoding` header. |\\n| `req.acceptsCharsets(...charsets)` | Checks `Accept-Charset` header. Supports comma-delimited strings or multiple arguments. |\\n| `req.acceptsLanguages(...languages)` | Checks `Accept-Language` header. |\\n\\n### Content-Type Validation\\n| Method | Description |\\n|--------|-------------|\\n| `req.is(...types)` | Checks if the incoming `Content-Type` matches the given MIME type(s). Uses `type-is`. Supports flattened arguments or arrays. Returns the matched type string, `false`, or `null` if no `Content-Type` is present. |\\n\\n### URL & Query Parsing\\n| Property/Method | Description |\\n|-----------------|-------------|\\n| `req.path` | Returns the URL pathname. Uses `parseurl` for efficient caching. |\\n| `req.query` | Parses the query string using the app's configured `query parser fn`. Returns an empty object if parsing is disabled. |\\n| `req.range(size, options)` | Parses the `Range` header. Returns `undefined` if missing, `-1` if unsatisfiable, `-2` if syntactically invalid, or an array of `{start, end}` objects. Supports `options.combine` to merge overlapping ranges. |\\n\\n### Proxy & Network Resolution\\nAll network-related getters respect the `trust proxy` application setting. When enabled, they prioritize `X-Forwarded-*` headers over socket-level data.\\n\\n| Property | Description |\\n|----------|-------------|\\n| `req.protocol` | Returns `\\\"http\\\"` or `\\\"https\\\"`. Falls back to `X-Forwarded-Proto` if trusted. |\\n| `req.secure` | Boolean shorthand for `req.protocol === 'https'`. |\\n| `req.ip` | Returns the remote IP address. Uses `proxy-addr` to resolve trusted proxy chains. |\\n| `req.ips` | Returns an array of IP addresses from the client to the furthest trusted proxy, ordered closest to farthest. |\\n| `req.host` | Returns the `Host` header value. Falls back to `X-Forwarded-Host` if trusted. Handles comma-separated proxy lists safely. |\\n| `req.hostname` | Extracts the hostname from `req.host`, stripping port numbers and handling IPv6 literals (`[::1]`). |\\n| `req.subdomains` | Returns an array of subdomains. Splits `req.hostname` by `.` and slices based on the `subdomain offset` app setting. Returns `[]` for IP addresses. |\\n\\n### Cache & Request State\\n| Property | Description |\\n|----------|-------------|\\n| `req.fresh` | Returns `true` if the request is cacheable (`GET`/`HEAD`) and the response's `ETag` or `Last-Modified` headers match the request's conditional headers. Uses the `fresh` library. |\\n| `req.stale` | Boolean inverse of `req.fresh`. |\\n| `req.xhr` | Returns `true` if `X-Requested-With` header equals `xmlhttprequest` (case-insensitive). |\\n\\n## Internal Mechanics\\n\\n### Lazy Evaluation via `defineGetter`\\nThe private `defineGetter(obj, name, getter)` function uses `Object.defineProperty` to attach properties with `configurable: true`, `enumerable: true`, and a custom `get` function. This pattern ensures:\\n- Zero overhead for unused properties.\\n- Consistent API surface across all request objects.\\n- Safe re-evaluation if underlying headers or app settings change mid-request (though typically headers are static per request).\\n\\n### Application Settings Integration\\nSeveral getters dynamically query the Express application instance (`this.app`) at access time:\\n- `this.app.get('trust proxy fn')`: Determines whether to trust `X-Forwarded-*` headers for `protocol`, `ip`, `ips`, `host`, and `hostname`.\\n- `this.app.get('query parser fn')`: Supplies the parsing function for `req.query`.\\n- `this.app.get('subdomain offset')`: Controls how many trailing domain parts are excluded from `req.subdomains`.\\n\\nThis design allows runtime configuration changes to affect request behavior without requiring prototype mutation or server restarts.\\n\\n## Integration Notes\\n- **Attachment:** The exported `req` prototype is typically assigned to `app.request` in Express's initialization phase and mixed into `http.IncomingMessage` instances during request creation.\\n- **Execution Flow:** The module itself contains no runtime execution logic. All methods and getters execute per-request when invoked or accessed. The only internal call graph edge is `req` \u2192 `defineGetter` during module initialization.\\n- **Error Handling:** `req.get()` explicitly validates input types. Other methods rely on underlying libraries (`accepts`, `type-is`, `range-parser`) to handle malformed headers gracefully, returning `false`, `undefined`, or numeric error codes as documented.\\n- **Extensibility:** Developers can safely add custom properties to `req` by extending the exported prototype before the server starts listening, or by using middleware that attaches properties to `req` at runtime.\",\"response-api\":\"# Response API\\n\\n# Response API (`lib/response.js`)\\n\\n## Overview\\nThe `Response` module extends Node.js's native `http.ServerResponse.prototype` to provide Express-specific response handling capabilities. It exposes a chainable API for setting status codes, managing headers, transmitting data (strings, JSON, buffers), streaming files, handling cookies, performing redirects, and rendering views. The module is instantiated once and attached to every incoming request's `res` object during the Express routing lifecycle.\\n\\n## Architecture & Prototype Chain\\n```javascript\\nvar res = Object.create(http.ServerResponse.prototype)\\nmodule.exports = res\\n```\\nThe module uses prototypal inheritance to augment `http.ServerResponse`. All methods return `this` to enable method chaining. The prototype relies on several external utilities (`mime-types`, `content-disposition`, `send`, `vary`, `cookie`, `on-finished`) and reads runtime configuration from `this.app` and `this.req`.\\n\\n## Core Methods\\n\\n### Status & Header Management\\n| Method | Description |\\n|--------|-------------|\\n| `res.status(code)` | Validates and sets `this.statusCode`. Throws `TypeError` for non-integers and `RangeError` for codes outside `100\u2013999`. |\\n| `res.set(field, val)` / `res.header()` | Sets headers. Automatically expands `Content-Type` via `mime.contentType()`. Accepts objects for bulk setting. |\\n| `res.get(field)` | Alias for `this.getHeader(field)`. |\\n| `res.append(field, val)` | Appends values to existing headers, handling array/string concatenation safely. |\\n| `res.vary(field)` | Adds `field` to the `Vary` header using the `vary` package. Ignores duplicates. |\\n| `res.links(links)` | Constructs and sets the `Link` header. Supports arrays for multiple links per relation. |\\n\\n### Data Transmission\\n| Method | Description |\\n|--------|-------------|\\n| `res.send(body)` | Core transmission method. Handles strings, buffers, booleans, numbers, and objects. Automatically sets `Content-Type`, calculates `Content-Length`, generates ETags (if configured), and strips payload headers for `204`, `205`, and `304` responses. |\\n| `res.json(obj)` | Serializes `obj` to JSON, sets `Content-Type: application/json`, and delegates to `res.send()`. |\\n| `res.jsonp(obj)` | Wraps JSON in a callback function. Extracts callback name from `req.query[app.get('jsonp callback name')]`. Includes Rosetta Flash mitigation (`/**/ typeof ...`) and escapes U+2028/U+2029. |\\n| `res.sendStatus(statusCode)` | Sets status and sends the standard HTTP status message (or numeric fallback) as `text/plain`. |\\n\\n### File Transfer & Streaming\\n| Method | Description |\\n|--------|-------------|\\n| `res.sendFile(path, options, callback)` | Streams a file using the `send` module. Requires absolute paths or `options.root`. Wires app-level `etag` setting. Handles errors via `next()` or callback. |\\n| `res.download(path, filename, options, callback)` | Wrapper around `res.sendFile()` that automatically sets `Content-Disposition: attachment`. Supports flexible argument ordering for `filename`, `options`, and `callback`. |\\n\\n### Content Negotiation\\n| Method | Description |\\n|--------|-------------|\\n| `res.format(obj)` | Matches `req.accepts()` against object keys. Sets `Content-Type` and invokes the matched handler. Falls back to `obj.default` or throws a `406 Not Acceptable` error via `createError`. |\\n| `res.type(type)` / `res.contentType()` | Resolves MIME types via `mime.contentType()`. Falls back to `application/octet-stream` if unmapped. |\\n| `res.attachment(filename)` | Sets `Content-Disposition: attachment` and infers `Content-Type` from the file extension. |\\n\\n### Cookies & Redirects\\n| Method | Description |\\n|--------|-------------|\\n| `res.cookie(name, value, options)` | Serializes cookies using the `cookie` package. Supports `maxAge` \u2192 `expires` conversion, signed cookies (`s:` prefix via `cookie-signature`), and JSON values (`j:` prefix). Requires `req.secret` for signed cookies. |\\n| `res.clearCookie(name, options)` | Expires a cookie by setting `expires: new Date(1)` and removing `maxAge`. |\\n| `res.location(url)` | Sets the `Location` header with URL encoding via `encodeurl`. |\\n| `res.redirect(url)` | Performs HTTP redirects (default `302`). Supports `res.redirect(status, url)`. Generates `text/plain` or `text/html` fallback bodies based on `Accept` headers. |\\n\\n### View Rendering\\n| Method | Description |\\n|--------|-------------|\\n| `res.render(view, options, callback)` | Delegates to `app.render()`. Merges `res.locals` into `opts._locals`. If no callback is provided, automatically sends the rendered string with `200 OK`. |\\n\\n## Internal Helpers & Execution Flow\\n\\n### `sendfile(res, file, options, callback)`\\nManages the lifecycle of file streams created by `res.sendFile()` and `res.download()`. It attaches event listeners to the `send` stream and uses `on-finished` to monitor the response socket.\\n\\n```mermaid\\ngraph TD\\n A[sendfile] --> B[file.pipe res]\\n A --> C[on-finished]\\n C --> D{onfinish}\\n D -->|ECONNRESET| E[onaborted]\\n D -->|Other Error| F[onerror]\\n D -->|Success| G[callback]\\n B --> H[file events: directory, end, error, file, stream]\\n H --> D\\n```\\n\\nKey behaviors:\\n- Prevents duplicate callback execution via a `done` flag.\\n- Translates `EISDIR` to a directory error, allowing `res.sendFile()` to call `next()`.\\n- Aborts streaming if the response finishes before the file stream completes.\\n- Applies custom headers via the `headers` event if provided in `options`.\\n\\n### `stringify(value, replacer, spaces, escape)`\\nOptimized JSON serialization wrapper. When `escape` is `true` (controlled by `app.get('json escape')`), it replaces `<`, `>`, and `&` with Unicode escapes (`\\\\u003c`, `\\\\u003e`, `\\\\u0026`) to mitigate HTML injection in JSON payloads.\\n\\n## Configuration Dependencies\\nMethods dynamically read application settings at runtime:\\n- `app.get('etag fn')` / `app.enabled('etag')`: Controls ETag generation in `res.send()` and `res.sendFile()`.\\n- `app.get('json escape')`, `app.get('json replacer')`, `app.get('json spaces')`: Configures `res.json()` and `res.jsonp()` serialization.\\n- `app.get('jsonp callback name')`: Defines the query parameter for JSONP callbacks.\\n- `this.req.secret`: Required when `options.signed` is passed to `res.cookie()`.\\n\\n## Security & Edge Cases\\n- **Status Code Validation:** `res.status()` strictly enforces integer types and `100\u2013999` range.\\n- **Header Stripping:** `res.send()` automatically removes `Content-Type`, `Content-Length`, and `Transfer-Encoding` for `204` and `304` responses, and forces `Content-Length: 0` for `205`.\\n- **HEAD Requests:** `res.send()` and `res.redirect()` skip body transmission for `HEAD` methods, calling `this.end()` without arguments.\\n- **Freshness Check:** `res.send()` checks `req.fresh` and automatically downgrades to `304 Not Modified` when applicable.\\n- **Path Validation:** `res.sendFile()` throws if `path` is missing, non-string, or relative without a `root` option.\\n\\n## Contribution Guidelines\\n- All public methods must return `this` to maintain chainability.\\n- Header manipulation should use `mime.contentType()` for type resolution and `setCharset()` for charset normalization.\\n- When adding streaming capabilities, follow the `sendfile` pattern: use `on-finished` for socket lifecycle management and guard callbacks with a `done` flag to prevent double-invocation.\\n- Deprecations are handled via the `depd` module. Use `deprecate('message')` for legacy argument patterns.\\n- ETag generation is intentionally deferred to app configuration; do not hardcode hashing algorithms in this module.\",\"utilities\":\"# Utilities\\n\\n# Utilities Module (`lib/utils.js`)\\n\\n## Overview\\nThe `utils` module provides internal helper functions and configuration compilers used throughout the Express framework. It centralizes logic for HTTP method normalization, MIME type resolution, ETag generation, query string parsing, proxy trust evaluation, and `Content-Type` charset manipulation. All exports are marked `@api private` and are intended exclusively for internal framework consumption.\\n\\n## Configuration Compilation Pattern\\nExpress accepts flexible configuration values for several core features. This module standardizes those values into optimized, executable functions using three compiler utilities:\\n\\n- `compileETag(val)`: Maps ETag settings (`true`, `'weak'`, `'strong'`, `false`, or a custom function) to an ETag generator.\\n- `compileQueryParser(val)`: Maps query parser settings (`true`, `'simple'`, `'extended'`, `false`, or a custom function) to a query string parser.\\n- `compileTrust(val)`: Maps proxy trust settings (`true`, `false`, hop count, comma-separated IPs, or a custom function) to a trust evaluation function.\\n\\nEach compiler follows a consistent dispatch pattern:\\n1. If `val` is already a function, it is returned directly.\\n2. If `val` matches a known string/boolean/number, it is mapped to a predefined implementation.\\n3. Unrecognized values throw a `TypeError`.\\n\\n## Core Exports\\n\\n### HTTP & Content Negotiation\\n- `methods`: Array of lowercased HTTP methods supported by Node.js (e.g., `['get', 'post', 'put', ...]`).\\n- `normalizeType(type)`: Resolves a MIME type shorthand (e.g., `\\\"html\\\"`) to a full type string (`\\\"text/html\\\"`). If the input already contains a `/`, it delegates to `acceptParams()` to extract quality and parameter data.\\n- `normalizeTypes(types)`: Maps `normalizeType` over an array of type strings.\\n- `setCharset(type, charset)`: Injects or replaces the `charset` parameter in a `Content-Type` string using the `content-type` library. Returns the original string if either argument is falsy.\\n\\n### ETag Generation\\n- `etag(body, [encoding])`: Generates a strong ETag for the provided string or `Buffer`.\\n- `wetag(body, [encoding])`: Generates a weak ETag for the provided string or `Buffer`.\\nBoth are instantiated via the internal `createETagGenerator()` factory, which ensures input is normalized to a `Buffer` before delegation to the `etag` package.\\n\\n### Query Parsing\\n- `compileQueryParser(val)`: (See Configuration Compilation Pattern)\\n- `parseExtendedQueryString(str)`: Internal wrapper around `qs.parse()` configured with `allowPrototypes: true` to safely handle complex query structures.\\n\\n### Proxy Trust\\n- `compileTrust(val)`: (See Configuration Compilation Pattern)\\nNormalizes string inputs into trimmed arrays and delegates to `proxy-addr.compile()` for IP/hop validation.\\n\\n## Internal Utilities\\n- `acceptParams(str)`: Parses HTTP `Accept` header parameters. Extracts the media type/value, quality factor (`q`), and additional parameters into an object `{ value, quality, params }`. Handles edge cases like missing semicolons or malformed splits by tracking index boundaries.\\n- `createETagGenerator(options)`: Factory function that returns a closure for generating ETags. Handles `Buffer` conversion and passes the `weak` option to the underlying `etag` library.\\n- `parseExtendedQueryString(str)`: Dedicated parser for the `'extended'` query mode, isolating `qs` configuration from the rest of the module.\\n\\n## Architecture & Call Flow\\nThe module acts as a centralized utility hub. Configuration compilers route to either built-in Node.js modules, third-party packages, or internal helpers. Internal utilities are invoked by exports to maintain a clean public API surface.\\n\\n```mermaid\\ngraph TD\\n A[compileETag] --> B{val type?}\\n B -->|'weak'| C[wetag]\\n B -->|'strong'| D[etag]\\n B -->|function| E[return val]\\n \\n F[compileQueryParser] --> G{val type?}\\n G -->|'simple'| H[querystring.parse]\\n G -->|'extended'| I[parseExtendedQueryString]\\n \\n J[normalizeType] --> K{contains '/'?}\\n K -->|yes| L[acceptParams]\\n K -->|no| M[mime.lookup]\\n \\n C --> N[createETagGenerator]\\n D --> N\\n```\\n\\n## Dependencies\\n| Package | Purpose |\\n|---|---|\\n| `node:http` | Provides `METHODS` array for HTTP method normalization |\\n| `content-type` | Parses and formats `Content-Type` headers for charset manipulation |\\n| `etag` | Generates strong/weak ETags from Buffers |\\n| `mime-types` | Resolves file extensions to MIME types |\\n| `proxy-addr` | Compiles and evaluates proxy trust functions |\\n| `qs` | Parses extended query strings with prototype safety |\\n| `node:querystring` | Provides simple query string parsing for `'simple'` mode |\\n| `node:buffer` | Ensures consistent `Buffer` handling for ETag generation |\\n\\n## Integration Notes\\n- This module is loaded during Express initialization and is referenced by `lib/application.js`, `lib/request.js`, and `lib/response.js`.\\n- Compiler functions (`compileETag`, `compileQueryParser`, `compileTrust`) are typically invoked during `app.set()` or `app.enable()` calls to transform user-provided settings into cached runtime functions, avoiding repeated type-checking on every request.\\n- `normalizeType` and `acceptParams` are heavily utilized in content negotiation logic to match `Accept` headers against supported response types.\\n- All functions are synchronous and designed for minimal allocation overhead. Modifying exported functions or internal helpers will directly impact framework behavior.\",\"view-rendering\":\"# View Rendering\\n\\n# View Rendering Module (`lib/view.js`)\\n\\n## Overview\\nThe `View` module encapsulates the lifecycle of a single template in Express. It is responsible for:\\n- Parsing view names and resolving file extensions\\n- Dynamically loading and caching template engines\\n- Resolving absolute file paths against configured view directories\\n- Executing the template engine with normalized asynchronous callbacks\\n\\nThis module is instantiated internally by `res.render()` and `app.render()`. It acts as a bridge between Express routing/response logic and third-party template engines (e.g., Pug, EJS, Handlebars).\\n\\n## Constructor & Initialization\\n```javascript\\nfunction View(name, options)\\n```\\nThe constructor accepts a view `name` (string) and an `options` object containing:\\n- `defaultEngine`: The fallback engine name (e.g., `'pug'`)\\n- `engines`: A shared cache object for loaded engine functions\\n- `root`: Base directory or array of directories for view lookup\\n\\n### Initialization Flow\\n1. Extracts the file extension from `name` using `path.extname()`.\\n2. Validates that either an extension is provided or a `defaultEngine` is configured. Throws if neither exists.\\n3. If no extension is present, appends the `defaultEngine` (ensuring a leading `.`) to the filename.\\n4. Loads the template engine if not already cached in `opts.engines`.\\n5. Stores the resolved engine function in `this.engine`.\\n6. Resolves the absolute file path via `this.lookup(fileName)` and stores it in `this.path`.\\n\\n## Engine Loading & Caching\\nExpress expects template engines to export a `__express` function conforming to the signature `(path, options, callback)`. The `View` module handles dynamic loading:\\n\\n```javascript\\nvar mod = this.ext.slice(1)\\nvar fn = require(mod).__express\\n```\\n- The leading `.` is stripped from the extension to form the module name (e.g., `.ejs` \u2192 `ejs`).\\n- The engine is required synchronously. If `__express` is missing or not a function, an error is thrown.\\n- Loaded engines are stored in the shared `opts.engines` cache, preventing redundant `require()` calls across multiple `View` instances.\\n\\n## Path Resolution Strategy\\nPath resolution is split between `lookup()` and `resolve()`, supporting multiple view directories and fallback patterns.\\n\\n### `View.prototype.lookup(name)`\\n- Normalizes `this.root` into an array to support multiple view directories.\\n- Iterates through each root, resolving an absolute path with `path.resolve()`.\\n- Delegates to `this.resolve(dir, file)` for each root until a valid file is found.\\n\\n### `View.prototype.resolve(dir, file)`\\nImplements a two-step resolution strategy:\\n1. **Exact Match**: Checks `/` using `tryStat()`.\\n2. **Index Fallback**: If the exact match fails, checks `//index.`.\\n\\nBoth checks use `fs.statSync()` wrapped in `tryStat()` to safely return `undefined` on missing files without throwing.\\n\\n## Rendering & Callback Normalization\\n```javascript\\nView.prototype.render = function render(options, callback)\\n```\\nThe `render` method executes the loaded engine and guarantees asynchronous callback invocation, which is critical for Express middleware consistency.\\n\\n### Sync-to-Async Normalization\\nSome template engines execute synchronously. To prevent stack overflows and maintain predictable event-loop behavior, `render` uses a `sync` flag:\\n1. `sync` is initialized to `true`.\\n2. The engine is called: `this.engine(this.path, options, onRender)`.\\n3. If the engine calls `onRender` synchronously (`sync === true`), the callback arguments and context are copied, and execution is deferred to `process.nextTick()`.\\n4. If the engine calls `onRender` asynchronously (`sync === false`), the callback is invoked immediately.\\n5. `sync` is set to `false` after the engine call returns, ensuring only the first synchronous callback is deferred.\\n\\n## Integration with Express\\nThe `View` module does not operate in isolation. It relies on application-level configuration passed through the `options` object:\\n- `app.set('views', '/path/to/views')` \u2192 populates `options.root`\\n- `app.set('view engine', 'pug')` \u2192 populates `options.defaultEngine`\\n- `app.engines` \u2192 passed as `options.engines` for cross-request caching\\n\\nWhen `res.render(view, locals, callback)` is called, Express constructs a new `View` instance, merges `res.locals` with `locals`, and invokes `view.render()`.\\n\\n## Architecture Flow\\n```mermaid\\nsequenceDiagram\\n participant App as Express App\\n participant View as View Instance\\n participant Engine as Template Engine\\n participant FS as File System\\n\\n App->>View: new View(name, options)\\n View->>View: Load/cache engine via require(mod).__express\\n View->>View: lookup() & resolve()\\n View->>FS: tryStat() (sync)\\n FS-->>View: File path or undefined\\n View-->>App: Initialized View with this.path & this.engine\\n App->>View: render(options, callback)\\n View->>Engine: this.engine(path, options, onRender)\\n alt Sync Engine\\n Engine-->>View: onRender() (sync)\\n View->>View: process.nextTick(callback)\\n else Async Engine\\n Engine-->>View: onRender() (async)\\n View->>View: callback()\\n end\\n View-->>App: Rendered HTML / Error\\n```\\n\\n## Contributing Notes\\n- **Engine Compatibility**: Any new template engine must export a `__express` function matching `(path, options, callback)`. The callback signature is `(err, html)`.\\n- **Sync Safety**: Do not remove the `process.nextTick` normalization. Many engines run synchronously, and Express routing assumes async rendering to avoid blocking the event loop or causing unhandled sync errors in middleware chains.\\n- **Path Resolution**: The `tryStat` helper uses synchronous I/O intentionally. View resolution happens during request setup, and synchronous checks are acceptable here. Avoid introducing async `fs.stat` unless benchmarking proves a bottleneck.\\n- **Cache Management**: The `engines` cache is shared across the application. Clearing it requires modifying `app.engines` directly; the `View` module does not expose cache invalidation methods.\"};\nvar TREE = [{\"name\":\"Application Core\",\"slug\":\"application-core\",\"files\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"]},{\"name\":\"Request API\",\"slug\":\"request-api\",\"files\":[\"lib/request.js\"]},{\"name\":\"Response API\",\"slug\":\"response-api\",\"files\":[\"lib/response.js\"]},{\"name\":\"View Rendering\",\"slug\":\"view-rendering\",\"files\":[\"lib/view.js\"]},{\"name\":\"Utilities\",\"slug\":\"utilities\",\"files\":[\"lib/utils.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 auth\",\"slug\":\"other-auth\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Other \u2014 content-negotiation\",\"slug\":\"other-content-negotiation\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Other \u2014 cookie-sessions\",\"slug\":\"other-cookie-sessions\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Other \u2014 cookies\",\"slug\":\"other-cookies\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Other \u2014 downloads\",\"slug\":\"other-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"Other \u2014 ejs\",\"slug\":\"other-ejs\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Other \u2014 error-pages\",\"slug\":\"other-error-pages\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Other \u2014 error\",\"slug\":\"other-error\",\"files\":[\"examples/error/index.js\"]},{\"name\":\"Other \u2014 hello-world\",\"slug\":\"other-hello-world\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Other \u2014 markdown\",\"slug\":\"other-markdown\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Other \u2014 multi-router\",\"slug\":\"other-multi-router\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"Other \u2014 mvc\",\"slug\":\"other-mvc\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Other \u2014 online\",\"slug\":\"other-online\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Other \u2014 params\",\"slug\":\"other-params\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Other \u2014 resource\",\"slug\":\"other-resource\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Other \u2014 route-map\",\"slug\":\"other-route-map\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Other \u2014 route-middleware\",\"slug\":\"other-route-middleware\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Other \u2014 route-separation\",\"slug\":\"other-route-separation\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Other \u2014 search\",\"slug\":\"other-search\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other \u2014 session\",\"slug\":\"other-session\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Other \u2014 static-files\",\"slug\":\"other-static-files\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Other \u2014 vhost\",\"slug\":\"other-vhost\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"Other \u2014 view-constructor\",\"slug\":\"other-view-constructor\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"Other \u2014 view-locals\",\"slug\":\"other-view-locals\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Other \u2014 web-service\",\"slug\":\"other-web-service\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}];\nvar META = {\"fromCommit\":\"f873ac23124ffcff8c040b4bd257b32c29828d53\",\"generatedAt\":\"2026-05-09T02:42:42.656Z\",\"model\":\"qwen3.6-plus\",\"moduleFiles\":{\"Application Core\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"],\"Request API\":[\"lib/request.js\"],\"Response API\":[\"lib/response.js\"],\"View Rendering\":[\"lib/view.js\"],\"Utilities\":[\"lib/utils.js\"],\"Other\":[\"History.md\",\"Readme.md\",\"examples/README.md\",\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\",\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\",\"examples/cookie-sessions/index.js\",\"examples/cookies/index.js\",\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\",\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\",\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\",\"examples/error/index.js\",\"examples/hello-world/index.js\",\"examples/markdown/index.js\",\"examples/markdown/views/index.md\",\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\",\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\",\"examples/online/index.js\",\"examples/params/index.js\",\"examples/resource/index.js\",\"examples/route-map/index.js\",\"examples/route-middleware/index.js\",\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\",\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\",\"examples/session/index.js\",\"examples/session/redis.js\",\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\",\"examples/vhost/index.js\",\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\",\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\",\"examples/web-service/index.js\",\"package.json\",\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\",\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\",\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"],\"Other \u2014 History.md\":[\"History.md\"],\"Other \u2014 Readme.md\":[\"Readme.md\"],\"Other \u2014 examples\":[\"examples/README.md\"],\"Other \u2014 auth\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"],\"Other \u2014 content-negotiation\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"],\"Other \u2014 cookie-sessions\":[\"examples/cookie-sessions/index.js\"],\"Other \u2014 cookies\":[\"examples/cookies/index.js\"],\"Other \u2014 downloads\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"],\"Other \u2014 ejs\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"],\"Other \u2014 error-pages\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"],\"Other \u2014 error\":[\"examples/error/index.js\"],\"Other \u2014 hello-world\":[\"examples/hello-world/index.js\"],\"Other \u2014 markdown\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"],\"Other \u2014 multi-router\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"],\"Other \u2014 mvc\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"],\"Other \u2014 online\":[\"examples/online/index.js\"],\"Other \u2014 params\":[\"examples/params/index.js\"],\"Other \u2014 resource\":[\"examples/resource/index.js\"],\"Other \u2014 route-map\":[\"examples/route-map/index.js\"],\"Other \u2014 route-middleware\":[\"examples/route-middleware/index.js\"],\"Other \u2014 route-separation\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"],\"Other \u2014 search\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"],\"Other \u2014 session\":[\"examples/session/index.js\",\"examples/session/redis.js\"],\"Other \u2014 static-files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"],\"Other \u2014 vhost\":[\"examples/vhost/index.js\"],\"Other \u2014 view-constructor\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"],\"Other \u2014 view-locals\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"],\"Other \u2014 web-service\":[\"examples/web-service/index.js\"],\"Other \u2014 package.json\":[\"package.json\"],\"Other \u2014 test\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"],\"Other \u2014 acceptance\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"],\"Other \u2014 support\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]},\"moduleTree\":[{\"name\":\"Application Core\",\"slug\":\"application-core\",\"files\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"]},{\"name\":\"Request API\",\"slug\":\"request-api\",\"files\":[\"lib/request.js\"]},{\"name\":\"Response API\",\"slug\":\"response-api\",\"files\":[\"lib/response.js\"]},{\"name\":\"View Rendering\",\"slug\":\"view-rendering\",\"files\":[\"lib/view.js\"]},{\"name\":\"Utilities\",\"slug\":\"utilities\",\"files\":[\"lib/utils.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 auth\",\"slug\":\"other-auth\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Other \u2014 content-negotiation\",\"slug\":\"other-content-negotiation\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Other \u2014 cookie-sessions\",\"slug\":\"other-cookie-sessions\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Other \u2014 cookies\",\"slug\":\"other-cookies\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Other \u2014 downloads\",\"slug\":\"other-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"Other \u2014 ejs\",\"slug\":\"other-ejs\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Other \u2014 error-pages\",\"slug\":\"other-error-pages\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Other \u2014 error\",\"slug\":\"other-error\",\"files\":[\"examples/error/index.js\"]},{\"name\":\"Other \u2014 hello-world\",\"slug\":\"other-hello-world\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Other \u2014 markdown\",\"slug\":\"other-markdown\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Other \u2014 multi-router\",\"slug\":\"other-multi-router\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"Other \u2014 mvc\",\"slug\":\"other-mvc\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Other \u2014 online\",\"slug\":\"other-online\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Other \u2014 params\",\"slug\":\"other-params\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Other \u2014 resource\",\"slug\":\"other-resource\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Other \u2014 route-map\",\"slug\":\"other-route-map\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Other \u2014 route-middleware\",\"slug\":\"other-route-middleware\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Other \u2014 route-separation\",\"slug\":\"other-route-separation\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Other \u2014 search\",\"slug\":\"other-search\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other \u2014 session\",\"slug\":\"other-session\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Other \u2014 static-files\",\"slug\":\"other-static-files\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Other \u2014 vhost\",\"slug\":\"other-vhost\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"Other \u2014 view-constructor\",\"slug\":\"other-view-constructor\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"Other \u2014 view-locals\",\"slug\":\"other-view-locals\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Other \u2014 web-service\",\"slug\":\"other-web-service\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}]};\n\n(function() {\n var activePage = 'overview';\n\n document.addEventListener('DOMContentLoaded', function() {\n mermaid.initialize({ startOnLoad: false, theme: 'neutral', securityLevel: 'loose' });\n renderMeta();\n renderNav();\n document.getElementById('menu-toggle').addEventListener('click', function() {\n document.getElementById('sidebar').classList.toggle('open');\n });\n if (location.hash && location.hash.length > 1) {\n activePage = decodeURIComponent(location.hash.slice(1));\n }\n navigateTo(activePage);\n });\n\n function renderMeta() {\n if (!META) return;\n var el = document.getElementById('meta-info');\n var parts = [];\n if (META.generatedAt) {\n parts.push(new Date(META.generatedAt).toLocaleDateString());\n }\n if (META.model) parts.push(META.model);\n if (META.fromCommit) parts.push(META.fromCommit.slice(0, 8));\n el.textContent = parts.join(' \\u00b7 ');\n }\n\n function renderNav() {\n var container = document.getElementById('nav-tree');\n var html = '\n';\n html += 'Overview';\n html += '';\n if (TREE.length > 0) {\n html += '\nModules';\n html += buildNavTree(TREE);\n }\n container.innerHTML = html;\n container.addEventListener('click', function(e) {\n var target = e.target;\n while (target && !target.dataset.page) { target = target.parentElement; }\n if (target && target.dataset.page) {\n e.preventDefault();\n navigateTo(target.dataset.page);\n }\n });\n }\n\n function buildNavTree(nodes) {\n var html = '';\n for (var i = 0; i < nodes.length; i++) {\n var node = nodes[i];\n html += '\n';\n html += '' + escH(node.name) + '';\n if (node.children && node.children.length > 0) {\n html += '\n' + buildNavTree(node.children) + '';\n }\n html += '';\n }\n return html;\n }\n\n function escH(s) {\n var d = document.createElement('div');\n d.textContent = s;\n return d.innerHTML;\n }\n\n function navigateTo(page) {\n activePage = page;\n location.hash = encodeURIComponent(page);\n\n var items = document.querySelectorAll('.nav-item');\n for (var i = 0; i < items.length; i++) {\n if (items[i].dataset.page === page) {\n items[i].classList.add('active');\n } else {\n items[i].classList.remove('active');\n }\n }\n\n var contentEl = document.getElementById('content');\n var md = PAGES[page];\n\n if (!md) {\n contentEl.innerHTML = '\n\nPage not found\n' + escH(page) + '.md does not exist.';\n return;\n }\n\n contentEl.innerHTML = marked.parse(md);\n\n // Rewrite .md links to hash navigation\n var links = contentEl.querySelectorAll('a[href]');\n for (var i = 0; i < links.length; i++) {\n var href = links[i].getAttribute('href');\n if (href && href.endsWith('.md') && href.indexOf('://') === -1) {\n var slug = href.replace(/\\.md$/, '');\n links[i].setAttribute('href', '#' + encodeURIComponent(slug));\n (function(s) {\n links[i].addEventListener('click', function(e) {\n e.preventDefault();\n navigateTo(s);\n });\n })(slug);\n }\n }\n\n // Convert mermaid code blocks into mermaid divs\n var mermaidBlocks = contentEl.querySelectorAll('pre code.language-mermaid');\n for (var i = 0; i < mermaidBlocks.length; i++) {\n var pre = mermaidBlocks[i].parentElement;\n var div = document.createElement('div');\n div.className = 'mermaid';\n div.textContent = mermaidBlocks[i].textContent;\n pre.parentNode.replaceChild(div, pre);\n }\n try { mermaid.run({ querySelector: '.mermaid' }); } catch(e) {}\n\n window.scrollTo(0, 0);\n document.getElementById('sidebar').classList.remove('open');\n }\n})();\n\n\n\n", "creation_timestamp": "2026-05-09T02:43:21.000000Z"}