{"vulnerability": "cve-2024-4776", "sightings": [{"uuid": "8a48d430-fa0b-48b0-8f5b-4a0cb11f1a90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47760", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635262751522479", "content": "", "creation_timestamp": "2024-12-11T17:01:44.840035Z"}, {"uuid": "d623e614-0787-4fac-9df9-47fe535fa15f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47761", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113635295248950416", "content": "", "creation_timestamp": "2024-12-11T17:10:00.650418Z"}, {"uuid": "22c3b041-535b-4a34-b5b4-a0269846b25b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/ton77v/932a3f8b5d57d2625b31328796a3cf30", "content": "", "creation_timestamp": "2025-02-01T06:22:08.000000Z"}, {"uuid": "b8a670f5-31a2-43fe-abe8-c7408b633069", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47761", "type": "seen", "source": "https://t.me/cvedetector/12645", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47761 - GLPI Account Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47761 \nPublished : Dec. 11, 2024, 5:15 p.m. | 19\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T18:35:02.000000Z"}, {"uuid": "cbee95bf-a300-4d27-98fa-1c17dfb3929a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/animesh-1121/c5f18322202fe7ce4b456e08d21dc4d7", "content": "", "creation_timestamp": "2025-06-23T12:01:38.000000Z"}, {"uuid": "7c72d66f-6efb-4aed-a8fd-2162ac28aace", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/jrvssingh-cpu/5ca4be6b05f749c6962d84fae197cdc9", "content": "", "creation_timestamp": "2026-02-25T10:55:46.000000Z"}, {"uuid": "6f7b825b-4a10-4813-bd33-c8107890bffb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47760", "type": "seen", "source": "https://t.me/cvedetector/12644", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47760 - GLPI Privilege Escalation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47760 \nPublished : Dec. 11, 2024, 5:15 p.m. | 19\u00a0minutes ago \nDescription : GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"11 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-11T18:35:01.000000Z"}, {"uuid": "b03a64f9-f30f-40f6-ab7d-104aab9cf58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47767", "type": "seen", "source": "https://t.me/cvedetector/7853", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47767 - Tuleap Inadvertent Tracker Access Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47767 \nPublished : Oct. 14, 2024, 6:15 p.m. | 30\u00a0minutes ago \nDescription : Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, users might see tracker names they should not have access to. Tuleap Community Edition 15.13.99.113, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T20:51:52.000000Z"}, {"uuid": "25323914-9154-4330-982a-dfcce6e48252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47766", "type": "seen", "source": "https://t.me/cvedetector/7852", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47766 - \"Tuleap Unrestricted Cross-Tracker Search Vulnerability\"\", \n \"Content\": \"CVE ID : CVE-2024-47766 \nPublished : Oct. 14, 2024, 6:15 p.m. | 30\u00a0minutes ago \nDescription : Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-5, administrators of a project can access the content of trackers with permissions restrictions of project they are members of but not admin via the cross tracker search widget. Tuleap Community Edition 15.13.99.110, Tuleap Enterprise Edition 15.13-5, and Tuleap Enterprise Edition 15.12-8 fix this issue. \nSeverity: 4.9 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"14 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T20:51:51.000000Z"}, {"uuid": "201d31b9-0ec0-44a4-8883-ab6297e91889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47762", "type": "seen", "source": "https://t.me/cvedetector/6917", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47762 - Backstage APP_CONFIG Configuration Setting Insecure Secrets\", \n \"Content\": \"CVE ID : CVE-2024-47762 \nPublished : Oct. 3, 2024, 6:15 p.m. | 27\u00a0minutes ago \nDescription : Backstage is an open framework for building developer portals. Configuration supplied through APP_CONFIG_* environment variables, for example APP_CONFIG_backend_listen_port=7007, where unexpectedly ignoring the visibility defined in configuration schema. This occurred even if the configuration schema specified that they should have backend or secret visibility. This was an intended feature of the APP_CONFIG_* way of supplying configuration, but now clearly goes against the expected behavior of the configuration system. This behavior leads to a risk of potentially exposing sensitive configuration details intended to remain private or restricted to backend processes. The issue has been resolved in version 0.3.75 of the @backstage/plugin-app-backend package. As a temporary measure, avoid supplying secrets using the APP_CONFIG_ configuration pattern. Consider alternative methods for setting secrets, such as the environment substitution available for Backstage configuration. \nSeverity: 5.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"03 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-03T20:48:03.000000Z"}, {"uuid": "92da4395-6e57-4ce5-b3d0-53a4290dadb6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47763", "type": "seen", "source": "https://t.me/cvedetector/7518", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47763 - Wasmtime WebAssembly Denial-of-Service Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47763 \nPublished : Oct. 9, 2024, 6:15 p.m. | 18\u00a0minutes ago \nDescription : Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. Wasmtime first enabled support for tail calls by default in Wasmtime 21.0.0, although that release contained a bug where it was only on-by-default for some configurations. In Wasmtime 22.0.0 tail calls were enabled by default for all configurations. The specific crash happens when an exported function in a WebAssembly module (or component) performs a `return_call` (or `return_call_indirect` or `return_call_ref`) to an imported host function which captures a stack trace (for example, the host function raises a trap). In this situation, the stack-walking code previously assumed there was always at least one WebAssembly frame on the stack but with tail calls that is no longer true. With the tail-call proposal it's possible to have an entry trampoline appear as if it directly called the exit trampoline. This situation triggers an internal assert in the stack-walking code which raises a Rust `panic!()`. When Wasmtime is compiled with Rust versions 1.80 and prior this means that an `extern \"C\"` function in Rust is raising a `panic!()`. This is technically undefined behavior and typically manifests as a process abort when the unwinder fails to unwind Cranelift-generated frames. When Wasmtime is compiled with Rust versions 1.81 and later this panic becomes a deterministic process abort. Overall the impact of this issue is that this is a denial-of-service vector where a malicious WebAssembly module or component can cause the host to crash. There is no other impact at this time other than availability of a service as the result of the crash is always a crash and no more. This issue was discovered by routine fuzzing performed by the Wasmtime project via Google's OSS-Fuzz infrastructure. We have no evidence that it has ever been exploited by an attacker in the wild. All versions of Wasmtime which have tail calls enabled by default have been patched: * 21.0.x - patched in 21.0.2 * 22.0.x - patched in 22.0.1 * 23.0.x - patched in 23.0.3 * 24.0.x - patched in 24.0.1 * 25.0.x - patched in 25.0.2. Wasmtime versions from 12.0.x (the first release with experimental tail call support) to 20.0.x (the last release with tail-calls off-by-default) have support for tail calls but the support is disabled by default. These versions are not affected in their default configurations, but users who explicitly enabled tail call support will need to either disable tail call support or upgrade to a patched version of Wasmtime. The main workaround for this issue is to disable tail support for tail calls in Wasmtime, for example with `Config::wasm_tail_call(false)`. Users are otherwise encouraged to upgrade to patched versions. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T20:40:38.000000Z"}, {"uuid": "c52520e8-ce8a-4085-b5ab-6342e9a8a609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47769", "type": "seen", "source": "https://t.me/cvedetector/6992", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47769 - IDURAR LFI/VBS Directory Traversal\", \n \"Content\": \"CVE ID : CVE-2024-47769 \nPublished : Oct. 4, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : IDURAR is open source ERP CRM accounting invoicing software. The vulnerability exists in the corePublicRouter.js file. Using the reference usage here, it is identified that the public endpoint is accessible to an unauthenticated user. The user's input is directly appended to the join statement without additional checks. This allows an attacker to send URL encoded malicious payload. The directory structure can be escaped to read system files by adding an encoded string (payload) at subpath location. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T17:42:43.000000Z"}, {"uuid": "b6f7c500-4b66-463d-a8f5-fa1ad2c50d9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47765", "type": "seen", "source": "https://t.me/cvedetector/6991", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47765 - Minecraft MOTD Parser XSS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-47765 \nPublished : Oct. 4, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : Minecraft MOTD Parser is a PHP library to parse minecraft server motd. The HtmlGenerator class is subject to potential cross-site scripting (XSS) attack through a parsed malformed Minecraft server MOTD. The HtmlGenerator iterates through objects of MotdItem that are contained in an object of MotdItemCollection to generate a HTML string. An attacker can make malicious inputs to the color and text properties of MotdItem to inject own HTML into a web page during web page generation. For example by sending a malicious MOTD from a Minecraft server under their control that was queried and passed to the HtmlGenerator. This XSS vulnerability exists because the values of these properties are neither filtered nor escaped. This vulnerability is fixed in 1.0.6. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T17:42:42.000000Z"}, {"uuid": "6aa1647d-6757-4197-9e8c-e64f5be32c50", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47768", "type": "seen", "source": "https://t.me/cvedetector/6990", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47768 - Lif Authentication Server Account Takeover Vulnerability (Authentication Bypass)\", \n \"Content\": \"CVE ID : CVE-2024-47768 \nPublished : Oct. 4, 2024, 3:15 p.m. | 18\u00a0minutes ago \nDescription : Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the recovery email and entered the correct code. If the attacker knew the email of the target, they could supply the email and immediately prompt the server to update the password without ever needing the code. This issue has been patched in version 1.7.3. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T17:42:41.000000Z"}, {"uuid": "4bad80b8-9513-4035-8a5a-d9a4f096f100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://t.me/cvedetector/7021", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-47764 - Cookie vulnerable to Unauthorized Field Modification\", \n \"Content\": \"CVE ID : CVE-2024-47764 \nPublished : Oct. 4, 2024, 8:15 p.m. | 25\u00a0minutes ago \nDescription : cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to 0.7.0, which updates the validation for name, path, and domain. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"04 Oct 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-04T22:43:39.000000Z"}, {"uuid": "e5353b83-bf83-40b8-970d-d6a3d6c1fee1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/Adcbda/1903b9267561971f4b148df4c6e3182f", "content": "\n\n\n\n\nexpress \u2014 Wiki\n\n\n\n\n*{margin:0;padding:0;box-sizing:border-box}\n:root{\n --bg:#ffffff;--sidebar-bg:#f8f9fb;--border:#e5e7eb;\n --text:#1e293b;--text-muted:#64748b;--primary:#2563eb;\n --primary-soft:#eff6ff;--hover:#f1f5f9;--code-bg:#f1f5f9;\n --radius:8px;--shadow:0 1px 3px rgba(0,0,0,.08);\n}\nbody{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;\n line-height:1.65;color:var(--text);background:var(--bg)}\n\n.layout{display:flex;min-height:100vh}\n.sidebar{width:280px;background:var(--sidebar-bg);border-right:1px solid var(--border);\n position:fixed;top:0;left:0;bottom:0;overflow-y:auto;padding:24px 16px;\n display:flex;flex-direction:column;z-index:10}\n.content{margin-left:280px;flex:1;padding:48px 64px;max-width:960px}\n\n.sidebar-header{margin-bottom:20px;padding-bottom:16px;border-bottom:1px solid var(--border)}\n.sidebar-title{font-size:16px;font-weight:700;color:var(--text);display:flex;align-items:center;gap:8px}\n.sidebar-title svg{flex-shrink:0}\n.sidebar-meta{font-size:11px;color:var(--text-muted);margin-top:6px}\n.nav-section{margin-bottom:2px}\n.nav-item{display:block;padding:7px 12px;border-radius:var(--radius);cursor:pointer;\n font-size:13px;color:var(--text);text-decoration:none;transition:all .15s;\n white-space:nowrap;overflow:hidden;text-overflow:ellipsis}\n.nav-item:hover{background:var(--hover)}\n.nav-item.active{background:var(--primary-soft);color:var(--primary);font-weight:600}\n.nav-item.overview{font-weight:600;margin-bottom:4px}\n.nav-children{padding-left:14px;border-left:1px solid var(--border);margin-left:12px}\n.nav-group-label{font-size:11px;font-weight:600;color:var(--text-muted);\n text-transform:uppercase;letter-spacing:.5px;padding:12px 12px 4px;user-select:none}\n.sidebar-footer{margin-top:auto;padding-top:16px;border-top:1px solid var(--border);\n font-size:11px;color:var(--text-muted);text-align:center}\n\n.content h1{font-size:28px;font-weight:700;margin-bottom:8px;line-height:1.3}\n.content h2{font-size:22px;font-weight:600;margin:32px 0 12px;padding-bottom:6px;border-bottom:1px solid var(--border)}\n.content h3{font-size:17px;font-weight:600;margin:24px 0 8px}\n.content h4{font-size:15px;font-weight:600;margin:20px 0 6px}\n.content p{margin:12px 0}\n.content ul,.content ol{margin:12px 0 12px 24px}\n.content li{margin:4px 0}\n.content a{color:var(--primary);text-decoration:none}\n.content a:hover{text-decoration:underline}\n.content blockquote{border-left:3px solid var(--primary);padding:8px 16px;margin:16px 0;\n background:var(--primary-soft);border-radius:0 var(--radius) var(--radius) 0;\n color:var(--text-muted);font-size:14px}\n.content code{font-family:'SF Mono',Consolas,'Courier New',monospace;font-size:13px;\n background:var(--code-bg);padding:2px 6px;border-radius:4px}\n.content pre{background:#1e293b;color:#e2e8f0;border-radius:var(--radius);padding:16px;\n overflow-x:auto;margin:16px 0}\n.content pre code{background:none;padding:0;font-size:13px;line-height:1.6;color:inherit}\n.content table{border-collapse:collapse;width:100%;margin:16px 0}\n.content th,.content td{border:1px solid var(--border);padding:8px 12px;text-align:left;font-size:14px}\n.content th{background:var(--sidebar-bg);font-weight:600}\n.content img{max-width:100%;border-radius:var(--radius)}\n.content hr{border:none;border-top:1px solid var(--border);margin:32px 0}\n.content .mermaid{margin:20px 0;text-align:center}\n\n.menu-toggle{display:none;position:fixed;top:12px;left:12px;z-index:20;\n background:var(--bg);border:1px solid var(--border);border-radius:var(--radius);\n padding:8px 12px;cursor:pointer;font-size:18px;box-shadow:var(--shadow)}\n@media(max-width:768px){\n .sidebar{transform:translateX(-100%);transition:transform .2s}\n .sidebar.open{transform:translateX(0);box-shadow:2px 0 12px rgba(0,0,0,.1)}\n .content{margin-left:0;padding:24px 20px;padding-top:56px}\n .menu-toggle{display:block}\n}\n.empty-state{text-align:center;padding:80px 20px;color:var(--text-muted)}\n.empty-state h2{font-size:20px;margin-bottom:8px;border:none}\n\n\n\n\n☰\n\n\n\n\n\n\n\n\n\nexpress\n\n\n\n\n\n\n\nGenerated by GitNexus\n\n\n\n\n\nLoading\u2026\n\n\n\nvar PAGES = {\"application-core\":\"# Application Core\\n\\n# Application Core Module\\n\\n## Overview\\nThe Application Core module provides the foundational factory, prototype, and request lifecycle logic for the Express framework. It exposes `createApplication()` as the primary entry point, constructs the callable `app` object, and defines the `application` prototype that handles configuration, middleware mounting, routing delegation, view rendering, and HTTP server creation.\\n\\n## Initialization & Architecture\\nThe module is structured around a factory pattern combined with prototype mixing:\\n\\n- **Entry Point**: `index.js` re-exports `./lib/express`\\n- **Factory**: `lib/express.js` exports `createApplication()`, which returns a callable function `app(req, res, next)`\\n- **Prototype Mixing**: `merge-descriptors` is used to attach `EventEmitter.prototype` and the `application` prototype (`proto`) to the `app` function\\n- **Request/Response Prototypes**: `app.request` and `app.response` are created via `Object.create()` with an `app` property descriptor. These serve as the base prototypes for incoming Node.js `req` and `res` objects\\n- **Lazy Router**: The `app.router` property is defined via `Object.defineProperty` with a getter that instantiates a `Router` only on first access, configured with `caseSensitive` and `strict` settings\\n\\n## Core API Reference\\n\\n### Configuration & Settings\\nSettings are stored in `this.settings` and managed through a unified API:\\n- `app.set(setting, val)` / `app.set(setting)`: Assigns or retrieves a setting. Triggers compilation for `etag`, `query parser`, and `trust proxy` via `compileETag`, `compileQueryParser`, and `compileTrust`\\n- `app.enable(setting)` / `app.disable(setting)`: Shorthand for `app.set(setting, true/false)`\\n- `app.enabled(setting)` / `app.disabled(setting)`: Boolean checks against stored settings\\n- `app.defaultConfiguration()`: Initializes defaults (`x-powered-by`, `etag: 'weak'`, `env`, `query parser: 'simple'`, `subdomain offset: 2`, `trust proxy: false`, `view cache` in production)\\n\\n### Routing & Middleware\\nRouting methods delegate to the lazily initialized `Router` instance:\\n- `app.use([path], ...fn)`: Proxies to `router.use()`. Handles argument flattening via `Array.prototype.flat`. If `fn` is an Express app, it mounts it, sets `fn.mountpath` and `fn.parent`, and wraps execution to restore original `req`/`res` prototypes after the sub-app finishes\\n- `app.route(path)`: Returns a new `Route` instance for isolated middleware stacks\\n- `app.param(name, fn)`: Proxies to `router.param()`. Accepts arrays of parameter names\\n- `app.all(path, ...fn)`: Registers middleware/callbacks for all HTTP methods\\n- **HTTP Verbs**: Dynamically generated via `methods.forEach`. `app.get(path)` acts as a settings getter when called with a single argument; otherwise, it delegates to `route.get()`\\n\\n### Request Handling Pipeline\\n- `app.handle(req, res, callback)`: Core dispatch function. Sets up circular references (`req.res`, `res.req`), attaches `app.request`/`app.response` prototypes to incoming objects, initializes `res.locals`, and delegates to `this.router.handle(req, res, done)`\\n- If no callback is provided, `finalhandler` is used as the terminal error handler, configured with `this.get('env')` and `logerror`\\n\\n### View Rendering\\n- `app.render(name, options, callback)`: Resolves views using the `View` constructor. Merges `this.locals`, `opts._locals`, and `opts`. Supports view caching via `this.cache` when `view cache` is enabled\\n- `app.engine(ext, fn)`: Registers template engine callbacks keyed by file extension\\n- `tryRender(view, options, callback)`: Internal wrapper that catches synchronous rendering errors and passes them to the callback\\n\\n### Server Lifecycle\\n- `app.listen()`: Creates an `http.Server` with `this` as the request handler. Wraps the final callback argument with `once` to prevent duplicate error event emissions, then delegates to `server.listen()`\\n\\n## Request Execution Flow\\n```mermaid\\ngraph TD\\n A[Incoming HTTP Request] --> B[app(req, res, next)]\\n B --> C[app.handle]\\n C --> D[Set req/res prototypes & locals]\\n D --> E[router.handle]\\n E --> F[Middleware/Route Execution]\\n F --> G[finalhandler / logerror]\\n```\\n\\n1. The callable `app` function receives the raw Node.js request\\n2. `app.handle()` initializes the pipeline, optionally attaching `finalhandler`\\n3. `X-Powered-By` header is set if enabled\\n4. `req` and `res` prototypes are swapped to `app.request` and `app.response`\\n5. `res.locals` is initialized if absent\\n6. Control passes to `this.router.handle()`, which executes the middleware stack\\n7. Unhandled errors or completed responses trigger `finalhandler`, which logs via `logerror` in non-test environments\\n\\n## Key Implementation Patterns\\n\\n### Prototype Restoration for Mounted Apps\\nWhen a sub-application is mounted via `app.use()`, the wrapper function captures `req.app` before execution. After the sub-app's `handle()` completes, it restores the original prototypes:\\n```javascript\\nObject.setPrototypeOf(req, orig.request)\\nObject.setPrototypeOf(res, orig.response)\\n```\\nThis ensures middleware chains outside the mounted app continue using the parent's prototype chain.\\n\\n### Lazy Router Instantiation\\nThe router is not created during `app.init()`. Instead, a getter defers instantiation until the first routing or middleware call:\\n```javascript\\nObject.defineProperty(this, 'router', {\\n get: function getrouter() {\\n if (router === null) {\\n router = new Router({ ... });\\n }\\n return router;\\n }\\n});\\n```\\nThis avoids overhead for applications that only use `app.set()` or `app.render()`.\\n\\n### Settings Compilation & Inheritance\\nSpecial settings (`etag`, `query parser`, `trust proxy`) trigger immediate compilation into internal `fn` properties. The `trustProxyDefaultSymbol` tracks whether the default trust proxy state should be inherited from a parent app during `mount` events, maintaining backward compatibility with Express 4.x behavior.\\n\\n### Error Handling & Logging\\n`logerror()` is bound to the app instance and invoked by `finalhandler` when errors bubble up. It suppresses output in `test` environments and logs `err.stack` or `err.toString()` otherwise.\",\"other-acceptance\":\"# Other \u2014 acceptance\\n\\n# Acceptance Test Module\\n\\n## Purpose\\nThe `test/acceptance/` directory contains end-to-end integration tests for the Express.js example applications. Each file validates the HTTP behavior, routing logic, middleware execution, and response formatting of a specific example. The suite ensures that examples function correctly as standalone applications before deployment or documentation publication.\\n\\n## Architecture & Tooling\\n- **Test Runner**: Mocha (`describe`, `it`, `done`)\\n- **HTTP Simulation**: `supertest` (`request(app)`)\\n- **Assertion Pattern**: Chained `.expect()` calls for status codes, headers, response bodies (regex or exact strings), and redirects\\n- **Execution Model**: Tests import Express app instances directly from `../../examples/` and pass them to `supertest`. This bypasses the need for a live HTTP server, enabling fast, isolated test execution.\\n\\n```mermaid\\nflowchart LR\\n A[Test File] -->|require| B[Express App]\\n A -->|request| C[supertest]\\n C -->|HTTP Simulation| B\\n B -->|Response| C\\n C -->|expect| D[Assertions]\\n A -->|getCookie / getCookies| E[Cookie Helpers]\\n A -->|shouldNotHaveHeader| F[test/support/utils.js]\\n```\\n\\n## Execution Flow\\nEach test follows a consistent asynchronous pattern:\\n1. **App Initialization**: `var app = require('../../examples/')`\\n2. **Request Construction**: `request(app).('/path')`\\n3. **Payload/Headers**: `.type('urlencoded')`, `.send({})`, `.set('Header', 'value')`\\n4. **Validation**: `.expect(status, body, done)` or chained `.expect()` calls\\n5. **Stateful Follow-up**: Capture `Set-Cookie` headers, parse with helper functions, and attach to subsequent requests via `.set('Cookie', ...)`\\n\\nThe `send` method routes payloads through the test simulation layer, which interfaces with the underlying Express router to trigger middleware and route handlers.\\n\\n## Test Domains & Coverage\\n| File | Feature Validated | Key Behaviors |\\n|------|-------------------|---------------|\\n| `auth.js` | Session-based authentication | Login redirects, credential validation, protected route access, session persistence |\\n| `cookie-sessions.js` | Cookie-backed sessions | View counters, `Set-Cookie` header generation, session state across requests |\\n| `cookies.js` | Manual cookie management | Cookie setting/clearing, conditional header emission, form-driven state |\\n| `content-negotiation.js` | `Accept` header routing | Default `text/html`, `text/plain`, and `application/json` response formatting |\\n| `downloads.js` | Static file serving | `Content-Disposition` headers, 404 for missing files, 403 for path traversal |\\n| `ejs.js` / `markdown.js` | Template rendering | HTML output generation, error handling on render failure |\\n| `error.js` / `error-pages.js` | Error handling | 404/500 status codes, format-aware error payloads (JSON/HTML/plain text) |\\n| `multi-router.js` / `route-map.js` / `route-separation.js` | Routing architecture | Nested routers, HTTP method mapping, modular route organization |\\n| `mvc.js` | CRUD & MVC patterns | Resource creation, form submission (`PUT`/`POST`), redirects, 404/500 handling |\\n| `params.js` / `resource.js` | Parameter parsing & REST | Range parsing (`1..3`), integer validation, resource deletion, JSON fallback |\\n| `vhost.js` | Virtual host routing | `Host` header matching, subdomain redirection |\\n| `web-service.js` | API security | API key validation (`400`/`401`), protected endpoints, JSON error responses |\\n| `hello-world.js` | Baseline routing | Simple GET response, default 404 handling |\\n\\n## State Management & Helpers\\nStateful tests (authentication, sessions, cookies) rely on two internal helper functions:\\n- `getCookie(res)`: Extracts the first cookie from `res.headers['set-cookie'][0]` by splitting on `;`\\n- `getCookies(res)`: Maps all `set-cookie` headers, extracts the key-value pairs, and joins them with `; ` for multi-cookie requests\\n\\nBoth helpers are used to maintain session state across sequential HTTP requests within a single test case.\\n\\nExternal assertions are imported from `test/support/utils.js`:\\n- `utils.shouldNotHaveHeader('Header-Name')`: Validates that a specific header is absent from the response (e.g., ensuring `Set-Cookie` is not emitted when no session is created).\\n\\n## Integration Points\\n- **Test Support**: `test/support/utils.js` provides shared assertion utilities\\n- **Example Apps**: All tests target modules under `examples/`, importing the exported Express app instance\\n- **Request Simulation**: `supertest` intercepts Express's internal routing, allowing `.send()` to trigger middleware chains without network overhead\\n- **Async Control**: All tests use the Mocha `done` callback pattern to handle asynchronous HTTP simulation and assertion resolution\\n\\n## Adding New Tests\\n1. Create a new file in `test/acceptance/` matching the target example name\\n2. Import the app: `var app = require('../../examples/')`\\n3. Structure tests using `describe` for routes/features and `it` for individual assertions\\n4. Use `.expect()` for status codes, headers, and body content. Prefer regex for HTML and exact strings for JSON\\n5. For stateful flows, capture cookies via `getCookie(res)` or `getCookies(res)` and attach them to follow-up requests using `.set('Cookie', ...)`\\n6. Always pass `done` to the final `.expect()` call or return a promise to ensure proper async resolution\",\"other-auth\":\"# Other \u2014 auth\\n\\n# Other \u2014 auth\\n\\nThis Express.js example demonstrates session-based user authentication using `express-session` and `pbkdf2-password`. It provides a complete, self-contained flow for login, session lifecycle management, route protection, and logout, backed by an in-memory user store.\\n\\n## Architecture & Request Flow\\n\\nThe application follows a standard Express middleware pipeline:\\n1. **Parsing & Session Initialization**: `express.urlencoded()` parses form data, while `express-session` attaches a session object to `req`.\\n2. **Flash Message Handling**: A custom middleware extracts `req.session.error` and `req.session.success`, formats them into HTML, assigns them to `res.locals.message`, and immediately deletes them from the session.\\n3. **Routing & Protection**: Public routes (`/`, `/login`) render views or redirect. Protected routes (`/restricted`) pass through the `restrict` guard.\\n4. **Authentication**: `POST /login` invokes `authenticate()`, which verifies credentials against a pre-hashed in-memory user object. Successful authentication triggers session regeneration and user storage.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Session\\n participant Auth\\n Client->>Express: POST /login\\n Express->>Session: Load/attach session\\n Express->>Auth: authenticate(username, password)\\n Auth-->>Express: Callback(err, user)\\n alt Valid Credentials\\n Express->>Session: regenerate()\\n Express->>Session: Store req.session.user\\n Express-->>Client: Redirect to referrer\\n else Invalid Credentials\\n Express->>Session: Set req.session.error\\n Express-->>Client: Redirect to /login\\n end\\n```\\n\\n## Key Components\\n\\n### Session & Message Middleware\\n- **`express-session`**: Configured with `resave: false` and `saveUninitialized: false` to prevent unnecessary session writes. Uses a hardcoded secret (`'shhhh, very secret'`).\\n- **Message Middleware**: Intercepts session-stored flash messages before route handlers execute. Clears them immediately after assignment to `res.locals.message` to prevent duplicate rendering on subsequent requests.\\n\\n### Password Hashing & Verification\\n- **Initialization**: On startup, `pbkdf2-password` hashes the password `'foobar'` for the user `tj`. The resulting `salt` and `hash` are stored in the `users` object.\\n- **`authenticate(name, pass, fn)`**: Retrieves the user by username. Re-hashes the provided password using the stored salt via `pbkdf2-password`. Compares the resulting hash against `user.hash`. Invokes the callback with `(err, user)` on match, or `(err, null)` on mismatch.\\n\\n### Route Protection (`restrict`)\\n- **`restrict(req, res, next)`**: Middleware that checks for `req.session.user`. If present, calls `next()`. If absent, sets `req.session.error = 'Access denied!'` and redirects to `/login`. Applied to `GET /restricted`.\\n\\n### Login & Session Lifecycle\\n- **`POST /login`**: Validates `req.body`, calls `authenticate()`. On success, calls `req.session.regenerate()` to issue a new session ID (preventing fixation), stores the user object in `req.session.user`, sets a success message, and redirects. On failure, sets an error message and redirects to `/login`.\\n- **`GET /logout`**: Calls `req.session.destroy()` to invalidate the session server-side and redirects to `/`.\\n- **`GET /restricted`**: Uses `res.send()` to render a protected message with a logout link.\\n\\n## Views & Templating\\n- **Engine**: EJS (`app.set('view engine', 'ejs')`)\\n- **Layout**: Composed of `head.ejs` (HTML boilerplate, CSS for `.error`/`.success` classes) and `foot.ejs`.\\n- **`login.ejs`**: Includes the layout partials, renders `<%- message %>` for flash notifications, and provides a POST form targeting `/login`.\\n\\n## Security Considerations\\n- **Session Fixation Prevention**: `req.session.regenerate()` is called immediately after successful authentication, ensuring the session ID changes post-login.\\n- **Password Storage**: PBKDF2 with per-user salt is used. Never store plaintext passwords.\\n- **In-Memory Store**: The `users` object is strictly for demonstration. Production systems should use a persistent database and a dedicated session store (e.g., Redis, `connect-pg-simple`).\\n- **Secret Management**: The session secret is hardcoded. Replace with `process.env.SESSION_SECRET` in production.\\n\\n## Running the Example\\n```bash\\nnode examples/auth/index.js\\n```\\nThe server starts on `http://localhost:3000`. Default credentials are `tj` / `foobar`. Access `/restricted` to trigger the authentication guard, or navigate directly to `/login`.\",\"other-content-negotiation\":\"# Other \u2014 content-negotiation\\n\\n# Other \u2014 content-negotiation\\n\\n## Overview\\nThis module demonstrates HTTP content negotiation in Express using the `res.format()` API. It provides two distinct patterns for serving the same underlying data (`users`) in multiple representations (`html`, `text`, `json`) based on the client's `Accept` header.\\n\\n## Architecture & Components\\nThe module is structured across three files:\\n\\n| File | Purpose |\\n|------|---------|\\n| `db.js` | In-memory data store exporting an array of user objects (`{ name: string }`). |\\n| `index.js` | Express application entry point. Defines routes and implements a reusable `format()` middleware factory. |\\n| `users.js` | External format handler module exporting `html`, `text`, and `json` response functions. |\\n\\n## Content Negotiation Patterns\\n\\n### 1. Inline Format Handlers (`GET /`)\\nThe root route demonstrates direct, inline content negotiation. An object mapping MIME types to handler functions is passed directly to `res.format()`:\\n```javascript\\nres.format({\\n html: function() { res.send('\n...<\\/ul>'); },\\n text: function() { res.send(' - Tobi\\\\n...'); },\\n json: function() { res.json(users); }\\n});\\n```\\nExpress automatically parses the `Accept` header, selects the highest-priority matching type, and executes the corresponding handler.\\n\\n### 2. Modular Format Handlers (`GET /users`)\\nThe `/users` route demonstrates a declarative, reusable approach using a custom middleware factory:\\n```javascript\\nfunction format(path) {\\n var obj = require(path);\\n return function(req, res) {\\n res.format(obj);\\n };\\n}\\n\\napp.get('/users', format('./users'));\\n```\\nThe `format(path)` function dynamically loads a module (e.g., `users.js`) that exports format-specific functions. This separates routing logic from response formatting, making it easier to maintain and test.\\n\\n## Execution Flow\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Route\\n participant FormatHandler\\n Client->>Express: GET /users (Accept: application/json)\\n Express->>Route: Match /users\\n Route->>FormatHandler: res.format({html, text, json})\\n FormatHandler->>Express: Select best match (json)\\n Express->>Client: 200 OK + JSON payload\\n```\\n\\n## Integration & Testing\\n- **Test Coverage:** The negotiation logic is validated by `test/res.format.js`, which exercises handler selection and execution.\\n- **Cross-Module References:** The `format()` factory pattern is referenced in `examples/error-pages/index.js` as a reusable abstraction for declarative response formatting.\\n- **Response Delegation:** All format handlers ultimately delegate to `res.send()` or `res.json()`, ensuring consistent Express response lifecycle behavior.\\n\\n## Developer Notes\\n- **MIME Type Matching:** `res.format()` supports exact matches (`json`), type aliases (`html`), and wildcards. If no match is found, Express returns a `406 Not Acceptable` response.\\n- **Extensibility:** To add a new format (e.g., `xml`), simply export an `xml` function from `users.js` or add it to the inline object. No route changes are required.\\n- **Middleware Factory:** The `format(path)` helper relies on Node's synchronous `require()` cache. For dynamic or async format loading, replace `require()` with a custom loader or async middleware pattern.\\n- **Data Source:** `db.js` is intentionally minimal. In production, replace the static array with a database query or service call, ensuring the query executes before `res.format()` is invoked.\",\"other-cookie-sessions\":\"# Other \u2014 cookie-sessions\\n\\n# Other \u2014 cookie-sessions\\n\\n## Purpose\\nThis module is a self-contained Express.js example demonstrating stateless, client-side session management using the `cookie-session` middleware. It provides a minimal implementation for tracking per-user state (a page-view counter) without relying on external databases or server-side session stores.\\n\\n## Architecture & Request Flow\\nThe application follows a standard Express middleware pipeline. Incoming HTTP requests pass through the `cookie-session` middleware before reaching route handlers. The middleware intercepts the request, parses the signed session cookie, and attaches a mutable `req.session` object. After the route handler executes, Express automatically serializes the updated session data back into a `Set-Cookie` header on the response.\\n\\n```mermaid\\nflowchart LR\\n A[Client Request] --> B[cookieSession Middleware]\\n B --> C{Parse & Verify Cookie}\\n C -->|Valid| D[Attach req.session]\\n C -->|Missing/Invalid| D\\n D --> E[app.get('/') Handler]\\n E --> F[Increment req.session.count]\\n F --> G[res.send Response]\\n G --> H[Serialize & Set-Cookie]\\n H --> I[Client Response]\\n```\\n\\n## Core Components\\n\\n| Component | Description |\\n|-----------|-------------|\\n| `express()` | Initializes the application instance. Exported via `module.exports` to allow external mounting or testing. |\\n| `app.use(cookieSession({ secret: 'manny is cool' }))` | Registers the session middleware. The `secret` option is required for HMAC signing to prevent client-side tampering. |\\n| `app.get('/', handler)` | Defines the root route. Reads and mutates `req.session.count` on each invocation. |\\n| `res.send()` | Finalizes the HTTP response. Triggers Express's internal response pipeline, which includes session cookie serialization. |\\n| `if (!module.parent)` | Standard Node.js guard that starts the HTTP server on port `3000` only when the file is executed directly. |\\n\\n## Session Mechanics\\nUnlike traditional server-side sessions, `cookie-session` stores the entire session payload in the client's browser cookie. Key behaviors demonstrated in this module:\\n\\n- **Initialization**: `req.session` is automatically created as an empty object if no valid cookie is present.\\n- **State Mutation**: `req.session.count = (req.session.count || 0) + 1` demonstrates safe read-modify-write semantics. The fallback `|| 0` handles first-time visitors.\\n- **Serialization**: On response, the middleware JSON-encodes the session object, signs it with the provided `secret`, and attaches it to the `Set-Cookie` header.\\n- **Constraints**: Session data is limited by browser cookie size restrictions (~4KB). Sensitive data should never be stored here, as it is client-accessible (though cryptographically signed).\\n\\n## Execution & Startup\\nWhen run directly via `node index.js`, the module:\\n1. Exports the Express app instance.\\n2. Evaluates `!module.parent` as `true`.\\n3. Calls `app.listen(3000)` and logs `Express started on port 3000`.\\n4. Begins accepting HTTP requests on `http://localhost:3000`.\\n\\nEach subsequent `GET /` request increments the counter and returns a plain-text response: `viewed N times\\\\n`.\\n\\n## Integration Notes\\n- **Testing & Mounting**: Because the app is assigned to `module.exports`, it can be required in test suites or mounted as a sub-app in larger Express routers without triggering the standalone server.\\n- **Outgoing Calls**: The primary external interaction is `res.send()`, which delegates to Express's response layer for header management, body formatting, and session cookie attachment.\\n- **Middleware Order**: `cookieSession` must be registered before any route that accesses `req.session`. Placing it after route definitions will result in `undefined` session objects.\\n- **Security Considerations**: The hardcoded `secret` is for demonstration only. Production deployments should use environment variables or secure key management for the `secret` option.\",\"other-cookies\":\"# Other \u2014 cookies\\n\\n# Other \u2014 cookies\\n\\n## Overview\\nThis module is an Express.js example demonstrating HTTP cookie management using the `cookie-parser` middleware. It implements a minimal \\\"remember me\\\" workflow to illustrate how to read, set, and clear cookies across request/response cycles, and how to integrate cookie parsing with body parsing middleware.\\n\\n## Middleware Stack\\nThe application configures three middleware functions in sequence. Order is critical for correct request processing:\\n\\n1. **`logger` (morgan)**: Logs incoming requests using the custom format `:method :url`. Automatically disabled when `process.env.NODE_ENV === 'test'`.\\n2. **`cookieParser('my secret here')`**: Parses the `Cookie` header from incoming requests. Populates `req.cookies` with unsigned cookies and `req.signedCookies` with verified signed cookies. The provided secret string is used to verify and sign cookies.\\n3. **`express.urlencoded()`**: Parses `application/x-www-form-urlencoded` payloads from POST requests, making form data available via `req.body`.\\n\\n## Route Handlers\\n\\n### `GET /`\\nChecks for the presence of `req.cookies.remember`:\\n- If truthy: Responds with a confirmation message and a link to `/forget`.\\n- If falsy/missing: Responds with an HTML form containing a `remember` checkbox.\\n\\n### `POST /`\\nProcesses form submissions:\\n- Evaluates `req.body.remember`.\\n- If present, sets a cookie using `res.cookie('remember', 1, { maxAge: 60000 })`. The `maxAge` is set to 60,000ms (1 minute).\\n- Redirects to the `Referrer` header or falls back to `/`.\\n\\n### `GET /forget`\\nClears the session state:\\n- Calls `res.clearCookie('remember')` to instruct the browser to delete the cookie.\\n- Redirects to the `Referrer` header or falls back to `/`.\\n\\n## Cookie Lifecycle & API Usage\\nThe module demonstrates three core Express response methods for cookie management:\\n\\n| Method | Purpose | Usage in Module |\\n|--------|---------|-----------------|\\n| `res.cookie(name, value, options)` | Sets a `Set-Cookie` header | `res.cookie('remember', 1, { maxAge: minute })` |\\n| `res.clearCookie(name)` | Sets an expired `Set-Cookie` header | `res.clearCookie('remember')` |\\n| `req.cookies` | Parsed cookie object | `req.cookies.remember` |\\n\\nThe `cookie-parser` middleware automatically handles cookie decoding and signature verification. When a secret is provided, `cookie-parser` will populate `req.signedCookies` for any cookies prefixed with `s:` and verified against the secret. This example uses unsigned cookies for simplicity.\\n\\n## Request Flow\\n```mermaid\\nflowchart TD\\n A[Client Request] --> B{Method & Path}\\n B -->|GET /| C[Check req.cookies.remember]\\n B -->|POST /| D[Parse req.body via urlencoded]\\n B -->|GET /forget| E[Clear cookie & redirect]\\n \\n C -->|Exists| F[Send 'Remembered' HTML]\\n C -->|Missing| G[Send Form HTML]\\n \\n D --> H{req.body.remember?}\\n H -->|Yes| I[res.cookie maxAge: 60000]\\n H -->|No| J[Skip cookie set]\\n I --> K[Redirect to Referrer]\\n J --> K\\n \\n E --> K\\n```\\n\\n## Running & Testing\\n- **Start server**: `node index.js` (listens on port `3000` when executed directly)\\n- **Module export**: The app is exported via `module.exports = express()` for integration testing or mounting in larger applications.\\n- **Test environment**: Set `NODE_ENV=test` to suppress `morgan` logging during automated test runs.\\n\\n## Production Considerations\\nThis example is intentionally minimal. For production deployments, consider:\\n- **Security flags**: Add `httpOnly: true` and `secure: true` to `res.cookie` options to prevent XSS and enforce HTTPS.\\n- **Secret management**: Replace the hardcoded `'my secret here'` with an environment variable or secure vault.\\n- **CSRF protection**: Pair cookie-based state with CSRF tokens when handling POST requests.\\n- **SameSite attribute**: Set `sameSite: 'lax'` or `'strict'` to mitigate cross-site request forgery.\",\"other-downloads\":\"# Other \u2014 downloads\\n\\n# Other \u2014 Downloads Module\\n\\n## Overview\\nThis module is a standalone Express.js example demonstrating secure file downloads using `res.download()`. It serves files from a designated directory, handles nested paths via wildcard route parameters, and implements explicit error handling to distinguish between missing files and server-level failures.\\n\\n## Request Flow\\nThe module exposes two primary endpoints. The download route processes requests through Express's routing layer, resolves the target file path, and streams the file to the client or triggers an error callback.\\n\\n```mermaid\\nflowchart TD\\n A[Client Request] --> B{Route Match}\\n B -->|GET /| C[Render HTML Index]\\n B -->|GET /files/*| D[Parse req.params.file]\\n D --> E[res.download with root option]\\n E --> F{Callback Result}\\n F -->|Success| G[Stream File to Client]\\n F -->|Non-404 Error| H[next err]\\n F -->|404 Error| I[Custom 404 Response]\\n```\\n\\n## Core Implementation\\n\\n### Route Configuration\\nThe application defines two routes using `app.get()`:\\n- `GET /`: Returns a static HTML list containing direct links to test files, including nested paths and Unicode filenames.\\n- `GET /files/*file`: Captures any path following `/files/` using a wildcard parameter. The `*file` syntax instructs Express to populate `req.params.file` as an array of path segments.\\n\\n### File Download Handler\\nThe download logic relies on `res.download()` with a configuration object:\\n```javascript\\nres.download(req.params.file.join('/'), { root: FILES_DIR }, callback)\\n```\\n- **Path Resolution**: `req.params.file.join('/')` reconstructs the relative path from the array of captured segments (e.g., `['notes', 'groceries.txt']` becomes `'notes/groceries.txt'`).\\n- **Root Directory**: The `{ root: FILES_DIR }` option explicitly sets the base directory for file resolution. `FILES_DIR` is computed using `path.join(__dirname, 'files')` to ensure cross-platform compatibility.\\n- **Callback Execution**: The third argument is a completion callback invoked after the transfer finishes or fails.\\n\\n### Error Handling Strategy\\nThe callback implements a three-tier error resolution pattern:\\n1. **Success**: `if (!err) return;` \u2014 The file was successfully sent. No further action is required.\\n2. **Server/Non-404 Errors**: `if (err.status !== 404) return next(err);` \u2014 Passes permission errors, I/O failures, or malformed requests to Express's default error handler.\\n3. **Missing Files**: `res.statusCode = 404; res.send('Cant find that file, sorry!');` \u2014 Catches `ENOENT` or similar 404-status errors and returns a custom plain-text response.\\n\\n## Security & Path Traversal Prevention\\nThe module mitigates directory traversal attacks by strictly binding file resolution to `FILES_DIR` via the `root` option in `res.download()`. Express automatically normalizes the requested path and rejects any attempts to escape the root directory using `../` sequences. This eliminates the need for manual path validation while maintaining secure file access.\\n\\n## Execution Context & Dependencies\\n- **Dependencies**: `express` (core framework), `node:path` (path resolution)\\n- **Module Pattern**: Uses CommonJS `module.exports = express()` to allow the app to be required by test runners or other modules.\\n- **Standalone Execution**: The `if (!module.parent)` guard ensures the server only starts on port 3000 when executed directly via `node index.js`, preventing port conflicts when imported.\\n- **Call Graph**: The module contains no internal cross-file dependencies. All outgoing calls route directly to Express response methods (`res.send`, `res.download`) and the `next()` error propagation chain.\\n\\n## Running the Example\\n1. Ensure dependencies are installed: `npm install`\\n2. Start the server: `node examples/downloads/index.js`\\n3. Access the index page: `http://localhost:3000`\\n4. Test download behavior:\\n - Valid file: `http://localhost:3000/files/amazing.txt`\\n - Nested file: `http://localhost:3000/files/notes/groceries.txt`\\n - Missing file: `http://localhost:3000/files/missing.txt` (triggers custom 404)\\n - Unicode filename: `http://localhost:3000/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt`\",\"other-ejs\":\"# Other \u2014 ejs\\n\\n# Other \u2014 ejs\\n\\n## Overview\\nThis module demonstrates how to configure an Express.js application to use the EJS templating engine while maintaining `.html` file extensions for views. It covers custom view engine registration, layout composition via includes, static asset serving, and conditional server startup.\\n\\n## View Engine Configuration\\nThe core configuration maps the `.html` extension to EJS's internal rendering method:\\n\\n```javascript\\napp.engine('.html', require('ejs').__express);\\napp.set('view engine', 'html');\\n```\\n\\n- `app.engine('.html', require('ejs').__express)` registers EJS's `__express` function as the handler for `.html` files. This bypasses the default `.ejs` extension requirement.\\n- `app.set('view engine', 'html')` sets the default extension for `res.render()`, allowing calls like `res.render('users')` instead of `res.render('users.html')`.\\n- `app.set('views', path.join(__dirname, 'views'))` explicitly defines the template directory. While Express defaults to `./views`, this ensures predictable resolution regardless of the working directory.\\n\\n## Routing & Data Flow\\nThe application defines a single route that renders a dynamic user list:\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.render('users', {\\n users: users,\\n title: \\\"EJS example\\\",\\n header: \\\"Some users\\\"\\n });\\n});\\n```\\n\\n- `res.render('users', ...)` triggers Express to locate `views/users.html`, compile it through the registered EJS engine, and inject the provided context object.\\n- The context passes an array of user objects (`{ name, email }`) and metadata (`title`, `header`) to the template.\\n\\n## Template Architecture\\nViews are split into reusable partials using EJS includes and interpolation syntax:\\n\\n| File | Purpose | Key EJS Patterns |\\n|------|---------|------------------|\\n| `views/header.html` | Document head & opening body | `<%= title %>` (escaped interpolation) |\\n| `views/users.html` | Main content & iteration | `<%- include('header.html') -%>`, `<% users.forEach(...) %>`, `<%= user.name %>` |\\n| `views/footer.html` | Closing tags | Static HTML closure |\\n\\n**Syntax Notes:**\\n- `<%- include('...') -%>` uses unescaped output (`<%-`) to inject raw HTML partials without double-encoding. The trailing `-` trims surrounding whitespace.\\n- `<%= ... %>` safely escapes HTML entities, preventing XSS when rendering user-provided or dynamic strings.\\n- `<% ... %>` executes JavaScript logic (e.g., `forEach`) without outputting to the template.\\n\\n## Static Asset Serving\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n- Mounts the `public/` directory at the root path (`/`).\\n- `views/header.html` references `/stylesheets/style.css`, which is resolved to `public/stylesheets/style.css` by the static middleware.\\n\\n## Module Execution & Export Pattern\\n```javascript\\nvar app = module.exports = express();\\n\\n/* istanbul ignore next */\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n- `module.exports = express()` allows the file to be required as a module in tests or parent applications without triggering the server.\\n- The `!module.parent` guard ensures `app.listen(3000)` only executes when the file is run directly via `node index.js`.\\n- The `/* istanbul ignore next */` comment excludes the startup block from code coverage instrumentation.\\n\\n## Request Flow\\n```mermaid\\ngraph LR\\n Client[Client Request] --> Route[GET / Handler]\\n Route --> Render[res.render users]\\n Render --> EJS[EJS Engine]\\n EJS --> Header[header.html]\\n EJS --> Users[users.html]\\n EJS --> Footer[footer.html]\\n EJS --> Response[Compiled HTML]\\n```\",\"other-error-pages\":\"# Other \u2014 error-pages\\n\\n# Other \u2014 error-pages\\n\\n## Overview\\nThis module is an Express.js example application demonstrating production-ready error handling, content negotiation, and environment-aware configuration. It illustrates how to intentionally trigger HTTP errors, propagate them through the middleware stack, and render appropriate responses using Express's built-in error-handling patterns and EJS templating.\\n\\n## Request & Error Flow\\nThe application follows a standard Express middleware pipeline. Successful requests are handled by route-specific callbacks. Unmatched routes or explicitly passed errors bypass standard middleware and fall through to dedicated error-handling layers.\\n\\n```mermaid\\nflowchart TD\\n A[Incoming Request] --> B{Route Match?}\\n B -->|Yes| C[Route Handler]\\n B -->|No| D[404 Catch-All Middleware]\\n C -->|next()| D\\n C -->|next(err)| E[500 Error Handler]\\n D --> F[res.format: HTML/JSON/TXT]\\n E --> G[Render 500.ejs]\\n F --> H[Response]\\n G --> H\\n```\\n\\n## Key Components\\n\\n### Configuration & Environment\\nThe application configures view resolution and a custom application setting to control error verbosity:\\n- `app.set('views', path.join(__dirname, 'views'))` and `app.set('view engine', 'ejs')` establish the templating engine.\\n- `app.enable('verbose errors')` creates a custom setting accessible in templates via `settings['verbose errors']`.\\n- Production environments automatically disable verbose output: `if (app.settings.env === 'production') app.disable('verbose errors')`.\\n- Logging is conditionally applied: `silent || app.use(logger('dev'))` suppresses `morgan` output when `NODE_ENV=test`.\\n\\n### Route Handlers (Error Triggers)\\nRoutes are designed to demonstrate different error propagation techniques:\\n- `GET /` renders the landing page (`index.ejs`).\\n- `GET /404` calls `next()` without arguments. Since no subsequent middleware matches, the request falls through to the 404 catch-all.\\n- `GET /403` instantiates an `Error`, attaches `err.status = 403`, and passes it via `next(err)`. This immediately routes to error-handling middleware.\\n- `GET /500` passes a generic error via `next(new Error('keyboard cat!'))`, demonstrating default 500 fallback behavior.\\n\\n### Error-Handling Middleware\\nExpress distinguishes error-handling middleware by its **4-arity signature**: `(err, req, res, next)`.\\n\\n**404 Catch-All**\\n```javascript\\napp.use(function(req, res, next){\\n res.status(404);\\n res.format({ ... })\\n});\\n```\\nPlaced after all standard routes, this handler assumes any request reaching it is unmatched. It sets the HTTP status and delegates response formatting to `res.format()`.\\n\\n**500 Error Handler**\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500);\\n res.render('500', { error: err });\\n});\\n```\\nThis is the final middleware in the stack. It extracts the HTTP status from `err.status` (defaulting to `500`) and renders the error view. Calling `next()` or `next(err)` here would either continue to remaining non-error middleware or re-invoke error handlers, but the example terminates the response directly.\\n\\n### View Templates\\nEJS templates use partials for consistent layout and conditional rendering:\\n- `error_header.ejs` & `footer.ejs`: Shared HTML shell.\\n- `404.ejs`: Displays the requested `url` passed from the middleware.\\n- `500.ejs`: Conditionally renders stack traces:\\n ```ejs\\n <% if (settings['verbose errors']) { %>\\n \n<%= error.stack %><\\/pre>\\n <% } else { %>\\n \nAn error occurred!<\\/p>\\n <% } %>\\n ```\\n\\n## Content Negotiation\\nThe 404 handler uses `res.format()` to serve different representations based on the `Accept` header:\\n- `html`: Renders `404.ejs` with the requested URL.\\n- `json`: Returns `{ error: 'Not found' }` via `res.json()`.\\n- `default`: Sets `Content-Type: text/plain` and sends `'Not found'` via `res.send()`.\\n\\nThis pattern allows the same endpoint to serve browser clients, API consumers, and CLI tools (e.g., `curl`) without duplicating routing logic.\\n\\n## Running & Testing\\nStart the server:\\n```bash\\nnode examples/error-pages/index.js\\n```\\n\\nTest error responses:\\n```bash\\n# Trigger 404 (HTML)\\ncurl http://localhost:3000/notfound\\n\\n# Trigger 404 (JSON)\\ncurl http://localhost:3000/notfound -H \\\"Accept: application/json\\\"\\n\\n# Trigger 403\\ncurl http://localhost:3000/403\\n\\n# Trigger 500\\ncurl http://localhost:3000/500\\n```\\n\\nRun in production mode to verify verbose error suppression:\\n```bash\\nNODE_ENV=production node examples/error-pages/index.js\\n```\",\"other-error\":\"# Other \u2014 error\\n\\n# Other \u2014 Error Module\\n\\n## Overview\\nThis module demonstrates Express.js error handling patterns, focusing on synchronous error throwing, asynchronous error propagation, and the implementation of a centralized error-handling middleware. It serves as a reference implementation for routing exceptions to a dedicated handler while maintaining environment-aware logging.\\n\\n## Execution Flow & Architecture\\nRequests enter the Express router and match defined route handlers. If an error occurs\u2014either synchronously via `throw` or asynchronously via `next(err)`\u2014Express bypasses standard middleware and routes the error to the first registered middleware with a 4-argument signature. The error handler logs the stack trace (conditionally), sets an HTTP 500 status, and terminates the response.\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B{Route Match}\\n B -->|GET /| C[Sync: throw Error]\\n B -->|GET /next| D[Async: next Error]\\n C --> E[Express Error Router]\\n D --> E\\n E --> F[error Middleware]\\n F --> G[res.send 500]\\n```\\n\\n## Key Components\\n\\n### `error(err, req, res, next)`\\nThe core error-handling middleware. Express identifies this function as an error handler strictly by its 4-argument arity.\\n- **Error Logging**: Conditionally outputs `err.stack` to `console.error` when `app.get('env') !== 'test'`.\\n- **Response Handling**: Sets `res.status(500)` and calls `res.send('Internal Server Error')` to terminate the request cycle.\\n- **Signature Requirement**: Must maintain `(err, req, res, next)` exactly. Omitting or reordering parameters will cause Express to treat it as standard middleware, breaking error routing.\\n\\n### Route Handlers\\n- **`app.get('/')`**: Demonstrates synchronous error handling. Uses `throw new Error('something broke!')`. Express automatically catches the thrown exception and passes it down the middleware chain.\\n- **`app.get('/next')`**: Demonstrates asynchronous error handling. Wraps the error propagation in `process.nextTick()` to simulate non-blocking I/O (e.g., database queries or HTTP requests). Explicitly passes the error to `next(new Error('oh no!'))`.\\n\\n### Environment & Configuration\\n- **Test Gating**: `var test = app.get('env') === 'test'` suppresses `morgan` logging and console error output during automated test runs.\\n- **Module Export**: `var app = module.exports = express()` allows the application to be required by test suites or mounted as a sub-app in larger Express architectures.\\n- **Standalone Execution**: The `if (!module.parent)` block starts the server on port 3000 only when the file is executed directly.\\n\\n## Middleware Ordering & Integration\\nThe error handler is registered **after** all route definitions:\\n```javascript\\napp.get('/', ...);\\napp.get('/next', ...);\\napp.use(error); // Must be last\\n```\\nPlacing `app.use(error)` before route definitions will prevent it from receiving errors thrown or passed by those routes. Express evaluates middleware sequentially; error handlers are only invoked when an error is explicitly passed or thrown downstream.\\n\\n## Contributor Guidelines\\n- **Maintain 4-Arity**: Any new error-handling middleware must accept exactly four parameters. Use `(err, req, res, next)` even if `req` or `next` are unused.\\n- **Preserve Order**: Always register error-handling middleware at the end of the middleware stack.\\n- **Async Safety**: Never rely on `try/catch` for asynchronous operations. Always pass errors to `next(err)` to ensure they reach the error handler.\\n- **Environment Checks**: Keep logging and verbose error details gated behind `app.get('env') !== 'test'` to maintain clean CI/CD output.\\n- **Response Termination**: Ensure the error handler calls a response method (`res.send`, `res.json`, `res.end`) to prevent hanging requests.\",\"other-examples\":\"# Other \u2014 examples\\n\\n# Other \u2014 Examples Module\\n\\n## Overview\\nThe `examples/` directory contains a curated collection of standalone Express.js applications. Each subdirectory demonstrates a specific framework capability, common web development pattern, or integration technique. This module serves as a reference implementation, learning resource, and testing ground for developers working with Express.\\n\\n## Example Catalog\\nThe examples are organized by functional domain. Each entry corresponds to a self-contained directory within `examples/`.\\n\\n### Routing & Middleware\\n- `hello-world` \u2014 Simple request handler\\n- `params` \u2014 Working with route parameters\\n- `route-middleware` \u2014 Working with route middleware\\n- `route-separation` \u2014 Organizing routes per each resource\\n- `multi-router` \u2014 Working with multiple Express routers\\n- `route-map` \u2014 Organizing routes using a map\\n- `resource` \u2014 Multiple HTTP operations on the same resource\\n\\n### Sessions, Cookies & Authentication\\n- `auth` \u2014 Authentication with login and password\\n- `cookie-sessions` \u2014 Working with cookie-based sessions\\n- `cookies` \u2014 Working with cookies\\n- `session` \u2014 User sessions\\n- `online` \u2014 Tracking online user activity with `online` and `redis` packages\\n\\n### Views & Templating\\n- `ejs` \u2014 Working with Embedded JavaScript templating (ejs)\\n- `markdown` \u2014 Markdown as template engine\\n- `view-constructor` \u2014 Rendering views dynamically\\n- `view-locals` \u2014 Saving data in request object between middleware calls\\n- `error-pages` \u2014 Creating error pages\\n\\n### HTTP, API & Infrastructure\\n- `content-negotiation` \u2014 HTTP content negotiation\\n- `downloads` \u2014 Transferring files to client\\n- `static-files` \u2014 Serving static files\\n- `search` \u2014 Search API\\n- `web-service` \u2014 Simple API service\\n- `vhost` \u2014 Working with virtual hosts\\n\\n### Architecture & Error Handling\\n- `mvc` \u2014 MVC-style controllers\\n- `error` \u2014 Working with error middleware\\n\\n## Execution Model & Isolation\\nBased on the module's call graph analysis:\\n- **No Internal Calls:** Examples do not import or reference each other. Each directory is a completely isolated Express application.\\n- **No Shared Execution Flows:** There are no cross-module execution paths. Each example initializes its own `express()` instance, configures middleware, and starts an independent HTTP server.\\n- **Dependency Scope:** Dependencies are scoped locally to each example's `package.json`. Running one example does not affect the runtime state of another.\\n\\n## Getting Started\\nTo run any example locally:\\n1. Navigate to the target directory: `cd examples/`\\n2. Install dependencies: `npm install`\\n3. Start the server: `node app.js` (or `node index.js`, depending on the entry point defined in the example)\\n4. Access the application at `http://localhost:` (port configuration varies per example; check the source or console output)\\n\\n## Contribution Guidelines\\nWhen adding or modifying examples:\\n- **Maintain Isolation:** Do not introduce cross-directory imports or shared state. Each example must run independently.\\n- **Document Entry Points:** Ensure the primary server file is clearly named (`app.js` or `index.js`) and includes a startup log indicating the listening port.\\n- **Update Index:** Add new examples to this `README.md` with a concise, one-line description matching the existing format.\\n- **Keep Dependencies Minimal:** Only include packages strictly required to demonstrate the target concept. Avoid bundling unrelated utilities.\\n- **Follow Express Conventions:** Use standard middleware ordering, explicit error handling, and clear route definitions.\\n\\n## Key Patterns Demonstrated\\nThis module covers foundational and advanced Express patterns:\\n- **Middleware Chaining:** Demonstrated in `route-middleware`, `error`, and `view-locals`\\n- **Router Composition:** Illustrated in `multi-router`, `route-separation`, and `route-map`\\n- **State Management:** Covered via `cookies`, `cookie-sessions`, `session`, and `online`\\n- **Response Formatting:** Shown in `content-negotiation`, `downloads`, and `static-files`\\n- **View Engine Integration:** Implemented in `ejs`, `markdown`, and `view-constructor`\\n- **Architectural Layouts:** Structured in `mvc` and `resource`\",\"other-hello-world\":\"# Other \u2014 hello-world\\n\\n# Other \u2014 hello-world\\n\\n## Overview\\nThe `hello-world` module (`examples/hello-world/index.js`) is a minimal, self-contained Express.js application. It demonstrates foundational framework patterns including application initialization, route registration, response handling, and conditional server startup. The module is designed to function both as a standalone executable and as a reusable component for testing or integration.\\n\\n## Usage Patterns\\n\\n### Standalone Execution\\nRun directly via Node.js to start a local HTTP server:\\n```bash\\nnode examples/hello-world/index.js\\n```\\nThe server binds to port `3000` and responds to `GET /` with `Hello World`.\\n\\n### Module Import\\nImport the configured application instance without triggering the server listener:\\n```javascript\\nconst app = require('./examples/hello-world');\\n// Use `app` in test suites, middleware chains, or custom server wrappers\\n```\\n\\n## Architecture & Key Components\\n\\n| Component | Purpose |\\n|-----------|---------|\\n| `express()` | Initializes the core Express application instance. |\\n| `app.get('/', handler)` | Registers a route handler for HTTP `GET` requests to the root path. |\\n| `res.send('Hello World')` | Terminates the request cycle by sending a plain-text response. |\\n| `module.exports = app` | Exposes the application instance for external consumption. |\\n| `if (!module.parent)` | Node.js module guard that detects direct execution vs. `require()`. |\\n| `app.listen(3000)` | Binds the HTTP server to port 3000 when executed directly. |\\n\\n## Execution Flow\\n\\n```mermaid\\nflowchart TD\\n A[Module Load] --> B[Initialize Express App]\\n B --> C[Register GET / Route]\\n C --> D{Run Directly?}\\n D -->|Yes| E[app.listen(3000)]\\n D -->|No| F[Export App Instance]\\n E --> G[Handle Incoming Requests]\\n G --> H[Invoke Route Handler]\\n H --> I[res.send Response]\\n```\\n\\n1. **Initialization**: The module loads, imports the Express framework from the parent directory, and instantiates the application.\\n2. **Route Registration**: A single `GET` route is attached to `/`. The handler receives `(req, res)` and immediately calls `res.send()`.\\n3. **Conditional Startup**: The `!module.parent` check determines execution context. If the file is the entry point, `app.listen(3000)` starts the server. If required elsewhere, the listener is skipped, allowing the exported `app` to be mounted or tested.\\n4. **Request Handling**: Incoming requests matching `GET /` trigger the registered callback, which writes the response and closes the connection.\\n\\n## Testing & Coverage Notes\\n- **Coverage Exclusion**: The `/* istanbul ignore next */` directive explicitly excludes the standalone execution block from code coverage reports. This is intentional, as the block only runs during direct execution and is not part of the module's reusable API.\\n- **Test Compatibility**: Exporting `app` enables standard Express testing patterns. Tools like `supertest` can inject mock requests directly into the exported instance without opening a real network port.\\n- **Dependency Scope**: The module relies solely on the local Express build (`require('../../')`). It contains no internal middleware, error handlers, or additional routing layers, making it a clean baseline for example expansion or framework validation.\",\"other-history-md\":\"# Other \u2014 History.md\\n\\n# History.md \u2014 Express.js Release Changelog\\n\\n## Overview\\n`History.md` serves as the canonical release log and migration reference for the Express.js framework. It documents every public API change, dependency update, security patch, and behavioral adjustment across all major, minor, and patch versions. Developers use this file to:\\n- Plan version upgrades and identify breaking changes\\n- Understand the evolution of request/response contracts\\n- Track dependency lifecycles and security advisories\\n- Verify deprecation timelines and replacement APIs\\n\\n## Format & Conventions\\nThe changelog follows a strict, machine-parseable structure optimized for rapid scanning and automated tooling:\\n\\n| Prefix | Meaning | Example |\\n|--------|---------|---------|\\n| `breaking:` | Incompatible API or behavioral changes requiring code updates | `res.status()` now validates integer range |\\n| `change:` | Modified behavior that remains backward-compatible | `req.query` converted from property to getter |\\n| `add:` | New features, methods, or configuration options | `res.sendStatus()`, `Uint8Array` support in `res.send()` |\\n| `remove:` | Deleted APIs, dependencies, or legacy behaviors | `app.del`, `req.param()`, `express.query` middleware |\\n| `deprecate:` | APIs scheduled for removal in future major versions | `res.redirect(url, status)` \u2192 `res.redirect(status, url)` |\\n| `fix:` | Bug corrections, edge-case handling, or spec compliance | `res.jsonp` handling of `undefined`, `qs` prototype pollution |\\n| `perf:` | Runtime optimizations or reduced overhead | Loop-based `acceptParams`, removed `Buffer` allocations |\\n| `deps:` | Third-party package version bumps or removals | `body-parser@^2.2.1`, removal of `safe-buffer` |\\n\\n## API Evolution & Migration Reference\\n\\n### Response Object (`res.*`)\\nThe response API has shifted from flexible, overloaded signatures to strict, chainable, and type-safe patterns.\\n\\n| Legacy Pattern | Current Pattern | Notes |\\n|----------------|-----------------|-------|\\n| `res.send(body, status)` | `res.status(status).send(body)` | Removed in 5.0.0-alpha.6 |\\n| `res.json(obj, status)` | `res.status(status).json(obj)` | Deprecated in 4.7.0, removed in 5.0.0-alpha.3 |\\n| `res.redirect(url, status)` | `res.redirect(status, url)` | Deprecated in 4.6.0, removed in 5.0.0-alpha.6 |\\n| `res.redirect('back')` | `res.redirect(req.get('Referrer') || '/')` | Magic string removed in 5.0.0 |\\n| `res.sendfile()` | `res.sendFile()` | Deprecated in 4.8.0, requires absolute path or `root` option |\\n| `res.clearCookie(name, { maxAge, expires })` | `res.clearCookie(name)` | `maxAge`/`expires` ignored in v5; cookie is expired immediately |\\n\\n**Recent Behavioral Updates:**\\n- `res.status(code)` now throws `RangeError` for codes outside `100\u2013999` and `TypeError` for non-integers (5.0.0)\\n- `res.send()` natively supports `Uint8Array` payloads (5.1.0)\\n- `res.sendFile()` accepts an `etag` option for cache control (5.1.0)\\n- `res.links()` supports multiple headers with identical `rel` attributes (5.1.0)\\n- `res.redirect()` HTML responses now include proper ``, ``, and `` structure for browser compatibility (Unreleased)\\n\\n### Request & Routing (`req.*`, `app.*`, `Router`)\\nRouting and request parsing have been decoupled from Connect and hardened against prototype pollution and ambiguous parameter resolution.\\n\\n- `req.param(name)` removed; use `req.params`, `req.body`, or `req.query` explicitly (5.0.0-alpha.2)\\n- `req.host` returns `hostname:port`; use `req.hostname` for hostname-only (4.5.0)\\n- `req.query` is now a getter instead of a plain property (5.0.0-alpha.1)\\n- `app.param(fn)` removed; use `app.param(name, fn)` without leading `:` (5.0.0-alpha.2)\\n- `app.set('query parser', parser)` controls parsing strategy:\\n - `'simple'` (default in 5.0.0-beta.1): uses Node's `querystring`\\n - `'extended'`: uses `qs` with depth/length limits\\n - `false`: disables parsing\\n- `Router` now supports `next(\\\"router\\\")` to exit router scope early (4.15.0)\\n- `app.render('view', null, callback)` correctly handles `null` options, matching omitted/empty object behavior (Unreleased)\\n\\n### Application Configuration\\n- `app.set('etag', val)` supports `'weak'`, `'strong'`, `false`, `true`, or a custom generator function (4.4.0)\\n- `app.set('trust proxy', trust)` accepts hop counts, IP ranges, subnets, or `'loopback'` (4.3.0)\\n- `app.set('views', array)` enables sequential view directory lookup (4.10.0)\\n- `app.router` is no longer a configurable middleware; it is a reference to the base router instance (4.0.0)\\n\\n## Security & Dependency Tracking\\nThe changelog explicitly tracks security patches, CVE resolutions, and dependency lifecycle changes.\\n\\n- **CVE Tracking:** Security fixes are linked to CVE records and GitHub Security Advisories (e.g., `CVE-2024-51999`, `CVE-2024-47764`)\\n- **Open Redirect Mitigation:** `res.redirect()` and `res.location()` now validate and encode URLs to prevent allow-list bypasses (4.19.0)\\n- **Query Parser Hardening:** `qs` depth defaults to `32` (previously `Infinity`) to prevent ReDoS and memory exhaustion (4.20.0)\\n- **Prototype Pollution Prevention:** `qs` and `app.set`/`app.get` ignore `Object.prototype` keys (4.17.3, 4.18.0)\\n- **Dependency Pruning:** Legacy polyfills and utilities (`setprototypeof`, `safe-buffer`, `utils-merge`, `methods`, `depd`, `path-is-absolute`) have been removed in favor of native Node.js APIs or modern replacements (5.1.0)\\n\\n## Developer Workflow & Upgrade Strategy\\n\\n1. **Identify Target Version:** Locate the desired version header (e.g., `5.0.0 / 2024-09-10`)\\n2. **Scan for `breaking:` and `remove:` Entries:** These require immediate code changes before upgrading\\n3. **Check `deprecate:` Warnings:** Plan refactoring for the next major release\\n4. **Review `deps:` Updates:** Verify compatibility with your existing middleware stack, especially `body-parser`, `qs`, and `serve-static`\\n5. **Validate Security Patches:** Cross-reference CVE links with your threat model and compliance requirements\\n6. **Test with `app.render` and `res.send` Edge Cases:** Recent fixes address `null` options, `Uint8Array` handling, and Content-Type deduplication\\n\\nWhen contributing to Express, follow the established changelog format. Prefix entries with the appropriate category, link to PRs and issues, and include minimal code examples for breaking changes or new APIs.\",\"other-markdown\":\"# Other \u2014 markdown\\n\\n# Other \u2014 Markdown\\n\\n## Overview\\nThis module demonstrates how to register a custom view engine in Express.js to render Markdown (`.md`) files as HTML. It integrates the `marked` library for parsing and implements a lightweight, secure template interpolation system using `{variable}` syntax. The example serves as a reference for extending Express's view system without relying on third-party templating engines.\\n\\n## Architecture & Request Flow\\nWhen a route calls `res.render()`, Express delegates rendering to the registered `.md` engine. The engine asynchronously reads the file, parses Markdown to HTML, interpolates variables, and returns the result via a callback.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant Engine\\n participant FS\\n Client->>Express: GET /\\n Express->>Express: res.render('index', {title})\\n Express->>Engine: app.engine('md', path, options, fn)\\n Engine->>FS: fs.readFile(path, 'utf8')\\n FS-->>Engine: raw markdown string\\n Engine->>Engine: marked.parse() + regex interpolation\\n Engine-->>Express: fn(null, html)\\n Express-->>Client: 200 OK (HTML)\\n```\\n\\n## Core Components\\n\\n### Custom View Engine Registration\\nThe engine is registered using `app.engine('md', callback)`. Express invokes this callback whenever a `.md` view is rendered.\\n\\n```javascript\\napp.engine('md', function(path, options, fn){\\n fs.readFile(path, 'utf8', function(err, str){\\n if (err) return fn(err);\\n var html = marked.parse(str).replace(/\\\\{([^}]+)\\\\}/g, function(_, name){\\n return escapeHtml(options[name] || '');\\n });\\n fn(null, html);\\n });\\n});\\n```\\n\\n**Parameters:**\\n- `path`: Absolute file path to the `.md` template.\\n- `options`: Object containing variables passed from `res.render(view, locals)`.\\n- `fn`: Callback following the `(err, html)` signature expected by Express.\\n\\n**Processing Steps:**\\n1. Reads the template file asynchronously via `fs.readFile`.\\n2. Converts Markdown to HTML using `marked.parse()`.\\n3. Replaces `{placeholder}` patterns with corresponding values from `options`.\\n4. Escapes interpolated values using `escapeHtml` to prevent XSS.\\n5. Returns the final HTML string or propagates errors.\\n\\n### Template Interpolation\\nThe module uses a simple regex-based substitution pattern: `/\\\\{([^}]+)\\\\}/g`. Placeholders in the template are replaced with values from the `options` object. If a key is missing, it defaults to an empty string (`''`).\\n\\n**Example (`views/index.md`):**\\n```markdown\\n# {title}\\n\\nJust an example view rendered with _markdown_.\\n```\\nWhen rendered with `{ title: 'Markdown Example' }`, the output becomes:\\n```html\\n\nMarkdown Example<\\/h1>\\n\nJust an example view rendered with markdown<\\/em>.<\\/p>\\n```\\n\\n### Route Handlers\\n- `GET /`: Successfully renders `index.md` and passes `{ title: 'Markdown Example' }`.\\n- `GET /fail`: Intentionally attempts to render a non-existent `missing.md` file. This triggers the `fs.readFile` error path, demonstrating how errors are propagated to Express via `fn(err)`.\\n\\n## Configuration\\n```javascript\\napp.set('views', path.join(__dirname, 'views'));\\napp.set('view engine', 'md');\\n```\\n- `views`: Sets the directory where Express looks for template files.\\n- `view engine`: Registers `md` as the default extension. This allows `res.render('index')` to automatically resolve to `index.md`.\\n\\n## Error Handling\\nFile system errors (e.g., missing templates, permission issues) are caught in the `fs.readFile` callback and passed directly to `fn(err)`. Express intercepts this error and invokes its default error-handling middleware, typically resulting in a `500 Internal Server Error` response. The `/fail` route explicitly validates this behavior.\\n\\n## Execution & Standalone Usage\\nThe module exports the configured Express application:\\n```javascript\\nvar app = module.exports = express();\\n```\\nIt includes a standard execution guard to allow standalone testing:\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\nRun directly with `node index.js` to start the server. Require it in another module to mount or test the routes.\\n\\n## Dependencies\\n| Package | Purpose |\\n|---------|---------|\\n| `express` | Web framework and view system |\\n| `marked` | Markdown-to-HTML parser |\\n| `escape-html` | HTML entity escaping for safe interpolation |\\n| `node:fs` | Asynchronous file reading |\\n| `node:path` | Cross-platform path resolution |\",\"other-multi-router\":\"# Other \u2014 multi-router\\n\\n# Other \u2014 multi-router\\n\\n## Overview\\nThe `multi-router` module demonstrates Express.js's modular routing architecture using `express.Router()`. It illustrates how to isolate route definitions into separate controller files and mount them at distinct base paths (`/api/v1` and `/api/v2`) within a single Express application. This pattern is standard for API versioning, feature isolation, and maintaining decoupled route hierarchies.\\n\\n## Architecture & File Structure\\n```\\nexamples/multi-router/\\n\u251c\u2500\u2500 index.js # Main application entry point & server bootstrap\\n\u2514\u2500\u2500 controllers/\\n \u251c\u2500\u2500 api_v1.js # Router instance for API v1 endpoints\\n \u2514\u2500\u2500 api_v2.js # Router instance for API v2 endpoints\\n```\\n\\n## Core Components\\n\\n### `controllers/api_v1.js` & `controllers/api_v2.js`\\nBoth controller files follow an identical structural pattern:\\n1. Import Express: `var express = require('../../..');`\\n2. Instantiate an isolated router: `var apiv1 = express.Router();` (or `apiv2`)\\n3. Register route handlers using `router.get(path, callback)`\\n4. Export the router: `module.exports = apiv1;`\\n\\nEach router defines two endpoints:\\n- `GET /` \u2192 Responds with a version-specific root message\\n- `GET /users` \u2192 Responds with a version-specific user list message\\n\\nBoth handlers terminate the request-response cycle using `res.send()`.\\n\\n### `index.js`\\nThe application entry point orchestrates routing and server lifecycle:\\n- Creates the main Express app: `var app = module.exports = express();`\\n- Mounts versioned routers using `app.use(basePath, router)`:\\n ```js\\n app.use('/api/v1', require('./controllers/api_v1'));\\n app.use('/api/v2', require('./controllers/api_v2'));\\n ```\\n- Defines a fallback root route: `app.get('/', function(req, res) { ... })`\\n- Conditionally starts the HTTP server on port `3000` when executed directly:\\n ```js\\n if (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n }\\n ```\\n\\n## Routing & Mounting Behavior\\nExpress routers function as mini-applications. When mounted via `app.use()`, Express automatically prefixes all routes defined within the router with the specified base path. This allows controllers to define routes relative to their own context (`/`, `/users`) while remaining completely agnostic of their final public paths.\\n\\n```mermaid\\ngraph TD\\n App[Express App index.js] -->|/api/v1| V1[api_v1 Router]\\n App -->|/api/v2| V2[api_v2 Router]\\n App -->|/| Root[Root Handler]\\n V1 -->|GET /| V1Root[res.send APIv1 root]\\n V1 -->|GET /users| V1Users[res.send APIv1 users]\\n V2 -->|GET /| V2Root[res.send APIv2 root]\\n V2 -->|GET /users| V2Users[res.send APIv2 users]\\n```\\n\\n## Request Execution Flow\\n1. An incoming HTTP request reaches the Express app instance\\n2. Express evaluates mounted middleware/routers in registration order\\n3. If the request path begins with `/api/v1` or `/api/v2`, Express strips the prefix and delegates control to the corresponding router\\n4. The router matches the remaining path segment against its internal `router.get()` definitions\\n5. The matched handler executes and calls `res.send()` to finalize the response\\n6. Requests targeting `/` bypass both routers and trigger the root handler defined directly in `index.js`\\n\\n## Extension Guidelines\\n- **Adding API Versions:** Create a new controller file following the existing pattern, export the router, and mount it in `index.js` with `app.use('/api/vX', require('./controllers/api_vX'))`.\\n- **Version-Specific Middleware:** Attach middleware directly to the router instance before route definitions (e.g., `apiv1.use(express.json())`). This scopes the middleware exclusively to that version's endpoints.\\n- **Testing:** The exported `app` instance in `index.js` can be passed directly to testing utilities like `supertest`. Mock `req`/`res` objects or use integration tests to verify `res.send()` payloads.\\n- **Standalone Execution:** The `if (!module.parent)` guard ensures the server only starts when the file is run directly via `node index.js`, preventing port conflicts when the module is imported as a dependency.\",\"other-mvc\":\"# Other \u2014 mvc\\n\\n## Module Overview\\n\\nThe `mvc` module is a reference Express.js application demonstrating a convention-over-configuration approach to structuring Model-View-Controller (MVC) applications. It dynamically loads controllers from the `controllers/` directory, automatically generates RESTful routes based on exported method names, and supports per-controller view engine configuration. This module serves as an architectural blueprint for scaling Express apps without manual route registration.\\n\\n## Architecture & Directory Structure\\n\\n```\\nexamples/mvc/\\n\u251c\u2500\u2500 index.js # Main Express app, middleware, and bootstrapper entry\\n\u251c\u2500\u2500 lib/boot.js # Dynamic controller loader and route generator\\n\u251c\u2500\u2500 db.js # In-memory mock database\\n\u251c\u2500\u2500 controllers/ # Modular controller directories\\n\u2502 \u251c\u2500\u2500 main/ # Root redirect controller\\n\u2502 \u251c\u2500\u2500 user/ # User CRUD (uses Handlebars)\\n\u2502 \u251c\u2500\u2500 pet/ # Pet CRUD (uses EJS)\\n\u2502 \u2514\u2500\u2500 user-pet/ # Nested resource creation\\n\u251c\u2500\u2500 views/ # Global error templates (404, 5xx)\\n\u2514\u2500\u2500 public/ # Static assets\\n```\\n\\n## Core Components\\n\\n### Application Entry (`index.js`)\\nInitializes the Express application and configures foundational middleware:\\n- Sets default view engine to `ejs` and global views directory.\\n- Extends `res` with `res.message(msg)` to store flash messages in `req.session.messages`.\\n- Configures `express-session`, `express.urlencoded({ extended: true })`, and `method-override('_method')`.\\n- Injects `messages` and `hasMessages` into `res.locals` for template rendering, then flushes the session array.\\n- Mounts controllers via `require('./lib/boot')(app, { verbose: !module.parent })`.\\n- Defines fallback 404 and 500 error handlers.\\n\\n### Controller Bootstrapper (`lib/boot.js`)\\nThe `boot` function scans `controllers/`, loads each directory as a module, and maps exported functions to Express routes. It respects reserved exports (`name`, `prefix`, `engine`, `before`) and applies the following routing convention:\\n\\n| Exported Method | HTTP Method | Generated URL Pattern |\\n|-----------------|-------------|--------------------------------|\\n| `index` | `GET` | `/` |\\n| `list` | `GET` | `/s` |\\n| `show` | `GET` | `//:_id` |\\n| `edit` | `GET` | `//:_id/edit` |\\n| `update` | `PUT` | `//:_id` |\\n| `create` | `POST` | `/` |\\n\\nIf a controller exports a `before` function, it is injected as middleware before the route handler. The generated routes are mounted on a sub-app and attached to the parent Express instance.\\n\\n### Controllers\\nEach controller is a Node.js module exporting route handlers and optional configuration:\\n- `main/index.js`: Exports `index` to redirect `/` to `/users`.\\n- `user/index.js`: Exports `list`, `show`, `edit`, `update`. Sets `exports.engine = 'hbs'`. Uses `exports.before` to asynchronously load `req.user` from `db.users` based on `req.params.user_id`. Calls `next('route')` if not found.\\n- `pet/index.js`: Exports `show`, `edit`, `update`. Sets `exports.engine = 'ejs'`. Uses `exports.before` to load `req.pet` from `db.pets` via `req.params.pet_id`.\\n- `user-pet/index.js`: Exports `create`. Sets `exports.name = 'pet'` and `exports.prefix = '/user/:user_id'` to create nested routes like `POST /user/:user_id/pet`.\\n\\n### Mock Database (`db.js`)\\nProvides `exports.pets` and `exports.users` arrays with pre-seeded data. Used by controllers to simulate database queries and mutations.\\n\\n## Key Features & Patterns\\n\\n### Flash Messaging System\\nMessages are stored in the session via `res.message('Information updated!')`. A middleware in `index.js` exposes them to templates:\\n```javascript\\nres.locals.messages = req.session.messages || [];\\nres.locals.hasMessages = !!res.locals.messages.length;\\nreq.session.messages = []; // Flush after exposure\\n```\\nTemplates (e.g., `user/views/show.hbs`) conditionally render messages using `{{#if hasMessages}}`.\\n\\n### Per-Controller View Engines\\nWhile the app defaults to `ejs`, individual controllers can override this. The `user` controller sets `exports.engine = 'hbs'`, causing `boot.js` to call `app.set('view engine', 'hbs')` for that sub-app. Views are resolved from `controllers//views/`.\\n\\n### HTTP Method Override\\nHTML forms only support `GET` and `POST`. The app uses `method-override('_method')` to interpret `?_method=put` in form actions as `PUT` requests, enabling RESTful `update` operations.\\n\\n## Request Lifecycle & Routing Flow\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B[Middleware: session/body/method-override]\\n B --> C[boot.js Generated Routes]\\n C --> D{exports.before?}\\n D -->|Yes| E[Run before middleware]\\n D -->|No| F[Route Handler]\\n E --> F\\n F --> G[Render View / Redirect]\\n```\\n\\n## Extending the Module\\n\\nTo add a new resource:\\n1. Create a directory under `controllers/` (e.g., `controllers/article/`).\\n2. Create `index.js` exporting route handlers (`list`, `show`, `create`, etc.).\\n3. Optionally export `before` for pre-route logic, `engine` to change the template engine, or `prefix`/`name` to customize URL generation.\\n4. Add a `views/` subdirectory with templates matching the exported handler names (e.g., `list.ejs`, `show.ejs`).\\n5. Restart the app; `lib/boot.js` will automatically register the routes.\\n\\n## Notes for Contributors\\n- Route generation relies on exact function name matches. Custom handlers outside the convention will throw `unrecognized route: .`.\\n- The `before` middleware must call `next()` to proceed or `next('route')` to skip to the next matching route.\\n- Session secret is hardcoded for example purposes. Replace with environment variables in production.\\n- The mock `db.js` uses array indices as IDs. Real implementations should replace this with a proper ORM or database client.\",\"other-online\":\"# Other \u2014 online\\n\\n# Other \u2014 online\\n\\n## Overview\\nThis module demonstrates how to track and display recently active users in an Express application using the `online` package backed by Redis. It implements a fire-and-forget activity tracking middleware and provides a simple endpoint to query and render the most recent active identifiers.\\n\\n## Prerequisites\\n- Running Redis server (`redis-server`)\\n- npm packages: `express`, `online`, `redis`\\n- Node.js environment\\n\\n## Architecture & Data Flow\\nThe module initializes a Redis client and binds it to the `online` package. An Express middleware intercepts every incoming request, extracts an identifier, and asynchronously records it in Redis. A separate route handler queries the last N active identifiers and renders them as HTML.\\n\\n```mermaid\\ngraph LR\\n Client -->|HTTP Request| Express\\n Express -->|Middleware| online.add\\n online.add -->|Async Write| Redis\\n Express -->|GET /| online.last\\n online.last -->|Sorted Set Query| Redis\\n Redis -->|Return IDs| Express\\n Express -->|res.send| Client\\n```\\n\\n## Key Components\\n\\n### Redis & Online Initialization\\n```javascript\\nvar redis = require('redis');\\nvar db = redis.createClient();\\nonline = online(db);\\n```\\nThe `online` package is instantiated with a Redis client instance. This configuration enables the package to use Redis sorted sets for time-based activity tracking, allowing efficient retrieval of recently active keys.\\n\\n### Activity Tracking Middleware\\n```javascript\\napp.use(function(req, res, next){\\n online.add(req.headers['user-agent']);\\n next();\\n});\\n```\\nThis middleware executes on every request. It calls `online.add()` with the `User-Agent` header as the tracking identifier. The operation is fire-and-forget: it does not await Redis acknowledgment before calling `next()`, ensuring zero latency impact on the request pipeline.\\n\\n**Production Note:** Replace `req.headers['user-agent']` with a stable, unique identifier such as `req.user.id`, session ID, or device token.\\n\\n### Route Handler & Response\\n```javascript\\napp.get('/', function(req, res, next){\\n online.last(5, function(err, ids){\\n if (err) return next(err);\\n res.send('\nUsers online: ' + ids.length + '<\\/p>' + list(ids));\\n });\\n});\\n```\\nThe `GET /` route queries the last 5 active identifiers using `online.last(5, callback)`. Errors are delegated to Express's error handling pipeline via `next(err)`. On success, the response payload is constructed and sent using `res.send()`.\\n\\n### Helper Function\\n```javascript\\nfunction list(ids) {\\n return '\n' + ids.map(function(id){\\n return '\n' + id + '<\\/li>';\\n }).join('') + '<\\/ul>';\\n}\\n```\\nA synchronous utility that transforms an array of identifiers into an HTML unordered list. It is invoked internally by the route handler and contains no external dependencies.\\n\\n## Integration & Extension Guidelines\\n\\n- **Identifier Strategy:** The example uses `User-Agent` for demonstration purposes. For accurate user tracking, integrate with your authentication layer and pass `req.user.id` or equivalent to `online.add()`.\\n- **Error Handling:** The route handler forwards Redis/query errors to Express's default error middleware. Implement custom logging or fallback behavior as required by your application's error policy.\\n- **Performance & Scaling:** `online.add()` is non-blocking, but high-throughput applications should monitor Redis memory consumption. Configure appropriate Redis eviction policies or TTLs if tracking long-term activity. Multiple Express instances can safely share the same Redis backend without additional synchronization.\\n- **Module Boundaries:** This example operates as a standalone Express application. It has no incoming module dependencies and exposes no public API. Internal calls flow from `index.js` to the `list` helper, while outgoing calls delegate to Express's `res.send` for response delivery.\",\"other-package-json\":\"# Other \u2014 package.json\\n\\n# Module: `package.json`\\n\\n## Purpose & Scope\\nThis manifest defines the project metadata, dependency graph, engine constraints, published file boundaries, and development lifecycle scripts for **Express.js v5.2.1**. As a declarative configuration file, it contains no executable logic or internal call graphs. It serves as the single source of truth for dependency resolution, package publishing, and contributor tooling.\\n\\n## Package Identity\\n- **Name:** `express`\\n- **Version:** `5.2.1`\\n- **License:** MIT\\n- **Repository:** `expressjs/express`\\n- **Funding:** OpenCollective (`https://opencollective.com/express`)\\n- **Keywords:** `express`, `framework`, `sinatra`, `web`, `http`, `rest`, `restful`, `router`, `app`, `api`\\n\\n## Runtime Dependency Architecture\\nExpress v5 delegates core HTTP, routing, and response handling to a modular set of upstream packages. Dependencies are pinned to caret (`^`) ranges to allow minor/patch updates while maintaining API compatibility.\\n\\n| Functional Area | Dependencies |\\n|----------------|--------------|\\n| **HTTP & Request Parsing** | `body-parser`, `qs`, `type-is`, `accepts`, `content-type`, `content-disposition` |\\n| **Routing & Middleware Pipeline** | `router`, `finalhandler`, `parseurl`, `merge-descriptors` |\\n| **Response & Static Assets** | `send`, `serve-static`, `mime-types`, `etag`, `fresh`, `range-parser`, `vary` |\\n| **Error Handling & Status Codes** | `http-errors`, `statuses` |\\n| **Cookies & Security** | `cookie`, `cookie-signature`, `proxy-addr` |\\n| **Utilities & Debugging** | `debug`, `depd`, `on-finished`, `once`, `encodeurl`, `escape-html` |\\n\\n## Development & Testing Toolchain\\nThe `devDependencies` block configures the testing, linting, coverage, and integration fixture environment:\\n- **Test Runner & Assertions:** `mocha`, `supertest`, `after`\\n- **Code Coverage:** `nyc`\\n- **Linting:** `eslint`\\n- **Template Engines (Test/Example Fixtures):** `ejs`, `hbs`\\n- **Session & State Management (Integration Tests):** `express-session`, `cookie-parser`, `cookie-session`, `connect-redis`\\n- **HTTP Utilities & Logging:** `morgan`, `method-override`, `vhost`\\n- **Documentation & Auth Fixtures:** `marked`, `pbkdf2-password`\\n\\n## Engine & Distribution Constraints\\n- **Node.js Requirement:** `>= 18.0.0`\\n- **Published Files:** The `files` array restricts the npm package to:\\n - `LICENSE`\\n - `Readme.md`\\n - `index.js` (Primary entry point)\\n - `lib/` (Core framework source)\\n- All other directories (e.g., `test/`, `examples/`, `benchmarks/`, `devDependencies`) are excluded from the published tarball.\\n\\n## Lifecycle Scripts\\n| Command | Description |\\n|---------|-------------|\\n| `npm run lint` | Runs `eslint .` across the project |\\n| `npm run lint:fix` | Runs `eslint . --fix` to auto-correct lint violations |\\n| `npm test` | Executes `mocha` with `test/support/env` preloaded, `spec` reporter, and `--check-leaks` across `test/` and `test/acceptance/` |\\n| `npm run test-ci` | Runs tests with `nyc` coverage (lcovonly + text), excluding `examples`, `test`, and `benchmarks` |\\n| `npm run test-cov` | Generates HTML + text coverage reports via `nyc` |\\n| `npm run test-tap` | Runs tests with the `tap` reporter |\\n\\n## Integration Notes for Contributors\\n- **Entry Point:** `index.js` bootstraps the framework. All core logic resides in `lib/`.\\n- **Dependency Updates:** When upgrading runtime dependencies, verify compatibility with the `router` and `finalhandler` pipelines, as these form the backbone of Express v5's request lifecycle.\\n- **Testing Environment:** The `test/support/env` module (referenced in `npm test`) configures global test state. Always run `npm test` or `npm run test-cov` before submitting PRs to ensure leak checks and coverage thresholds pass.\\n- **No Execution Flow:** This file is purely declarative. It does not participate in runtime call graphs or execution flows. All framework behavior is implemented in `lib/` and orchestrated via `index.js`.\",\"other-params\":\"# Other \u2014 params\\n\\n# `examples/params/index.js` \u2014 Route Parameter Preprocessing\\n\\n## Overview\\nThis module demonstrates Express's `app.param()` middleware for intercepting, validating, and transforming route parameters before they reach the main route handler. It establishes a pattern for preprocessing request data, attaching resolved objects to the request context, and short-circuiting invalid requests with standardized HTTP errors.\\n\\n## Execution Flow & Architecture\\nWhen a request matches a route containing `:user`, `:from`, or `:to`, Express automatically invokes the registered `app.param` middleware. These handlers execute sequentially before the route callback, allowing parameter normalization and data preloading.\\n\\n```mermaid\\ngraph LR\\n A[Incoming Request] --> B{Route Match}\\n B -->|:user| C[app.param('user')]\\n B -->|:from/:to| D[app.param(['to','from'])]\\n C --> E[Route Handler]\\n D --> E\\n E --> F[res.send]\\n```\\n\\nIf a param handler calls `next(err)`, Express skips the route handler and forwards the error to the default error middleware. Successful handlers call `next()` to proceed to the route callback, which then uses the preprocessed data via `req.params` or attached properties like `req.user`.\\n\\n## Parameter Middleware Handlers\\n\\n### Integer Conversion Handler\\n```javascript\\napp.param(['to', 'from'], function(req, res, next, num, name){ ... })\\n```\\n- **Triggered by:** `:from` and `:to` parameters in `/users/:from-:to`\\n- **Behavior:** \\n - Parses the raw string parameter as a base-10 integer using `parseInt(num, 10)`\\n - Assigns the converted value back to `req.params[name]`\\n - Validates the result with `isNaN()`\\n - Calls `next(createError(400, 'failed to parseInt '+num))` on failure\\n - Calls `next()` on success\\n\\n### User Preloading Handler\\n```javascript\\napp.param('user', function(req, res, next, id){ ... })\\n```\\n- **Triggered by:** `:user` parameter in `/user/:user`\\n- **Behavior:**\\n - Uses the parameter value as an array index to fetch from the `users` mock database\\n - Attaches the resolved object to `req.user`\\n - Calls `next(createError(404, 'failed to find user'))` if the index is out of bounds or undefined\\n - Calls `next()` if the user exists\\n\\n## Route Definitions\\n\\n| Route | Handler | Data Source | Response |\\n|-------|---------|-------------|----------|\\n| `GET /` | Index | None | Instructional text |\\n| `GET /user/:user` | User Detail | `req.user` (preloaded) | `user ` |\\n| `GET /users/:from-:to` | User Range | `req.params.from`, `req.params.to` (parsed) | Comma-separated names from `users.slice(from, to + 1)` |\\n\\nThe `/users/:from-:to` route uses a literal hyphen in the path pattern. Express matches it as a single segment, splitting the captured values into `req.params.from` and `req.params.to` after the param middleware processes them.\\n\\n## Integration & Usage\\n- **Export:** `module.exports = express()` allows the app to be mounted in larger Express applications via `app.use('/params', require('./examples/params'))`\\n- **Standalone Execution:** Runs on port `3000` when executed directly (`node index.js`), guarded by `if (!module.parent)`\\n- **Dependencies:** \\n - `express` (core framework)\\n - `http-errors` (standardized error object creation)\\n\\n## Developer Notes & Extension Points\\n- **Callback Signature:** `app.param` handlers receive `(req, res, next, value, name)`. The `value` argument is the raw string from the URL, and `name` is the parameter key.\\n- **Error Propagation:** Errors passed to `next()` bypass route handlers. The `http-errors` package ensures consistent `status` and `message` properties for downstream error middleware.\\n- **Mock Data:** The `users` array is a placeholder. In production, replace the synchronous array lookup with an asynchronous database query, ensuring `next()` is called inside the query callback or `async/await` block.\\n- **Range Logic:** The route handler uses `slice(from, to + 1)` to create an inclusive upper bound. Adjust this logic if exclusive ranges are preferred.\\n- **Response Method:** All routes terminate with `res.send()`, which serializes the string payload and sets appropriate `Content-Type` headers before closing the connection.\",\"other-readme-md\":\"# Other \u2014 Readme.md\\n\\n# Other \u2014 Readme.md\\n\\n## Overview\\nThe `Readme.md` file serves as the primary entry point and public-facing documentation for the Express.js repository. It is a static Markdown artifact that defines the developer onboarding path, installation requirements, canonical usage patterns, and project governance structure. While it contains no executable runtime logic, it acts as the authoritative reference for interacting with the Express ecosystem, tooling, and contribution workflows.\\n\\n## Developer Onboarding & Setup\\nThe module outlines a strict prerequisite and installation workflow:\\n- **Runtime Requirement:** Node.js 18 or higher.\\n- **Project Initialization:** Recommends `npm init` for new projects before dependency installation.\\n- **Installation Command:** `npm install express`\\n- **Quick Start CLI:** Utilizes the `express-generator` package (`npm install -g express-generator@4`) to scaffold applications via `express /tmp/foo && cd /tmp/foo`, followed by `npm install` and `npm start`.\\n\\n## API Entry Point & Usage Pattern\\nThe README establishes the canonical Express application bootstrap pattern:\\n```js\\nimport express from 'express'\\n\\nconst app = express()\\n\\napp.get('/', (req, res) => {\\n res.send('Hello World')\\n})\\n\\napp.listen(3000, () => {\\n console.log('Server is running on http://localhost:3000')\\n})\\n```\\nThis pattern demonstrates the core API surface:\\n- `express()` factory function for application initialization\\n- `app.get(path, handler)` for route definition\\n- `app.listen(port, callback)` for HTTP server binding\\n\\n## Ecosystem & Tooling Integration\\nThe documentation maps Express to its surrounding toolchain and architectural philosophy:\\n- **Template Engines:** Supports 14+ engines via `@ladjs/consolidate`\\n- **HTTP Helpers:** Built-in support for redirection, caching, and content negotiation\\n- **Examples Directory:** Runnable demos located in `examples/` (e.g., `node examples/content-negotiation`)\\n- **Migration Path:** Directs developers to the v5 migration guide for version upgrades\\n- **External Resources:** Links to the official website, GitHub organization, and discussion forums\\n\\n## Contribution & Governance\\nThe module formalizes the project's open-source workflow:\\n- **Testing:** `npm install` followed by `npm test` to execute the test suite\\n- **Security:** Directs vulnerability reports to the official Security Policies and Procedures\\n- **Governance Structure:** Lists active Technical Committee (TC) members, Triagers, and Emeritus contributors\\n- **Documentation Links:** References `GOVERNANCE.md`, `CODE_OF_CONDUCT.md`, and `CONTRIBUTING.md` for policy and workflow details\\n\\n## Execution Context & Call Graph\\nAs a static documentation file, `Readme.md` does not participate in the runtime call graph or execution flow. It contains zero internal, outgoing, or incoming runtime calls. Its function is purely informational, serving as a reference map that points developers to:\\n- Package registry endpoints (`npm install`)\\n- CLI tooling (`express-generator`)\\n- Repository directories (`examples/`)\\n- External documentation and CI/CD status badges (Coveralls, GitHub Actions, OpenSSF Scorecard)\\n\\n## Developer Workflow Diagram\\nThe following diagram illustrates how developers interact with the repository through the guidance provided in this module:\\n\\n```mermaid\\ngraph TD\\n A[Read Readme.md] --> B{Primary Goal}\\n B -->|Install & Run| C[npm install express]\\n B -->|Scaffold App| D[express-generator CLI]\\n B -->|Contribute| E[npm test & PR]\\n C --> F[app.get / app.listen]\\n D --> G[Generated Project]\\n E --> H[CI/CD Validation]\\n```\",\"other-resource\":\"# Other \u2014 resource\\n\\n# Other \u2014 Resource Module\\n\\n## Overview\\nThe `examples/resource/index.js` module demonstrates a custom RESTful resource routing pattern for Express. It extends the Express application instance with an `app.resource()` method that automatically maps HTTP verbs and URL patterns to a controller object. The module includes an in-memory mock data store (`users`) and a sample controller (`User`) to illustrate how route handlers can delegate to controller methods, parse parameters, and format responses.\\n\\nThis module is intended as an educational example and is not a production-ready resource router. It relies on Express routing patterns compatible with older versions of `path-to-regexp` (e.g., `{.:format}` syntax).\\n\\n## Custom Router API: `app.resource(path, obj)`\\nThe module attaches a `resource` method directly to the Express app instance. When invoked, it registers four routes using `this.get()` and `this.delete()`:\\n\\n```javascript\\napp.resource = function(path, obj) {\\n this.get(path, obj.index);\\n this.get(path + '/:a..:b{.:format}', function(req, res){ ... });\\n this.get(path + '/:id', obj.show);\\n this.delete(path + '/:id', function(req, res){ ... });\\n};\\n```\\n\\n### Route Registration\\n| HTTP Method | Path Pattern | Handler / Controller Method |\\n|-------------|-------------------------------|-----------------------------|\\n| `GET` | `/:path` | `obj.index(req, res)` |\\n| `GET` | `/:path/:a..:b{.:format}` | Inline handler \u2192 `obj.range(req, res, a, b, format)` |\\n| `GET` | `/:path/:id` | `obj.show(req, res)` |\\n| `DELETE` | `/:path/:id` | Inline handler \u2192 `obj.destroy(req, res, id)` |\\n\\n## Controller Contract\\nThe `obj` parameter passed to `app.resource()` must implement the following methods. The `User` object in this module serves as the reference implementation:\\n\\n| Method | Signature | Responsibility |\\n|--------|-----------|----------------|\\n| `index` | `(req, res)` | Returns the full collection. Calls `res.send(users)`. |\\n| `show` | `(req, res)` | Returns a single record by `req.params.id`. Handles missing records with `{ error: 'Cannot find user' }`. |\\n| `destroy` | `(req, res, id)` | Deletes a record by numeric `id`. Returns `'destroyed'` or `'Cannot find user'`. |\\n| `range` | `(req, res, a, b, format)` | Returns a slice of the collection from `a` to `b` (inclusive). Supports `json` and `html` formatting. |\\n\\n## Route Resolution & Parameter Parsing\\nThe module uses inline route handlers to bridge Express request objects and the controller contract:\\n\\n- **Range Route (`/:a..:b{.:format}`)**: Parses `req.params.a` and `req.params.b` as base-10 integers using `parseInt(req.params.a, 10)`. Extracts the optional `format` parameter to determine response serialization.\\n- **Delete Route (`/:id`)**: Parses `req.params.id` as an integer before passing it to `obj.destroy()`.\\n- **Show Route (`/:id`)**: Passes `req.params.id` directly to `obj.show()`, which uses it as an array index.\\n\\nAll controller methods ultimately delegate to `res.send()` to terminate the request-response cycle.\\n\\n## Execution Flow\\nRequests flow through Express's routing layer into the registered handlers, which parse parameters and invoke the corresponding controller method. The controller processes the mock data and calls `res.send()`.\\n\\n```mermaid\\nflowchart TD\\n A[Incoming Request] --> B{Route Match}\\n B -->|GET /users| C[obj.index]\\n B -->|GET /users/:id| D[obj.show]\\n B -->|GET /users/:a..:b| E[Inline Handler]\\n B -->|DELETE /users/:id| F[Inline Handler]\\n E --> G[obj.range]\\n F --> H[obj.destroy]\\n C --> I[res.send]\\n D --> I\\n G --> I\\n H --> I\\n```\\n\\nThe call graph confirms that `index.js` delegates to `range` and `destroy`, while all controller methods (`index`, `show`, `range`, `destroy`) funnel into `res.send()`.\\n\\n## Usage Examples\\nThe module exposes a root route (`GET /`) that lists available endpoints. Example interactions:\\n\\n```bash\\n# List all users\\ncurl http://localhost:3000/users\\n\\n# Get user by index\\ncurl http://localhost:3000/users/1\\n\\n# Get range of users (indices 1 to 3)\\ncurl http://localhost:3000/users/1..3\\n\\n# Get range as JSON\\ncurl http://localhost:3000/users/1..3.json\\n\\n# Delete user by index\\ncurl -X DELETE http://localhost:3000/users/1\\n```\\n\\n## Integration & Testing Notes\\n- **Direct Method Invocation**: The `destroy` and `range` methods are referenced externally by other modules (`examples/auth/index.js` and `test/req.range.js` respectively). This indicates they are sometimes imported or called directly for testing or cross-example integration.\\n- **Mock Data State**: The `users` array is module-scoped and mutable. `destroy` permanently removes entries using `delete users[id]`. Subsequent requests to the same index will return `undefined` or trigger the error path.\\n- **Path Syntax Compatibility**: The `/:a..:b{.:format}` pattern uses legacy Express routing syntax. Modern Express applications using `path-to-regexp` v1+ should replace `{.:format}` with `/:format?` or use explicit regex patterns.\\n- **Server Bootstrap**: The module conditionally starts the server on port `3000` when executed directly (`!module.parent`). It exports the `app` instance via `module.exports` for testing or mounting in larger applications.\",\"other-search\":\"# Other \u2014 search\\n\\n# Other \u2014 Search Module\\n\\n## Overview\\nThe **search** module is a lightweight Express.js example demonstrating real-time, client-driven search backed by Redis. It serves a static HTML interface where user keystrokes trigger asynchronous HTTP requests. The server uses the input string as a Redis key, retrieves all members of the corresponding set, and returns them to the browser for immediate display.\\n\\n## Architecture & Data Flow\\nThe module follows a straightforward client-server pattern with Redis acting as an in-memory key-value store.\\n\\n```mermaid\\nsequenceDiagram\\n participant Client as Browser (client.js)\\n participant Server as Express (index.js)\\n participant Redis as Redis DB\\n Client->>Server: GET /search/{:query}\\n Server->>Redis: SMEMBERS {query}\\n Redis-->>Server: Array of members\\n Server-->>Client: res.send(vals)\\n Client->>Client: Update \n with response\\n```\\n\\n## Key Components\\n\\n### Server (`examples/search/index.js`)\\nThe server manages Redis connectivity, data seeding, routing, and static asset delivery.\\n\\n#### Redis Initialization (`initializeRedis`)\\n- Establishes a connection to the local Redis instance via `redis.createClient()`.\\n- Seeds two sets using `db.sAdd()`:\\n - `ferret` \u2192 `['tobi', 'loki', 'jane']`\\n - `cat` \u2192 `['manny', 'luna']`\\n- Wrapped in an `async` function and executed before server startup. Catches connection/seeding errors and terminates the process with `process.exit(1)`.\\n\\n#### Route Handlers\\n- **`GET /search/{:query}`**: Extracts the search term from `req.params.query`. Calls `db.sMembers(query)` to fetch all members of the Redis set matching the exact key. Returns the resulting array via `res.send()`. Redis errors are caught and forwarded to Express's error middleware using `next(err)`.\\n- **`GET /client.js`**: Explicitly serves the frontend script using `res.sendFile(path.join(__dirname, 'client.js'))`. This prevents `express.static()` from exposing server-side files (e.g., `index.js` or template files) that reside in the same directory.\\n\\n#### Server Startup\\n- Uses an async IIFE to `await initializeRedis()` before conditionally calling `app.listen(3000)`.\\n- The `!module.parent` guard ensures the HTTP server only starts when the file is executed directly, not when imported as a dependency.\\n\\n### Client (`examples/search/public/`)\\n- **`index.html`**: Minimal UI containing a `` and a `\n` element for output. Loads `client.js` at the end of the body.\\n- **`client.js`**: Attaches a `keyup` event listener to the search input. On each keystroke, it instantiates an `XMLHttpRequest`, opens a `GET` request to `/search/{search.value}`, and updates the `\n` element's `textContent` when `readyState === 4`.\\n\\n## Setup & Usage\\n1. **Prerequisites**: Install and start a local Redis server (`redis-server`).\\n2. **Dependencies**: Run `npm install redis` in the project root.\\n3. **Execution**: Run `node examples/search/index.js`.\\n4. **Access**: Navigate to `http://localhost:3000`. Typing `ferret` or `cat` into the search box will return the seeded members in real-time.\\n\\n## Implementation Notes\\n- **Route Syntax**: The source defines the route as `/search/{:query}`. Express will parse `:query` as a route parameter, but the literal `{` and `}` characters will be part of the URL path. Adjust to `/search/:query` if standard Express routing is preferred.\\n- **Data Model**: The example relies on exact Redis key matching via `SMEMBERS`. It does not support partial matches, wildcards, or fuzzy search.\\n- **Error Handling**: Search route errors are passed to `next(err)`, relying on Express's default error handler. Initialization failures halt the process to prevent serving an unseeded or disconnected state.\\n- **Static Serving**: `express.static()` is scoped to `public/`, but `/client.js` is explicitly routed to avoid directory traversal risks and unintended file exposure.\\n\\n## Extending the Module\\n- Replace `db.sMembers()` with `db.sScan()` or `db.keys()` to support pattern-based or paginated lookups.\\n- Add input debouncing in `client.js` to throttle `XMLHttpRequest` calls during rapid typing.\\n- Switch `res.send(vals)` to `res.json(vals)` for structured JSON responses.\\n- Externalize Redis connection configuration using environment variables instead of relying on default localhost settings.\",\"other-session\":\"# Other \u2014 session\\n\\n# Other \u2014 Session Module\\n\\n## Purpose\\nDemonstrates HTTP session management in Express using the `express-session` middleware. The module provides two standalone examples: a default in-memory session store and a Redis-backed persistent store. Both examples track per-user page views by attaching state to `req.session`.\\n\\n## Architecture & Components\\nThe module consists of two independent entry points that share identical routing logic but differ in session storage configuration:\\n\\n| File | Storage Backend | Additional Dependencies |\\n|------|----------------|-------------------------|\\n| `examples/session/index.js` | Default `MemoryStore` (in-memory) | `express`, `express-session` |\\n| `examples/session/redis.js` | `connect-redis` (Redis-backed) | `express`, `express-session`, `connect-redis`, `morgan` |\\n\\nBoth files follow the same structural pattern:\\n1. Initialize an Express application via `express()`\\n2. Attach session middleware using `app.use(session({...}))`\\n3. Define a `GET /` route handler that reads/writes `req.session.views`\\n4. Start the HTTP server on port `3000`\\n\\n## Session Middleware Configuration\\nThe `express-session` middleware is configured with identical core options across both examples:\\n\\n```javascript\\napp.use(session({\\n resave: false, // Prevents saving unmodified sessions\\n saveUninitialized: false, // Defers session creation until data is stored\\n secret: 'keyboard cat', // Signs the session ID cookie\\n store: new RedisStore // (redis.js only) Overrides default MemoryStore\\n}));\\n```\\n\\n- `resave: false` avoids race conditions and unnecessary writes when session data hasn't changed.\\n- `saveUninitialized: false` complies with privacy regulations by not creating empty sessions for anonymous visitors.\\n- `secret` is used to cryptographically sign the session cookie. In production, this should be a strong, environment-specific value.\\n\\n## Store Implementations\\n### In-Memory Store (`index.js`)\\nRelies on `express-session`'s built-in `MemoryStore`. Suitable for development and testing. Session data is lost on process restart and does not scale across multiple Node.js instances.\\n\\n### Redis Store (`redis.js`)\\nIntegrates `connect-redis` by passing the `session` module to it, allowing the Redis store to inherit from `session.Store`:\\n```javascript\\nvar RedisStore = require('connect-redis')(session);\\n```\\nThe store instance is passed to the middleware via `store: new RedisStore`. This enables persistent, distributed session storage suitable for production environments.\\n\\n## Request Execution Flow\\nThe following diagram illustrates the request lifecycle for both examples:\\n\\n```mermaid\\ngraph LR\\n A[HTTP Request] --> B[session Middleware]\\n B --> C{req.session exists?}\\n C -->|Yes| D[Load session data]\\n C -->|No| E[Create new session]\\n D --> F[Route Handler GET /]\\n E --> F\\n F --> G[Increment req.session.views]\\n G --> H[res.send HTML Response]\\n```\\n\\n1. Incoming requests pass through the `session` middleware, which parses the session cookie and attaches a `req.session` object.\\n2. The `GET /` route handler checks `req.session.views`. If present, it increments the counter; otherwise, it initializes it to `1` and appends a first-visit message.\\n3. The handler responds using `res.send()`, which serializes the HTML string and ends the response.\\n4. The session middleware automatically persists modified session data before the response completes.\\n\\n## Running the Examples\\n### In-Memory Variant\\n```bash\\nnode examples/session/index.js\\n```\\nThe server starts on `http://localhost:3000`. The `if (!module.parent)` guard ensures the server only starts when the file is executed directly, not when required as a module.\\n\\n### Redis Variant\\nPrerequisites:\\n- Redis server running locally (`redis-server`)\\n- Dependencies installed: `npm install redis connect-redis morgan express-session`\\n\\n```bash\\nnode examples/session/redis.js\\n```\\nThe server starts on `http://localhost:3000` with `morgan` logging enabled in `dev` format. Session state persists across server restarts and is shared across Redis clients.\\n\\n## Integration Notes\\n- These files are standalone examples and do not export middleware or utilities for consumption by other modules.\\n- The `res.send()` calls route through Express's response pipeline. No custom routing or internal module calls are present.\\n- When adapting this pattern for production:\\n - Replace `'keyboard cat'` with a cryptographically secure secret loaded from environment variables.\\n - Configure `connect-redis` with connection options (host, port, password, TTL) as needed.\\n - Consider adding session cookie options (`cookie: { secure: true, httpOnly: true, sameSite: 'strict' }`) for security compliance.\",\"other-static-files\":\"# Other \u2014 static-files\\n\\n# Other \u2014 static-files\\n\\n## Overview\\nThis module is an Express.js example demonstrating how to serve static assets using the built-in `express.static()` middleware. It illustrates three distinct routing patterns for mapping HTTP requests to filesystem directories, along with request logging via `morgan`.\\n\\n## Core Middleware & Configuration\\n\\nThe module relies on `express.static(root)` to intercept incoming requests, check for matching files in the specified directory, and serve them with appropriate MIME types. If no file matches, the middleware calls `next()` to pass control down the stack.\\n\\n### Pattern 1: Direct Root Mapping\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n- **Behavior**: Serves files from `./public` at the root URL path.\\n- **Example**: `GET /js/app.js` \u2192 resolves to `./public/js/app.js`\\n- **Use Case**: Simple applications where static assets share the same base path as API or view routes.\\n\\n### Pattern 2: Prefixed/Mounted Routing\\n```javascript\\napp.use('/static', express.static(path.join(__dirname, 'public')));\\n```\\n- **Behavior**: Mounts the static middleware at `/static`. Express automatically strips the mount path before resolving the file.\\n- **Example**: `GET /static/js/app.js` \u2192 strips `/static` \u2192 resolves to `./public/js/app.js`\\n- **Use Case**: Namespacing static assets to avoid collisions with dynamic routes or API endpoints.\\n\\n### Pattern 3: Multiple Static Directories\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public', 'css')));\\n```\\n- **Behavior**: Registers an additional static directory. Express evaluates middleware in registration order.\\n- **Example**: `GET /style.css` \u2192 resolves to `./public/css/style.css`\\n- **Use Case**: Serving assets from disparate directories without requiring URL prefixes, or overriding files in earlier directories with later ones.\\n\\n## Request Resolution Flow\\n\\nThe following diagram illustrates how incoming requests are evaluated against the registered middleware stack:\\n\\n```mermaid\\ngraph TD\\n A[Incoming Request] --> B{Logger: morgan}\\n B --> C{Static: ./public}\\n C -->|File Found| D[Serve File]\\n C -->|Not Found| E{Static: /static -> ./public}\\n E -->|File Found| D\\n E -->|Not Found| F{Static: ./public/css}\\n F -->|File Found| D\\n F -->|Not Found| G[404 / Next Middleware]\\n```\\n\\n## Project Structure\\n```\\nexamples/static-files/\\n\u251c\u2500\u2500 index.js # Express app entry point & middleware configuration\\n\u2514\u2500\u2500 public/ # Root static directory\\n \u251c\u2500\u2500 hello.txt # Plain text asset\\n \u251c\u2500\u2500 js/\\n \u2502 \u2514\u2500\u2500 app.js # JavaScript asset\\n \u2514\u2500\u2500 css/\\n \u2514\u2500\u2500 style.css # Stylesheet asset\\n```\\n\\n## Running & Testing\\n1. Start the server: `node index.js`\\n2. Verify endpoints:\\n - `GET /hello.txt` \u2192 served by Pattern 1\\n - `GET /js/app.js` \u2192 served by Pattern 1\\n - `GET /static/js/app.js` \u2192 served by Pattern 2\\n - `GET /css/style.css` \u2192 served by Pattern 1 (if `public/css` is traversed) or Pattern 3 (direct root mapping)\\n - `GET /style.css` \u2192 served by Pattern 3\\n\\n## Implementation Notes\\n- **Path Resolution**: `path.join(__dirname, 'public')` ensures cross-platform compatibility. Avoid hardcoding forward/backward slashes.\\n- **Middleware Order**: Express evaluates `app.use()` calls sequentially. Place `express.static()` before route handlers if you want static files to take precedence, or after if you want dynamic routes to override them.\\n- **Caching & Headers**: `express.static()` automatically sets `Cache-Control`, `ETag`, and `Last-Modified` headers. These can be customized via the optional `options` object (e.g., `maxAge`, `immutable`).\\n- **Security**: The middleware prevents directory traversal attacks by default. Requests containing `../` are safely rejected or normalized.\",\"other-support\":\"# Other \u2014 support\\n\\n# Other \u2014 Support Module\\n\\n## Overview\\nThe `test/support` module provides foundational utilities for the project's test suite. It handles environment bootstrapping, supplies a lightweight template engine for dynamic test fixtures, and exports assertion factories compatible with `supertest` for validating HTTP responses. This module is strictly internal to the testing infrastructure and is not intended for production use.\\n\\n## Environment Configuration (`env.js`)\\nBootstraps the Node.js process for test execution by setting environment variables before any application code loads:\\n- `NODE_ENV`: Forced to `'test'` to ensure test-specific behavior in dependencies.\\n- `NO_DEPRECATION`: Suppresses deprecation warnings from `body-parser` and `express` to keep test output clean.\\n\\n**Usage:** Require this file at the very beginning of your test runner or entry script:\\n```js\\nrequire('./test/support/env');\\n```\\n\\n## Template Engine (`tmpl.js`)\\nExports a minimal, synchronous-style template renderer designed for generating dynamic test fixtures.\\n\\n### `renderFile(fileName, options, callback)`\\nReads a file from disk and performs variable substitution before returning the result.\\n- **Parameters:**\\n - `fileName` (string): Path to the template file.\\n - `options` (object): Key-value map for variable resolution. Supports dot-notation paths (e.g., `$user.profile.name`).\\n - `callback` (function): Node-style `(err, str)` callback.\\n- **Behavior:**\\n - Uses `fs.readFile` with `utf8` encoding.\\n - Matches variables via `/\\\\$([0-9a-zA-Z\\\\.]+)/g`.\\n - Delegates path resolution to `generateVariableLookup(data)`, which traverses nested objects.\\n - Catches substitution errors and attaches `err.name = 'RenderError'` before invoking the callback.\\n\\n## Assertion Utilities (`utils.js`)\\nExports factory functions that return assertion callbacks compatible with `supertest`'s `.expect()` chain. All assertions use `node:assert` and operate on the `res` object provided by `supertest`.\\n\\n### Body Assertions\\n- `shouldHaveBody(buf)`: Validates that the response body exactly matches the provided `Buffer`. Normalizes string responses to `Buffer` and compares hex representations for strict equality.\\n- `shouldNotHaveBody()`: Asserts that `res.text` is either an empty string or `undefined`.\\n\\n### Header Assertions\\n- `shouldHaveHeader(header)`: Asserts the presence of a header. Performs case-insensitive matching against `res.headers`.\\n- `shouldNotHaveHeader(header)`: Asserts the absence of a header using the same case-insensitive logic.\\n\\n### Version Gating\\n- `shouldSkipQuery(versionString)`: Returns `true` if the Node.js major version is `< 22`. Used to conditionally skip HTTP `QUERY` method tests, as full upstream support was introduced in Node 22.\\n- `getMajorVersion(versionString)`: Internal helper that extracts the major version segment from a semver string.\\n\\n## Test Integration & Call Flow\\nThe assertion utilities are designed to be passed directly into `supertest` chains. The module follows a factory pattern: each exported function returns a closure that captures the expected value and executes the assertion when invoked with a `supertest` response object.\\n\\n```mermaid\\ngraph TD\\n A[Test File] -->|import| B[utils.js]\\n B -->|exports| C[shouldHaveBody]\\n B -->|exports| D[shouldHaveHeader]\\n B -->|exports| E[shouldNotHaveBody]\\n B -->|exports| F[shouldNotHaveHeader]\\n C -->|passed to| G[supertest.expect]\\n D -->|passed to| G\\n E -->|passed to| G\\n F -->|passed to| G\\n H[tmpl.js] -->|renderFile| I[Test Fixtures]\\n I -->|used by| A\\n```\\n\\n**Typical Usage Pattern:**\\n```js\\nconst request = require('supertest');\\nconst { shouldHaveBody, shouldNotHaveHeader } = require('../support/utils');\\n\\nrequest(app)\\n .get('/download')\\n .expect(shouldHaveBody(Buffer.from('expected content')))\\n .expect(shouldNotHaveHeader('x-custom-header'))\\n .end(done);\\n```\\n\\n## Development Notes\\n- **Hex Comparison:** `shouldHaveBody` converts both expected and actual bodies to hex strings before comparison. This avoids encoding pitfalls and ensures byte-level accuracy.\\n- **Header Case-Insensitivity:** HTTP headers are normalized to lowercase in `res.headers`. The assertion helpers automatically call `.toLowerCase()` on the input header name to match this behavior.\\n- **Node Version Gating:** `shouldSkipQuery` is tied to Node 22 due to incomplete `HTTP QUERY` method support in earlier versions. Update the threshold only after verifying upstream Node.js and Express compatibility.\\n- **Error Handling in `tmpl.js`:** The renderer catches template substitution errors and explicitly names them `RenderError`. Test code should check for this error name when validating malformed template inputs.\",\"other-vhost\":\"# Other \u2014 vhost\\n\\n# Other \u2014 vhost Module\\n\\n## Purpose\\nThis module is an Express.js example demonstrating hostname-based routing using the `vhost` middleware. It illustrates how to mount multiple independent Express applications behind a single HTTP server and delegate incoming requests to the appropriate app based on the `Host` header.\\n\\n## Architecture\\nThe module instantiates three separate Express applications:\\n- `main`: Handles requests for the top-level domain (`example.com`)\\n- `redirect`: Handles wildcard subdomain requests (`*.example.com`)\\n- `app`: The root application that exports the server and mounts the `vhost` middleware\\n\\nThe `vhost` middleware acts as a conditional router. It inspects the `Host` header, matches it against registered patterns, and forwards the request to the corresponding mounted application.\\n\\n## Key Components\\n\\n### `main` Application\\nHandles direct requests to `example.com`. Defines two route handlers:\\n- `GET /`: Returns a static greeting via `res.send('Hello from main app!')`\\n- `GET /:sub`: Captures a path parameter and echoes it back\\n\\n### `redirect` Application\\nHandles all subdomain requests matching `*.example.com`. Contains a single catch-all middleware:\\n- Extracts the matched subdomain from `req.vhost[0]` (populated by the `vhost` middleware)\\n- Issues a 302 redirect to `http://example.com:3000/`\\n- Conditionally logs the `req.vhost` object when executed directly (`!module.parent`)\\n\\n### Root `app` & Middleware Mounting\\nThe exported `app` instance registers two `vhost` middleware layers:\\n```javascript\\napp.use(vhost('*.example.com', redirect));\\napp.use(vhost('example.com', main));\\n```\\nOrder matters: Express evaluates middleware sequentially. The wildcard pattern is registered first, ensuring subdomains are intercepted before the exact domain match.\\n\\n## Request Routing Flow\\n```mermaid\\ngraph TD\\n A[Incoming HTTP Request] --> B{vhost Middleware}\\n B -->|Host: *.example.com| C[redirect App]\\n B -->|Host: example.com| D[main App]\\n C --> E[Extract req.vhost[0]]\\n E --> F[302 Redirect to /]\\n D --> G[Route: GET / or GET /:sub]\\n G --> H[res.send Response]\\n```\\n\\n1. Request arrives at the server with a `Host` header\\n2. `vhost` evaluates the hostname against registered patterns\\n3. If matched, `req.vhost` is populated as an array of regex capture groups\\n4. Control is passed to the mounted Express app (`redirect` or `main`)\\n5. The target app's route handlers or middleware execute and terminate the request via `res.send()` or `res.redirect()`\\n\\n## Local Configuration & Execution\\nThe example requires local DNS resolution to simulate virtual hosts. Add the following to `/etc/hosts` (or `C:\\\\Windows\\\\System32\\\\drivers\\\\etc\\\\hosts`):\\n```\\n127.0.0.1 foo.example.com\\n127.0.0.1 bar.example.com\\n127.0.0.1 example.com\\n```\\n\\nRun the server directly:\\n```bash\\nnode examples/vhost/index.js\\n```\\nThe `!module.parent` guard ensures `morgan` logging and `app.listen(3000)` only execute when the file is run as the entry point, not when required as a module in tests or other scripts.\\n\\n## Integration Notes\\n- **`req.vhost` Structure**: The `vhost` middleware attaches an array to `req.vhost` containing matched capture groups. For `*.example.com`, `req.vhost[0]` holds the subdomain string (e.g., `\\\"foo\\\"`).\\n- **Middleware Order**: Swapping the `vhost` registration order will cause `example.com` requests to incorrectly match the wildcard pattern. Always register specific patterns after wildcards, or use exact matches first if precedence requires it.\\n- **Testing**: When importing this module in test suites, the `module.parent` check prevents port binding conflicts. Route handlers can be tested by passing mock `req`/`res` objects or using `supertest` against the exported `app`.\",\"other-view-constructor\":\"# Other \u2014 view-constructor\\n\\n# Other \u2014 view-constructor\\n\\n## Overview\\nThe `view-constructor` module demonstrates how to override Express's default view resolution and rendering pipeline by providing a custom view constructor. Instead of reading template files from the local filesystem, this implementation fetches Markdown templates directly from a GitHub repository over HTTPS, compiles them using a custom engine, and returns the rendered HTML.\\n\\n## Architecture & Key Components\\n\\n### `GithubView` Constructor\\n```javascript\\nfunction GithubView(name, options)\\n```\\nRegistered via `app.set('view', GithubView)`, this constructor replaces Express's built-in `View` class. It receives the view name and an options object containing the registered template engines and the application's `views` directory setting.\\n\\n**Key Behavior:**\\n- Extracts the appropriate template engine using `options.engines[extname(name)]`.\\n- Constructs a remote file path: `/{root}/master/{name}`. The `root` value corresponds to `app.set('views', '...')`.\\n- Stores `name`, `engine`, and `path` as instance properties for use during rendering.\\n\\n### `GithubView.prototype.render`\\n```javascript\\nGithubView.prototype.render = function(options, fn)\\n```\\nThe core rendering method invoked by Express when `res.render()` is called. It handles asynchronous remote fetching and delegates compilation to the registered engine.\\n\\n**Execution Steps:**\\n1. Configures an HTTPS GET request to `raw.githubusercontent.com` using `this.path`.\\n2. Buffers the incoming response stream with `utf8` encoding.\\n3. On stream `end`, invokes `this.engine(buf, options, fn)`, passing the fetched Markdown, merged locals, and the Express callback.\\n4. Express receives the compiled HTML via `fn(null, html)` and sends the response.\\n\\n## Express Integration (`index.js`)\\n\\nThe application setup configures the custom view system and registers a Markdown processing engine:\\n\\n- **Custom Engine Registration:** `app.engine('md', ...)` registers a `.md` handler using `marked.parse`. The engine also performs basic string interpolation, replacing `{placeholder}` patterns with values from the `options` locals object.\\n- **View Configuration:** \\n - `app.set('views', 'expressjs/express')` defines the GitHub repository path.\\n - `app.set('view', GithubView)` swaps the default view constructor.\\n- **Route Definitions:** \\n - `GET /` renders `examples/markdown/views/index.md` with `{ title: 'Example' }`.\\n - `GET /Readme.md` renders the repository's root `Readme.md`.\\n\\n## Request Lifecycle\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant GithubView\\n participant GitHub API\\n participant MDEngine\\n Client->>Express: GET /\\n Express->>GithubView: new GithubView(name, opts)\\n Express->>GithubView: render(locals, fn)\\n GithubView->>GitHub API: HTTPS GET /{root}/master/{name}\\n GitHub API-->>GithubView: Markdown content\\n GithubView->>MDEngine: engine(content, locals, fn)\\n MDEngine-->>Express: fn(null, html)\\n Express-->>Client: 200 OK (HTML)\\n```\\n\\n## Implementation Notes & Caveats\\n\\n- **Error Handling:** The `https.request` implementation lacks explicit `.on('error', fn)` handlers. Network failures or non-2xx responses will not trigger the Express error callback in this example.\\n- **Branch Hardcoding:** The path construction explicitly uses `/master/`. Modern repositories default to `main`, and branch names should ideally be configurable.\\n- **Caching:** Every request triggers a fresh network call. Production implementations should implement in-memory or HTTP-level caching to avoid rate limits and latency.\\n- **Template Interpolation:** The custom `.md` engine uses a simple regex replacement (`/\\\\{([^}]+)\\\\}/g`). This does not support nested objects, escaping, or complex logic. Consider a dedicated templating engine for production use.\\n- **Extensibility Pattern:** This module serves as a reference for implementing alternative view sources (e.g., databases, CDNs, or remote APIs) by conforming to Express's `(name, options) => { render(options, fn) }` interface.\",\"other-view-locals\":\"# Other \u2014 view-locals\\n\\n# `view-locals` Module\\n\\n## Purpose\\nThe `view-locals` module demonstrates three progressive patterns for fetching asynchronous data and passing it to Express views. It contrasts inline callback nesting with middleware-based approaches, highlighting how `req` and `res.locals` can be used to decouple data fetching from route handlers, improve readability, and enable reusable view context composition.\\n\\n## Core Components\\n\\n| File | Role |\\n|------|------|\\n| `index.js` | Express application entry point. Defines routes, middleware chains, and view configuration. |\\n| `user.js` | Faux data model. Exports the `User` constructor and static async-like methods `User.all(fn)` and `User.count(fn)`. |\\n| `views/index.ejs` | EJS template expecting `title` and `users` locals. Renders a list of filtered users. |\\n\\n### Faux Model (`user.js`)\\n- `User(name, age, species)`: Constructor for user records.\\n- `User.all(fn)`: Simulates a database read. Uses `process.nextTick` to defer execution and invoke `fn(null, users)` with the in-memory array.\\n- `User.count(fn)`: Simulates a count query. Invokes `fn(null, users.length)` asynchronously.\\n- Maintains a static `users` array pre-populated with five `User` instances (three ferrets, two cats).\\n\\n### View Template (`views/index.ejs`)\\nExpects two locals:\\n- `title`: String rendered in `` and `\n`.\\n- `users`: Array of user objects. Iterates via `users.forEach()` to display `name`, `age`, and `species`.\\n\\n## Data-Passing Patterns\\n\\nThe module implements three routes, each demonstrating a different strategy for assembling view data.\\n\\n### 1. Inline Callback Nesting (`GET /`)\\n```javascript\\napp.get('/', function(req, res, next){\\n User.count(function(err, count){\\n if (err) return next(err);\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.render('index', {\\n title: 'Users',\\n count: count,\\n users: users.filter(ferrets)\\n });\\n })\\n })\\n});\\n```\\n- **Behavior**: Fetches data sequentially in nested callbacks. Filters users inline using the `ferrets(user)` helper.\\n- **Trade-offs**: High coupling between data fetching and rendering. Deep nesting reduces readability. Error handling is explicit but repetitive.\\n\\n### 2. Request-Scoped Middleware (`GET /middleware`)\\n```javascript\\nfunction count(req, res, next) { /* attaches req.count */ }\\nfunction users(req, res, next) { /* attaches req.users */ }\\n\\napp.get('/middleware', count, users, function (req, res) {\\n res.render('index', {\\n title: 'Users',\\n count: req.count,\\n users: req.users.filter(ferrets)\\n });\\n});\\n```\\n- **Behavior**: `count` and `users` middleware attach data to the `req` object. The final handler reads from `req`, applies filtering, and renders.\\n- **Trade-offs**: Eliminates callback nesting. Data remains available across the middleware chain. Filtering stays in the route handler, preserving flexibility.\\n\\n### 3. Response-Scoped Locals (`GET /middleware-locals`)\\n```javascript\\nfunction count2(req, res, next) { /* attaches res.locals.count */ }\\nfunction users2(req, res, next) { /* attaches res.locals.users (filtered) */ }\\n\\napp.get('/middleware-locals', count2, users2, function (req, res) {\\n res.render('index', { title: 'Users' });\\n});\\n```\\n- **Behavior**: Middleware writes directly to `res.locals`. Express automatically merges `res.locals` into the view context, so `res.render()` only needs to pass `title`.\\n- **Trade-offs**: Cleanest route handler. Best for routes sharing identical view payloads. Filtering is moved to middleware, which may reduce flexibility if different routes require different subsets of the same data.\\n\\n## Middleware & Locals Lifecycle\\n\\nExpress provides two primary attachment points for request-scoped data:\\n- `req.*`: Persists across middleware and route handlers. Ideal for raw data that may be transformed differently per route.\\n- `res.locals`: Automatically exposed to the view engine. Ideal for pre-formatted data, session state, or authentication context.\\n\\nThe module includes commented patterns for applying locals at different scopes:\\n```javascript\\n// Global: applies to all routes\\napp.use(function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n\\n// Path-scoped: applies to /api/* routes\\napp.use('/api', function(req, res, next){ ... });\\napp.all('/api/*', function(req, res, next){ ... });\\n```\\n\\n## Execution Flow\\n\\nThe following diagram illustrates the middleware chain for the `/middleware-locals` route, which represents the most idiomatic Express pattern demonstrated:\\n\\n```mermaid\\nsequenceDiagram\\n participant Client\\n participant Express\\n participant count2\\n participant users2\\n participant RouteHandler\\n participant EJS\\n\\n Client->>Express: GET /middleware-locals\\n Express->>count2: Execute middleware\\n count2->>User.count: Fetch count (async)\\n User.count-->>count2: Return count\\n count2->>Express: res.locals.count = count; next()\\n Express->>users2: Execute middleware\\n users2->>User.all: Fetch users (async)\\n User.all-->>users2: Return users\\n users2->>Express: res.locals.users = filtered; next()\\n Express->>RouteHandler: Execute route\\n RouteHandler->>EJS: res.render('index', {title})\\n EJS-->>Client: Rendered HTML\\n```\\n\\n## Integration & Extension Guidelines\\n\\n1. **Replace Faux Model**: Swap `User.all` and `User.count` with real database queries (e.g., `mongoose`, `pg`, `sequelize`). Maintain the `fn(err, data)` callback signature or convert to `async/await` with `try/catch` and `next(err)`.\\n2. **Error Handling**: All middleware consistently uses `if (err) return next(err);`. Ensure downstream error-handling middleware is registered to catch and format these errors.\\n3. **Filtering Strategy**: \\n - Use `req.*` middleware when routes need different transformations of the same dataset.\\n - Use `res.locals` middleware when multiple routes render the same view with identical data shapes.\\n4. **View Context Merging**: Express merges `res.locals` with the object passed to `res.render()`. Route-level locals override `res.locals` if keys collide.\\n5. **Performance**: The example uses `process.nextTick` to simulate async I/O. In production, ensure database connections are pooled and queries are optimized to avoid blocking the event loop.\",\"other-web-service\":\"# Other \u2014 web-service\\n\\n# Other \u2014 web-service\\n\\n## Overview\\nA standalone Express.js example demonstrating foundational patterns for building JSON APIs. The module implements API key validation, route parameter extraction, custom error propagation, and centralized error/404 handling. It serves as a reference for middleware composition and request lifecycle management in Express.\\n\\n## Request Processing Flow\\nAll requests targeting the `/api` namespace pass through a validation gate before reaching route handlers. Successful validation attaches metadata to the request object. Route handlers return JSON responses via `res.send()`. Unhandled errors or unmatched routes cascade to dedicated fallback middleware.\\n\\n## Core Components\\n\\n### API Key Validation Middleware\\nMounted at `/api`, this middleware intercepts all prefixed requests:\\n```javascript\\napp.use('/api', function(req, res, next){ ... })\\n```\\n- Extracts `api-key` from `req.query`\\n- Returns `400` if the key is missing\\n- Returns `401` if the key is not found in the `apiKeys` array\\n- On success, attaches the validated key to `req.key` and calls `next()`\\n\\n### Route Handlers\\nThree `GET` endpoints expose the in-memory data:\\n- `GET /api/users` \u2192 Returns the `users` array\\n- `GET /api/repos` \u2192 Returns the `repos` array\\n- `GET /api/user/:name/repos` \u2192 Extracts `req.params.name`, looks up `userRepos[name]`, and returns the result. Calls `next()` if the user is not found, allowing the request to fall through to the 404 handler.\\n\\n### Error & Fallback Handling\\nExpress distinguishes error-handling middleware by arity (4 parameters):\\n```javascript\\napp.use(function(err, req, res, next){ ... })\\n```\\n- Catches errors passed via `next(err)`\\n- Reads `err.status` (defaults to `500` if undefined)\\n- Responds with `{ error: err.message }`\\n\\nA final 2-parameter middleware acts as a catch-all 404 handler:\\n```javascript\\napp.use(function(req, res){ ... })\\n```\\n- Executes only if all preceding middleware and routes call `next()` without sending a response\\n- Returns `404` with `{ error: \\\"Sorry, can't find that\\\" }`\\n\\n### Error Factory\\nThe `error(status, msg)` helper creates standard `Error` instances augmented with a `.status` property. This pattern aligns with Connect/Express conventions, allowing downstream error handlers to inspect HTTP status codes directly on the error object.\\n\\n## Data Structures\\nThe module uses in-memory objects to simulate a database layer:\\n- `apiKeys`: Array of valid keys (`['foo', 'bar', 'baz']`)\\n- `users`: Array of user objects\\n- `repos`: Array of repository objects\\n- `userRepos`: Object mapping usernames to arrays of repository objects\\n\\n## Execution & Module Export\\nThe application instance is exported for testing or composition:\\n```javascript\\nvar app = module.exports = express();\\n```\\nThe server only starts when executed directly:\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\nThis pattern allows the module to be `require()`d in test suites without binding to a port, while remaining runnable as a standalone script.\\n\\n## Middleware Pipeline\\n```mermaid\\ngraph TD\\n A[Client Request] --> B{Path starts with /api?}\\n B -->|No| C[404 Fallback]\\n B -->|Yes| D[API Key Validation]\\n D -->|Invalid/Missing| E[Error Handler]\\n D -->|Valid| F[Route Handler]\\n F -->|Match Found| G[res.send JSON]\\n F -->|No Match| C\\n E --> H[Return Error JSON]\\n C --> I[Return 404 JSON]\\n```\",\"overview\":\"# express \u2014 Wiki\\n\\n# Express\\n\\nWelcome to the Express documentation. Express is a fast, unopinionated, minimalist web framework for Node.js. It provides a robust set of features for building web and mobile applications while keeping the core lightweight, flexible, and easy to extend.\\n\\n## Quick Start\\n\\nInstall Express in your project directory:\\n```bash\\nnpm install express\\n```\\n\\nCreate a basic server:\\n```javascript\\nconst express = require('express');\\nconst app = express();\\nconst port = 3000;\\n\\napp.get('/', (req, res) => {\\n res.send('Hello World!');\\n});\\n\\napp.listen(port, () => {\\n console.log(`Server running at http://localhost:${port}`);\\n});\\n```\\n\\n## Architecture Overview\\n\\nExpress is built around a prototype-mixing architecture that extends Node.js's native HTTP primitives. When a request arrives, the framework instantiates a callable application object, attaches extended request and response prototypes, and passes control through a configurable middleware stack.\\n\\n```mermaid\\ngraph TD\\n NodeHTTP[Node.js HTTP] --> App[Application Core]\\n App --> Req[Request API]\\n App --> Res[Response API]\\n App --> View[View Rendering]\\n App --> Utils[Utilities]\\n Req --> Utils\\n Res --> Utils\\n Res --> View\\n```\\n\\nThe [Application Core](application-core.md) serves as the central factory and lifecycle manager. It initializes the `app` object, handles configuration, mounts middleware, delegates routing, and bootstraps the underlying HTTP server.\\n\\nIncoming requests and outgoing responses are enhanced by the [Request API](request-api.md) and [Response API](response-api.md) modules. These extend `http.IncomingMessage` and `http.ServerResponse` respectively, adding Express-specific methods for header management, content negotiation, proxy resolution, and chainable response handling.\\n\\nTemplate rendering is abstracted through the [View Rendering](view-rendering.md) module, which dynamically loads engines, resolves file paths, and executes templates asynchronously. It is invoked internally by `app.render()` and `res.render()`.\\n\\nSupporting all of these layers is the [Utilities](utilities.md) module, which provides internal helpers for HTTP method normalization, ETag generation, query parsing, proxy trust evaluation, and configuration compilation.\\n\\n## Development & Testing\\n\\nThe repository includes a suite of npm scripts to streamline development and ensure code quality:\\n\\n- `npm run lint` / `npm run lint:fix` \u2014 Check and automatically fix code style issues\\n- `npm test` \u2014 Run the full test suite\\n- `npm run test-ci` \u2014 Run tests optimized for continuous integration environments\\n- `npm run test-cov` \u2014 Generate test coverage reports\\n- `npm run test-tap` \u2014 Run tests using the TAP reporter\\n\\nFor detailed contribution guidelines, security reporting procedures, and team information, please refer to the project's [Contributing](contributing.md) and [Code of Conduct](code-of-conduct.md) pages.\\n\\n## Next Steps\\n\\n- Dive into the [Application Core](application-core.md) to understand routing, middleware mounting, and server initialization.\\n- Explore the [Request API](request-api.md) and [Response API](response-api.md) to see how Express extends native HTTP objects.\\n- Review the [View Rendering](view-rendering.md) documentation for template engine integration.\\n- Check out the official [Express.js website](https://expressjs.com/) for guides, API references, and community resources.\",\"request-api\":\"# Request API\\n\\n# Request API Module (`lib/request.js`)\\n\\n## Overview\\nThe Request API module extends Node.js's native `http.IncomingMessage` prototype to provide Express-specific request handling capabilities. It exports a prototype object (`req`) that is mixed into every incoming HTTP request. The module adds methods and lazy-evaluated properties for header access, content negotiation, proxy resolution, URL parsing, and cache validation, while maintaining strict compatibility with the underlying Node.js HTTP implementation.\\n\\n## Architecture & Prototype Extension\\nThe module creates its prototype via `Object.create(http.IncomingMessage.prototype)` and attaches all custom functionality directly to it. This design ensures that:\\n- Native `IncomingMessage` properties and methods remain fully accessible.\\n- Express-specific features are added without modifying Node.js core objects.\\n- Performance is optimized through lazy evaluation: expensive operations (query parsing, proxy resolution, header normalization) are deferred until the property is first accessed.\\n\\n```mermaid\\ngraph TD\\n IncomingMessage[http.IncomingMessage] -->|extends| req[req Prototype]\\n req -->|lazy evaluation| defineGetter[defineGetter]\\n req -->|content negotiation| accepts[accepts]\\n req -->|type checking| typeis[type-is]\\n req -->|proxy resolution| proxyaddr[proxy-addr]\\n req -->|cache validation| fresh[fresh]\\n req -->|URL parsing| parseurl[parseurl]\\n req -->|range parsing| rangeparser[range-parser]\\n appConfig[Express App Settings] -->|trust proxy, query parser, subdomain offset| req\\n```\\n\\n## API Reference\\n\\n### Header Access\\n| Method | Description |\\n|--------|-------------|\\n| `req.get(name)` / `req.header(name)` | Retrieves a request header by name. Case-insensitive. Special-cased to handle both `Referer` and `Referrer` interchangeably. Throws `TypeError` if `name` is missing or not a string. |\\n\\n### Content Negotiation\\nAll negotiation methods wrap the `accepts` library and return the best matching type, an array of matches, or `false` if none are acceptable.\\n\\n| Method | Description |\\n|--------|-------------|\\n| `req.accepts(...types)` | Checks `Accept` header. Accepts MIME types, extensions, or arrays. |\\n| `req.acceptsEncodings(...encodings)` | Checks `Accept-Encoding` header. |\\n| `req.acceptsCharsets(...charsets)` | Checks `Accept-Charset` header. Supports comma-delimited strings or multiple arguments. |\\n| `req.acceptsLanguages(...languages)` | Checks `Accept-Language` header. |\\n\\n### Content-Type Validation\\n| Method | Description |\\n|--------|-------------|\\n| `req.is(...types)` | Checks if the incoming `Content-Type` matches the given MIME type(s). Uses `type-is`. Supports flattened arguments or arrays. Returns the matched type string, `false`, or `null` if no `Content-Type` is present. |\\n\\n### URL & Query Parsing\\n| Property/Method | Description |\\n|-----------------|-------------|\\n| `req.path` | Returns the URL pathname. Uses `parseurl` for efficient caching. |\\n| `req.query` | Parses the query string using the app's configured `query parser fn`. Returns an empty object if parsing is disabled. |\\n| `req.range(size, options)` | Parses the `Range` header. Returns `undefined` if missing, `-1` if unsatisfiable, `-2` if syntactically invalid, or an array of `{start, end}` objects. Supports `options.combine` to merge overlapping ranges. |\\n\\n### Proxy & Network Resolution\\nAll network-related getters respect the `trust proxy` application setting. When enabled, they prioritize `X-Forwarded-*` headers over socket-level data.\\n\\n| Property | Description |\\n|----------|-------------|\\n| `req.protocol` | Returns `\\\"http\\\"` or `\\\"https\\\"`. Falls back to `X-Forwarded-Proto` if trusted. |\\n| `req.secure` | Boolean shorthand for `req.protocol === 'https'`. |\\n| `req.ip` | Returns the remote IP address. Uses `proxy-addr` to resolve trusted proxy chains. |\\n| `req.ips` | Returns an array of IP addresses from the client to the furthest trusted proxy, ordered closest to farthest. |\\n| `req.host` | Returns the `Host` header value. Falls back to `X-Forwarded-Host` if trusted. Handles comma-separated proxy lists safely. |\\n| `req.hostname` | Extracts the hostname from `req.host`, stripping port numbers and handling IPv6 literals (`[::1]`). |\\n| `req.subdomains` | Returns an array of subdomains. Splits `req.hostname` by `.` and slices based on the `subdomain offset` app setting. Returns `[]` for IP addresses. |\\n\\n### Cache & Request State\\n| Property | Description |\\n|----------|-------------|\\n| `req.fresh` | Returns `true` if the request is cacheable (`GET`/`HEAD`) and the response's `ETag` or `Last-Modified` headers match the request's conditional headers. Uses the `fresh` library. |\\n| `req.stale` | Boolean inverse of `req.fresh`. |\\n| `req.xhr` | Returns `true` if `X-Requested-With` header equals `xmlhttprequest` (case-insensitive). |\\n\\n## Internal Mechanics\\n\\n### Lazy Evaluation via `defineGetter`\\nThe private `defineGetter(obj, name, getter)` function uses `Object.defineProperty` to attach properties with `configurable: true`, `enumerable: true`, and a custom `get` function. This pattern ensures:\\n- Zero overhead for unused properties.\\n- Consistent API surface across all request objects.\\n- Safe re-evaluation if underlying headers or app settings change mid-request (though typically headers are static per request).\\n\\n### Application Settings Integration\\nSeveral getters dynamically query the Express application instance (`this.app`) at access time:\\n- `this.app.get('trust proxy fn')`: Determines whether to trust `X-Forwarded-*` headers for `protocol`, `ip`, `ips`, `host`, and `hostname`.\\n- `this.app.get('query parser fn')`: Supplies the parsing function for `req.query`.\\n- `this.app.get('subdomain offset')`: Controls how many trailing domain parts are excluded from `req.subdomains`.\\n\\nThis design allows runtime configuration changes to affect request behavior without requiring prototype mutation or server restarts.\\n\\n## Integration Notes\\n- **Attachment:** The exported `req` prototype is typically assigned to `app.request` in Express's initialization phase and mixed into `http.IncomingMessage` instances during request creation.\\n- **Execution Flow:** The module itself contains no runtime execution logic. All methods and getters execute per-request when invoked or accessed. The only internal call graph edge is `req` \u2192 `defineGetter` during module initialization.\\n- **Error Handling:** `req.get()` explicitly validates input types. Other methods rely on underlying libraries (`accepts`, `type-is`, `range-parser`) to handle malformed headers gracefully, returning `false`, `undefined`, or numeric error codes as documented.\\n- **Extensibility:** Developers can safely add custom properties to `req` by extending the exported prototype before the server starts listening, or by using middleware that attaches properties to `req` at runtime.\",\"response-api\":\"# Response API\\n\\n# Response API (`lib/response.js`)\\n\\n## Overview\\nThe `Response` module extends Node.js's native `http.ServerResponse.prototype` to provide Express-specific response handling capabilities. It exposes a chainable API for setting status codes, managing headers, transmitting data (strings, JSON, buffers), streaming files, handling cookies, performing redirects, and rendering views. The module is instantiated once and attached to every incoming request's `res` object during the Express routing lifecycle.\\n\\n## Architecture & Prototype Chain\\n```javascript\\nvar res = Object.create(http.ServerResponse.prototype)\\nmodule.exports = res\\n```\\nThe module uses prototypal inheritance to augment `http.ServerResponse`. All methods return `this` to enable method chaining. The prototype relies on several external utilities (`mime-types`, `content-disposition`, `send`, `vary`, `cookie`, `on-finished`) and reads runtime configuration from `this.app` and `this.req`.\\n\\n## Core Methods\\n\\n### Status & Header Management\\n| Method | Description |\\n|--------|-------------|\\n| `res.status(code)` | Validates and sets `this.statusCode`. Throws `TypeError` for non-integers and `RangeError` for codes outside `100\u2013999`. |\\n| `res.set(field, val)` / `res.header()` | Sets headers. Automatically expands `Content-Type` via `mime.contentType()`. Accepts objects for bulk setting. |\\n| `res.get(field)` | Alias for `this.getHeader(field)`. |\\n| `res.append(field, val)` | Appends values to existing headers, handling array/string concatenation safely. |\\n| `res.vary(field)` | Adds `field` to the `Vary` header using the `vary` package. Ignores duplicates. |\\n| `res.links(links)` | Constructs and sets the `Link` header. Supports arrays for multiple links per relation. |\\n\\n### Data Transmission\\n| Method | Description |\\n|--------|-------------|\\n| `res.send(body)` | Core transmission method. Handles strings, buffers, booleans, numbers, and objects. Automatically sets `Content-Type`, calculates `Content-Length`, generates ETags (if configured), and strips payload headers for `204`, `205`, and `304` responses. |\\n| `res.json(obj)` | Serializes `obj` to JSON, sets `Content-Type: application/json`, and delegates to `res.send()`. |\\n| `res.jsonp(obj)` | Wraps JSON in a callback function. Extracts callback name from `req.query[app.get('jsonp callback name')]`. Includes Rosetta Flash mitigation (`/**/ typeof ...`) and escapes U+2028/U+2029. |\\n| `res.sendStatus(statusCode)` | Sets status and sends the standard HTTP status message (or numeric fallback) as `text/plain`. |\\n\\n### File Transfer & Streaming\\n| Method | Description |\\n|--------|-------------|\\n| `res.sendFile(path, options, callback)` | Streams a file using the `send` module. Requires absolute paths or `options.root`. Wires app-level `etag` setting. Handles errors via `next()` or callback. |\\n| `res.download(path, filename, options, callback)` | Wrapper around `res.sendFile()` that automatically sets `Content-Disposition: attachment`. Supports flexible argument ordering for `filename`, `options`, and `callback`. |\\n\\n### Content Negotiation\\n| Method | Description |\\n|--------|-------------|\\n| `res.format(obj)` | Matches `req.accepts()` against object keys. Sets `Content-Type` and invokes the matched handler. Falls back to `obj.default` or throws a `406 Not Acceptable` error via `createError`. |\\n| `res.type(type)` / `res.contentType()` | Resolves MIME types via `mime.contentType()`. Falls back to `application/octet-stream` if unmapped. |\\n| `res.attachment(filename)` | Sets `Content-Disposition: attachment` and infers `Content-Type` from the file extension. |\\n\\n### Cookies & Redirects\\n| Method | Description |\\n|--------|-------------|\\n| `res.cookie(name, value, options)` | Serializes cookies using the `cookie` package. Supports `maxAge` \u2192 `expires` conversion, signed cookies (`s:` prefix via `cookie-signature`), and JSON values (`j:` prefix). Requires `req.secret` for signed cookies. |\\n| `res.clearCookie(name, options)` | Expires a cookie by setting `expires: new Date(1)` and removing `maxAge`. |\\n| `res.location(url)` | Sets the `Location` header with URL encoding via `encodeurl`. |\\n| `res.redirect(url)` | Performs HTTP redirects (default `302`). Supports `res.redirect(status, url)`. Generates `text/plain` or `text/html` fallback bodies based on `Accept` headers. |\\n\\n### View Rendering\\n| Method | Description |\\n|--------|-------------|\\n| `res.render(view, options, callback)` | Delegates to `app.render()`. Merges `res.locals` into `opts._locals`. If no callback is provided, automatically sends the rendered string with `200 OK`. |\\n\\n## Internal Helpers & Execution Flow\\n\\n### `sendfile(res, file, options, callback)`\\nManages the lifecycle of file streams created by `res.sendFile()` and `res.download()`. It attaches event listeners to the `send` stream and uses `on-finished` to monitor the response socket.\\n\\n```mermaid\\ngraph TD\\n A[sendfile] --> B[file.pipe res]\\n A --> C[on-finished]\\n C --> D{onfinish}\\n D -->|ECONNRESET| E[onaborted]\\n D -->|Other Error| F[onerror]\\n D -->|Success| G[callback]\\n B --> H[file events: directory, end, error, file, stream]\\n H --> D\\n```\\n\\nKey behaviors:\\n- Prevents duplicate callback execution via a `done` flag.\\n- Translates `EISDIR` to a directory error, allowing `res.sendFile()` to call `next()`.\\n- Aborts streaming if the response finishes before the file stream completes.\\n- Applies custom headers via the `headers` event if provided in `options`.\\n\\n### `stringify(value, replacer, spaces, escape)`\\nOptimized JSON serialization wrapper. When `escape` is `true` (controlled by `app.get('json escape')`), it replaces `<`, `>`, and `&` with Unicode escapes (`\\\\u003c`, `\\\\u003e`, `\\\\u0026`) to mitigate HTML injection in JSON payloads.\\n\\n## Configuration Dependencies\\nMethods dynamically read application settings at runtime:\\n- `app.get('etag fn')` / `app.enabled('etag')`: Controls ETag generation in `res.send()` and `res.sendFile()`.\\n- `app.get('json escape')`, `app.get('json replacer')`, `app.get('json spaces')`: Configures `res.json()` and `res.jsonp()` serialization.\\n- `app.get('jsonp callback name')`: Defines the query parameter for JSONP callbacks.\\n- `this.req.secret`: Required when `options.signed` is passed to `res.cookie()`.\\n\\n## Security & Edge Cases\\n- **Status Code Validation:** `res.status()` strictly enforces integer types and `100\u2013999` range.\\n- **Header Stripping:** `res.send()` automatically removes `Content-Type`, `Content-Length`, and `Transfer-Encoding` for `204` and `304` responses, and forces `Content-Length: 0` for `205`.\\n- **HEAD Requests:** `res.send()` and `res.redirect()` skip body transmission for `HEAD` methods, calling `this.end()` without arguments.\\n- **Freshness Check:** `res.send()` checks `req.fresh` and automatically downgrades to `304 Not Modified` when applicable.\\n- **Path Validation:** `res.sendFile()` throws if `path` is missing, non-string, or relative without a `root` option.\\n\\n## Contribution Guidelines\\n- All public methods must return `this` to maintain chainability.\\n- Header manipulation should use `mime.contentType()` for type resolution and `setCharset()` for charset normalization.\\n- When adding streaming capabilities, follow the `sendfile` pattern: use `on-finished` for socket lifecycle management and guard callbacks with a `done` flag to prevent double-invocation.\\n- Deprecations are handled via the `depd` module. Use `deprecate('message')` for legacy argument patterns.\\n- ETag generation is intentionally deferred to app configuration; do not hardcode hashing algorithms in this module.\",\"utilities\":\"# Utilities\\n\\n# Utilities Module (`lib/utils.js`)\\n\\n## Overview\\nThe `utils` module provides internal helper functions and configuration compilers used throughout the Express framework. It centralizes logic for HTTP method normalization, MIME type resolution, ETag generation, query string parsing, proxy trust evaluation, and `Content-Type` charset manipulation. All exports are marked `@api private` and are intended exclusively for internal framework consumption.\\n\\n## Configuration Compilation Pattern\\nExpress accepts flexible configuration values for several core features. This module standardizes those values into optimized, executable functions using three compiler utilities:\\n\\n- `compileETag(val)`: Maps ETag settings (`true`, `'weak'`, `'strong'`, `false`, or a custom function) to an ETag generator.\\n- `compileQueryParser(val)`: Maps query parser settings (`true`, `'simple'`, `'extended'`, `false`, or a custom function) to a query string parser.\\n- `compileTrust(val)`: Maps proxy trust settings (`true`, `false`, hop count, comma-separated IPs, or a custom function) to a trust evaluation function.\\n\\nEach compiler follows a consistent dispatch pattern:\\n1. If `val` is already a function, it is returned directly.\\n2. If `val` matches a known string/boolean/number, it is mapped to a predefined implementation.\\n3. Unrecognized values throw a `TypeError`.\\n\\n## Core Exports\\n\\n### HTTP & Content Negotiation\\n- `methods`: Array of lowercased HTTP methods supported by Node.js (e.g., `['get', 'post', 'put', ...]`).\\n- `normalizeType(type)`: Resolves a MIME type shorthand (e.g., `\\\"html\\\"`) to a full type string (`\\\"text/html\\\"`). If the input already contains a `/`, it delegates to `acceptParams()` to extract quality and parameter data.\\n- `normalizeTypes(types)`: Maps `normalizeType` over an array of type strings.\\n- `setCharset(type, charset)`: Injects or replaces the `charset` parameter in a `Content-Type` string using the `content-type` library. Returns the original string if either argument is falsy.\\n\\n### ETag Generation\\n- `etag(body, [encoding])`: Generates a strong ETag for the provided string or `Buffer`.\\n- `wetag(body, [encoding])`: Generates a weak ETag for the provided string or `Buffer`.\\nBoth are instantiated via the internal `createETagGenerator()` factory, which ensures input is normalized to a `Buffer` before delegation to the `etag` package.\\n\\n### Query Parsing\\n- `compileQueryParser(val)`: (See Configuration Compilation Pattern)\\n- `parseExtendedQueryString(str)`: Internal wrapper around `qs.parse()` configured with `allowPrototypes: true` to safely handle complex query structures.\\n\\n### Proxy Trust\\n- `compileTrust(val)`: (See Configuration Compilation Pattern)\\nNormalizes string inputs into trimmed arrays and delegates to `proxy-addr.compile()` for IP/hop validation.\\n\\n## Internal Utilities\\n- `acceptParams(str)`: Parses HTTP `Accept` header parameters. Extracts the media type/value, quality factor (`q`), and additional parameters into an object `{ value, quality, params }`. Handles edge cases like missing semicolons or malformed splits by tracking index boundaries.\\n- `createETagGenerator(options)`: Factory function that returns a closure for generating ETags. Handles `Buffer` conversion and passes the `weak` option to the underlying `etag` library.\\n- `parseExtendedQueryString(str)`: Dedicated parser for the `'extended'` query mode, isolating `qs` configuration from the rest of the module.\\n\\n## Architecture & Call Flow\\nThe module acts as a centralized utility hub. Configuration compilers route to either built-in Node.js modules, third-party packages, or internal helpers. Internal utilities are invoked by exports to maintain a clean public API surface.\\n\\n```mermaid\\ngraph TD\\n A[compileETag] --> B{val type?}\\n B -->|'weak'| C[wetag]\\n B -->|'strong'| D[etag]\\n B -->|function| E[return val]\\n \\n F[compileQueryParser] --> G{val type?}\\n G -->|'simple'| H[querystring.parse]\\n G -->|'extended'| I[parseExtendedQueryString]\\n \\n J[normalizeType] --> K{contains '/'?}\\n K -->|yes| L[acceptParams]\\n K -->|no| M[mime.lookup]\\n \\n C --> N[createETagGenerator]\\n D --> N\\n```\\n\\n## Dependencies\\n| Package | Purpose |\\n|---|---|\\n| `node:http` | Provides `METHODS` array for HTTP method normalization |\\n| `content-type` | Parses and formats `Content-Type` headers for charset manipulation |\\n| `etag` | Generates strong/weak ETags from Buffers |\\n| `mime-types` | Resolves file extensions to MIME types |\\n| `proxy-addr` | Compiles and evaluates proxy trust functions |\\n| `qs` | Parses extended query strings with prototype safety |\\n| `node:querystring` | Provides simple query string parsing for `'simple'` mode |\\n| `node:buffer` | Ensures consistent `Buffer` handling for ETag generation |\\n\\n## Integration Notes\\n- This module is loaded during Express initialization and is referenced by `lib/application.js`, `lib/request.js`, and `lib/response.js`.\\n- Compiler functions (`compileETag`, `compileQueryParser`, `compileTrust`) are typically invoked during `app.set()` or `app.enable()` calls to transform user-provided settings into cached runtime functions, avoiding repeated type-checking on every request.\\n- `normalizeType` and `acceptParams` are heavily utilized in content negotiation logic to match `Accept` headers against supported response types.\\n- All functions are synchronous and designed for minimal allocation overhead. Modifying exported functions or internal helpers will directly impact framework behavior.\",\"view-rendering\":\"# View Rendering\\n\\n# View Rendering Module (`lib/view.js`)\\n\\n## Overview\\nThe `View` module encapsulates the lifecycle of a single template in Express. It is responsible for:\\n- Parsing view names and resolving file extensions\\n- Dynamically loading and caching template engines\\n- Resolving absolute file paths against configured view directories\\n- Executing the template engine with normalized asynchronous callbacks\\n\\nThis module is instantiated internally by `res.render()` and `app.render()`. It acts as a bridge between Express routing/response logic and third-party template engines (e.g., Pug, EJS, Handlebars).\\n\\n## Constructor & Initialization\\n```javascript\\nfunction View(name, options)\\n```\\nThe constructor accepts a view `name` (string) and an `options` object containing:\\n- `defaultEngine`: The fallback engine name (e.g., `'pug'`)\\n- `engines`: A shared cache object for loaded engine functions\\n- `root`: Base directory or array of directories for view lookup\\n\\n### Initialization Flow\\n1. Extracts the file extension from `name` using `path.extname()`.\\n2. Validates that either an extension is provided or a `defaultEngine` is configured. Throws if neither exists.\\n3. If no extension is present, appends the `defaultEngine` (ensuring a leading `.`) to the filename.\\n4. Loads the template engine if not already cached in `opts.engines`.\\n5. Stores the resolved engine function in `this.engine`.\\n6. Resolves the absolute file path via `this.lookup(fileName)` and stores it in `this.path`.\\n\\n## Engine Loading & Caching\\nExpress expects template engines to export a `__express` function conforming to the signature `(path, options, callback)`. The `View` module handles dynamic loading:\\n\\n```javascript\\nvar mod = this.ext.slice(1)\\nvar fn = require(mod).__express\\n```\\n- The leading `.` is stripped from the extension to form the module name (e.g., `.ejs` \u2192 `ejs`).\\n- The engine is required synchronously. If `__express` is missing or not a function, an error is thrown.\\n- Loaded engines are stored in the shared `opts.engines` cache, preventing redundant `require()` calls across multiple `View` instances.\\n\\n## Path Resolution Strategy\\nPath resolution is split between `lookup()` and `resolve()`, supporting multiple view directories and fallback patterns.\\n\\n### `View.prototype.lookup(name)`\\n- Normalizes `this.root` into an array to support multiple view directories.\\n- Iterates through each root, resolving an absolute path with `path.resolve()`.\\n- Delegates to `this.resolve(dir, file)` for each root until a valid file is found.\\n\\n### `View.prototype.resolve(dir, file)`\\nImplements a two-step resolution strategy:\\n1. **Exact Match**: Checks `/` using `tryStat()`.\\n2. **Index Fallback**: If the exact match fails, checks `//index.`.\\n\\nBoth checks use `fs.statSync()` wrapped in `tryStat()` to safely return `undefined` on missing files without throwing.\\n\\n## Rendering & Callback Normalization\\n```javascript\\nView.prototype.render = function render(options, callback)\\n```\\nThe `render` method executes the loaded engine and guarantees asynchronous callback invocation, which is critical for Express middleware consistency.\\n\\n### Sync-to-Async Normalization\\nSome template engines execute synchronously. To prevent stack overflows and maintain predictable event-loop behavior, `render` uses a `sync` flag:\\n1. `sync` is initialized to `true`.\\n2. The engine is called: `this.engine(this.path, options, onRender)`.\\n3. If the engine calls `onRender` synchronously (`sync === true`), the callback arguments and context are copied, and execution is deferred to `process.nextTick()`.\\n4. If the engine calls `onRender` asynchronously (`sync === false`), the callback is invoked immediately.\\n5. `sync` is set to `false` after the engine call returns, ensuring only the first synchronous callback is deferred.\\n\\n## Integration with Express\\nThe `View` module does not operate in isolation. It relies on application-level configuration passed through the `options` object:\\n- `app.set('views', '/path/to/views')` \u2192 populates `options.root`\\n- `app.set('view engine', 'pug')` \u2192 populates `options.defaultEngine`\\n- `app.engines` \u2192 passed as `options.engines` for cross-request caching\\n\\nWhen `res.render(view, locals, callback)` is called, Express constructs a new `View` instance, merges `res.locals` with `locals`, and invokes `view.render()`.\\n\\n## Architecture Flow\\n```mermaid\\nsequenceDiagram\\n participant App as Express App\\n participant View as View Instance\\n participant Engine as Template Engine\\n participant FS as File System\\n\\n App->>View: new View(name, options)\\n View->>View: Load/cache engine via require(mod).__express\\n View->>View: lookup() & resolve()\\n View->>FS: tryStat() (sync)\\n FS-->>View: File path or undefined\\n View-->>App: Initialized View with this.path & this.engine\\n App->>View: render(options, callback)\\n View->>Engine: this.engine(path, options, onRender)\\n alt Sync Engine\\n Engine-->>View: onRender() (sync)\\n View->>View: process.nextTick(callback)\\n else Async Engine\\n Engine-->>View: onRender() (async)\\n View->>View: callback()\\n end\\n View-->>App: Rendered HTML / Error\\n```\\n\\n## Contributing Notes\\n- **Engine Compatibility**: Any new template engine must export a `__express` function matching `(path, options, callback)`. The callback signature is `(err, html)`.\\n- **Sync Safety**: Do not remove the `process.nextTick` normalization. Many engines run synchronously, and Express routing assumes async rendering to avoid blocking the event loop or causing unhandled sync errors in middleware chains.\\n- **Path Resolution**: The `tryStat` helper uses synchronous I/O intentionally. View resolution happens during request setup, and synchronous checks are acceptable here. Avoid introducing async `fs.stat` unless benchmarking proves a bottleneck.\\n- **Cache Management**: The `engines` cache is shared across the application. Clearing it requires modifying `app.engines` directly; the `View` module does not expose cache invalidation methods.\"};\nvar TREE = [{\"name\":\"Application Core\",\"slug\":\"application-core\",\"files\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"]},{\"name\":\"Request API\",\"slug\":\"request-api\",\"files\":[\"lib/request.js\"]},{\"name\":\"Response API\",\"slug\":\"response-api\",\"files\":[\"lib/response.js\"]},{\"name\":\"View Rendering\",\"slug\":\"view-rendering\",\"files\":[\"lib/view.js\"]},{\"name\":\"Utilities\",\"slug\":\"utilities\",\"files\":[\"lib/utils.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 auth\",\"slug\":\"other-auth\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Other \u2014 content-negotiation\",\"slug\":\"other-content-negotiation\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Other \u2014 cookie-sessions\",\"slug\":\"other-cookie-sessions\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Other \u2014 cookies\",\"slug\":\"other-cookies\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Other \u2014 downloads\",\"slug\":\"other-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"Other \u2014 ejs\",\"slug\":\"other-ejs\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Other \u2014 error-pages\",\"slug\":\"other-error-pages\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Other \u2014 error\",\"slug\":\"other-error\",\"files\":[\"examples/error/index.js\"]},{\"name\":\"Other \u2014 hello-world\",\"slug\":\"other-hello-world\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Other \u2014 markdown\",\"slug\":\"other-markdown\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Other \u2014 multi-router\",\"slug\":\"other-multi-router\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"Other \u2014 mvc\",\"slug\":\"other-mvc\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Other \u2014 online\",\"slug\":\"other-online\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Other \u2014 params\",\"slug\":\"other-params\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Other \u2014 resource\",\"slug\":\"other-resource\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Other \u2014 route-map\",\"slug\":\"other-route-map\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Other \u2014 route-middleware\",\"slug\":\"other-route-middleware\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Other \u2014 route-separation\",\"slug\":\"other-route-separation\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Other \u2014 search\",\"slug\":\"other-search\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other \u2014 session\",\"slug\":\"other-session\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Other \u2014 static-files\",\"slug\":\"other-static-files\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Other \u2014 vhost\",\"slug\":\"other-vhost\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"Other \u2014 view-constructor\",\"slug\":\"other-view-constructor\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"Other \u2014 view-locals\",\"slug\":\"other-view-locals\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Other \u2014 web-service\",\"slug\":\"other-web-service\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}];\nvar META = {\"fromCommit\":\"f873ac23124ffcff8c040b4bd257b32c29828d53\",\"generatedAt\":\"2026-05-09T02:42:42.656Z\",\"model\":\"qwen3.6-plus\",\"moduleFiles\":{\"Application Core\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"],\"Request API\":[\"lib/request.js\"],\"Response API\":[\"lib/response.js\"],\"View Rendering\":[\"lib/view.js\"],\"Utilities\":[\"lib/utils.js\"],\"Other\":[\"History.md\",\"Readme.md\",\"examples/README.md\",\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\",\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\",\"examples/cookie-sessions/index.js\",\"examples/cookies/index.js\",\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\",\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\",\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\",\"examples/error/index.js\",\"examples/hello-world/index.js\",\"examples/markdown/index.js\",\"examples/markdown/views/index.md\",\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\",\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\",\"examples/online/index.js\",\"examples/params/index.js\",\"examples/resource/index.js\",\"examples/route-map/index.js\",\"examples/route-middleware/index.js\",\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\",\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\",\"examples/session/index.js\",\"examples/session/redis.js\",\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\",\"examples/vhost/index.js\",\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\",\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\",\"examples/web-service/index.js\",\"package.json\",\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\",\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\",\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"],\"Other \u2014 History.md\":[\"History.md\"],\"Other \u2014 Readme.md\":[\"Readme.md\"],\"Other \u2014 examples\":[\"examples/README.md\"],\"Other \u2014 auth\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"],\"Other \u2014 content-negotiation\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"],\"Other \u2014 cookie-sessions\":[\"examples/cookie-sessions/index.js\"],\"Other \u2014 cookies\":[\"examples/cookies/index.js\"],\"Other \u2014 downloads\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"],\"Other \u2014 ejs\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"],\"Other \u2014 error-pages\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"],\"Other \u2014 error\":[\"examples/error/index.js\"],\"Other \u2014 hello-world\":[\"examples/hello-world/index.js\"],\"Other \u2014 markdown\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"],\"Other \u2014 multi-router\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"],\"Other \u2014 mvc\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"],\"Other \u2014 online\":[\"examples/online/index.js\"],\"Other \u2014 params\":[\"examples/params/index.js\"],\"Other \u2014 resource\":[\"examples/resource/index.js\"],\"Other \u2014 route-map\":[\"examples/route-map/index.js\"],\"Other \u2014 route-middleware\":[\"examples/route-middleware/index.js\"],\"Other \u2014 route-separation\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"],\"Other \u2014 search\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"],\"Other \u2014 session\":[\"examples/session/index.js\",\"examples/session/redis.js\"],\"Other \u2014 static-files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"],\"Other \u2014 vhost\":[\"examples/vhost/index.js\"],\"Other \u2014 view-constructor\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"],\"Other \u2014 view-locals\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"],\"Other \u2014 web-service\":[\"examples/web-service/index.js\"],\"Other \u2014 package.json\":[\"package.json\"],\"Other \u2014 test\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"],\"Other \u2014 acceptance\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"],\"Other \u2014 support\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]},\"moduleTree\":[{\"name\":\"Application Core\",\"slug\":\"application-core\",\"files\":[\"index.js\",\"lib/express.js\",\"lib/application.js\"]},{\"name\":\"Request API\",\"slug\":\"request-api\",\"files\":[\"lib/request.js\"]},{\"name\":\"Response API\",\"slug\":\"response-api\",\"files\":[\"lib/response.js\"]},{\"name\":\"View Rendering\",\"slug\":\"view-rendering\",\"files\":[\"lib/view.js\"]},{\"name\":\"Utilities\",\"slug\":\"utilities\",\"files\":[\"lib/utils.js\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 auth\",\"slug\":\"other-auth\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\"]},{\"name\":\"Other \u2014 content-negotiation\",\"slug\":\"other-content-negotiation\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\"]},{\"name\":\"Other \u2014 cookie-sessions\",\"slug\":\"other-cookie-sessions\",\"files\":[\"examples/cookie-sessions/index.js\"]},{\"name\":\"Other \u2014 cookies\",\"slug\":\"other-cookies\",\"files\":[\"examples/cookies/index.js\"]},{\"name\":\"Other \u2014 downloads\",\"slug\":\"other-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\"]},{\"name\":\"Other \u2014 ejs\",\"slug\":\"other-ejs\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\"]},{\"name\":\"Other \u2014 error-pages\",\"slug\":\"other-error-pages\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\"]},{\"name\":\"Other \u2014 error\",\"slug\":\"other-error\",\"files\":[\"examples/error/index.js\"]},{\"name\":\"Other \u2014 hello-world\",\"slug\":\"other-hello-world\",\"files\":[\"examples/hello-world/index.js\"]},{\"name\":\"Other \u2014 markdown\",\"slug\":\"other-markdown\",\"files\":[\"examples/markdown/index.js\",\"examples/markdown/views/index.md\"]},{\"name\":\"Other \u2014 multi-router\",\"slug\":\"other-multi-router\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\"]},{\"name\":\"Other \u2014 mvc\",\"slug\":\"other-mvc\",\"files\":[\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\"]},{\"name\":\"Other \u2014 online\",\"slug\":\"other-online\",\"files\":[\"examples/online/index.js\"]},{\"name\":\"Other \u2014 params\",\"slug\":\"other-params\",\"files\":[\"examples/params/index.js\"]},{\"name\":\"Other \u2014 resource\",\"slug\":\"other-resource\",\"files\":[\"examples/resource/index.js\"]},{\"name\":\"Other \u2014 route-map\",\"slug\":\"other-route-map\",\"files\":[\"examples/route-map/index.js\"]},{\"name\":\"Other \u2014 route-middleware\",\"slug\":\"other-route-middleware\",\"files\":[\"examples/route-middleware/index.js\"]},{\"name\":\"Other \u2014 route-separation\",\"slug\":\"other-route-separation\",\"files\":[\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Other \u2014 search\",\"slug\":\"other-search\",\"files\":[\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other \u2014 session\",\"slug\":\"other-session\",\"files\":[\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Other \u2014 static-files\",\"slug\":\"other-static-files\",\"files\":[\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Other \u2014 vhost\",\"slug\":\"other-vhost\",\"files\":[\"examples/vhost/index.js\"]},{\"name\":\"Other \u2014 view-constructor\",\"slug\":\"other-view-constructor\",\"files\":[\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\"]},{\"name\":\"Other \u2014 view-locals\",\"slug\":\"other-view-locals\",\"files\":[\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Other \u2014 web-service\",\"slug\":\"other-web-service\",\"files\":[\"examples/web-service/index.js\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}]};\n\n(function() {\n var activePage = 'overview';\n\n document.addEventListener('DOMContentLoaded', function() {\n mermaid.initialize({ startOnLoad: false, theme: 'neutral', securityLevel: 'loose' });\n renderMeta();\n renderNav();\n document.getElementById('menu-toggle').addEventListener('click', function() {\n document.getElementById('sidebar').classList.toggle('open');\n });\n if (location.hash && location.hash.length > 1) {\n activePage = decodeURIComponent(location.hash.slice(1));\n }\n navigateTo(activePage);\n });\n\n function renderMeta() {\n if (!META) return;\n var el = document.getElementById('meta-info');\n var parts = [];\n if (META.generatedAt) {\n parts.push(new Date(META.generatedAt).toLocaleDateString());\n }\n if (META.model) parts.push(META.model);\n if (META.fromCommit) parts.push(META.fromCommit.slice(0, 8));\n el.textContent = parts.join(' \\u00b7 ');\n }\n\n function renderNav() {\n var container = document.getElementById('nav-tree');\n var html = '\n';\n html += 'Overview';\n html += '';\n if (TREE.length > 0) {\n html += '\nModules';\n html += buildNavTree(TREE);\n }\n container.innerHTML = html;\n container.addEventListener('click', function(e) {\n var target = e.target;\n while (target && !target.dataset.page) { target = target.parentElement; }\n if (target && target.dataset.page) {\n e.preventDefault();\n navigateTo(target.dataset.page);\n }\n });\n }\n\n function buildNavTree(nodes) {\n var html = '';\n for (var i = 0; i < nodes.length; i++) {\n var node = nodes[i];\n html += '\n';\n html += '' + escH(node.name) + '';\n if (node.children && node.children.length > 0) {\n html += '\n' + buildNavTree(node.children) + '';\n }\n html += '';\n }\n return html;\n }\n\n function escH(s) {\n var d = document.createElement('div');\n d.textContent = s;\n return d.innerHTML;\n }\n\n function navigateTo(page) {\n activePage = page;\n location.hash = encodeURIComponent(page);\n\n var items = document.querySelectorAll('.nav-item');\n for (var i = 0; i < items.length; i++) {\n if (items[i].dataset.page === page) {\n items[i].classList.add('active');\n } else {\n items[i].classList.remove('active');\n }\n }\n\n var contentEl = document.getElementById('content');\n var md = PAGES[page];\n\n if (!md) {\n contentEl.innerHTML = '\n\nPage not found\n' + escH(page) + '.md does not exist.';\n return;\n }\n\n contentEl.innerHTML = marked.parse(md);\n\n // Rewrite .md links to hash navigation\n var links = contentEl.querySelectorAll('a[href]');\n for (var i = 0; i < links.length; i++) {\n var href = links[i].getAttribute('href');\n if (href && href.endsWith('.md') && href.indexOf('://') === -1) {\n var slug = href.replace(/\\.md$/, '');\n links[i].setAttribute('href', '#' + encodeURIComponent(slug));\n (function(s) {\n links[i].addEventListener('click', function(e) {\n e.preventDefault();\n navigateTo(s);\n });\n })(slug);\n }\n }\n\n // Convert mermaid code blocks into mermaid divs\n var mermaidBlocks = contentEl.querySelectorAll('pre code.language-mermaid');\n for (var i = 0; i < mermaidBlocks.length; i++) {\n var pre = mermaidBlocks[i].parentElement;\n var div = document.createElement('div');\n div.className = 'mermaid';\n div.textContent = mermaidBlocks[i].textContent;\n pre.parentNode.replaceChild(div, pre);\n }\n try { mermaid.run({ querySelector: '.mermaid' }); } catch(e) {}\n\n window.scrollTo(0, 0);\n document.getElementById('sidebar').classList.remove('open');\n }\n})();\n\n\n\n", "creation_timestamp": "2026-05-09T02:43:21.000000Z"}, {"uuid": "928db57c-a7a2-4990-bf6f-901dd413fe51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-47764", "type": "seen", "source": "https://gist.github.com/Adcbda/3e82259b6deb6a426fbb5c89ed5ded87", "content": "\n\n\n\n\nexpress \u2014 Wiki\n\n\n\n\n*{margin:0;padding:0;box-sizing:border-box}\n:root{\n --bg:#ffffff;--sidebar-bg:#f8f9fb;--border:#e5e7eb;\n --text:#1e293b;--text-muted:#64748b;--primary:#2563eb;\n --primary-soft:#eff6ff;--hover:#f1f5f9;--code-bg:#f1f5f9;\n --radius:8px;--shadow:0 1px 3px rgba(0,0,0,.08);\n}\nbody{font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,sans-serif;\n line-height:1.65;color:var(--text);background:var(--bg)}\n\n.layout{display:flex;min-height:100vh}\n.sidebar{width:280px;background:var(--sidebar-bg);border-right:1px solid var(--border);\n position:fixed;top:0;left:0;bottom:0;overflow-y:auto;padding:24px 16px;\n display:flex;flex-direction:column;z-index:10}\n.content{margin-left:280px;flex:1;padding:48px 64px;max-width:960px}\n\n.sidebar-header{margin-bottom:20px;padding-bottom:16px;border-bottom:1px solid var(--border)}\n.sidebar-title{font-size:16px;font-weight:700;color:var(--text);display:flex;align-items:center;gap:8px}\n.sidebar-title svg{flex-shrink:0}\n.sidebar-meta{font-size:11px;color:var(--text-muted);margin-top:6px}\n.nav-section{margin-bottom:2px}\n.nav-item{display:block;padding:7px 12px;border-radius:var(--radius);cursor:pointer;\n font-size:13px;color:var(--text);text-decoration:none;transition:all .15s;\n white-space:nowrap;overflow:hidden;text-overflow:ellipsis}\n.nav-item:hover{background:var(--hover)}\n.nav-item.active{background:var(--primary-soft);color:var(--primary);font-weight:600}\n.nav-item.overview{font-weight:600;margin-bottom:4px}\n.nav-children{padding-left:14px;border-left:1px solid var(--border);margin-left:12px}\n.nav-group-label{font-size:11px;font-weight:600;color:var(--text-muted);\n text-transform:uppercase;letter-spacing:.5px;padding:12px 12px 4px;user-select:none}\n.sidebar-footer{margin-top:auto;padding-top:16px;border-top:1px solid var(--border);\n font-size:11px;color:var(--text-muted);text-align:center}\n\n.content h1{font-size:28px;font-weight:700;margin-bottom:8px;line-height:1.3}\n.content h2{font-size:22px;font-weight:600;margin:32px 0 12px;padding-bottom:6px;border-bottom:1px solid var(--border)}\n.content h3{font-size:17px;font-weight:600;margin:24px 0 8px}\n.content h4{font-size:15px;font-weight:600;margin:20px 0 6px}\n.content p{margin:12px 0}\n.content ul,.content ol{margin:12px 0 12px 24px}\n.content li{margin:4px 0}\n.content a{color:var(--primary);text-decoration:none}\n.content a:hover{text-decoration:underline}\n.content blockquote{border-left:3px solid var(--primary);padding:8px 16px;margin:16px 0;\n background:var(--primary-soft);border-radius:0 var(--radius) var(--radius) 0;\n color:var(--text-muted);font-size:14px}\n.content code{font-family:'SF Mono',Consolas,'Courier New',monospace;font-size:13px;\n background:var(--code-bg);padding:2px 6px;border-radius:4px}\n.content pre{background:#1e293b;color:#e2e8f0;border-radius:var(--radius);padding:16px;\n overflow-x:auto;margin:16px 0}\n.content pre code{background:none;padding:0;font-size:13px;line-height:1.6;color:inherit}\n.content table{border-collapse:collapse;width:100%;margin:16px 0}\n.content th,.content td{border:1px solid var(--border);padding:8px 12px;text-align:left;font-size:14px}\n.content th{background:var(--sidebar-bg);font-weight:600}\n.content img{max-width:100%;border-radius:var(--radius)}\n.content hr{border:none;border-top:1px solid var(--border);margin:32px 0}\n.content .mermaid{margin:20px 0;text-align:center}\n\n.menu-toggle{display:none;position:fixed;top:12px;left:12px;z-index:20;\n background:var(--bg);border:1px solid var(--border);border-radius:var(--radius);\n padding:8px 12px;cursor:pointer;font-size:18px;box-shadow:var(--shadow)}\n@media(max-width:768px){\n .sidebar{transform:translateX(-100%);transition:transform .2s}\n .sidebar.open{transform:translateX(0);box-shadow:2px 0 12px rgba(0,0,0,.1)}\n .content{margin-left:0;padding:24px 20px;padding-top:56px}\n .menu-toggle{display:block}\n}\n.empty-state{text-align:center;padding:80px 20px;color:var(--text-muted)}\n.empty-state h2{font-size:20px;margin-bottom:8px;border:none}\n\n\n\n\n☰\n\n\n\n\n\n\n\n\n\nexpress\n\n\n\n\n\n\n\nGenerated by GitNexus\n\n\n\n\n\nLoading\u2026\n\n\n\nvar PAGES = {\"authentication-sessions\":\"# Authentication & Sessions\\n\\n# Authentication & Sessions Module\\n\\nThis module provides example implementations for authentication and session management in Express applications. It demonstrates multiple approaches: password-based authentication with sessions, cookie-based sessions, and Redis-backed session storage.\\n\\n## Architecture Overview\\n\\n```mermaid\\ngraph TD\\n A[Client Request] --> B{Session Exists?}\\n B -->|No| C[Create Session]\\n B -->|Yes| D[Load Session Data]\\n C --> E[Route Handler]\\n D --> E\\n E --> F{Protected Route?}\\n F -->|Yes| G[restrict Middleware]\\n G --> H{Authenticated?}\\n H -->|No| I[Redirect to Login]\\n H -->|Yes| J[Process Request]\\n F -->|No| J\\n```\\n\\n## Core Components\\n\\n### Authentication Example (`examples/auth/`)\\n\\nA complete username/password authentication system with session persistence.\\n\\n#### Key Functions\\n\\n**`authenticate(name, pass, fn)`**\\n\\nValidates user credentials against the in-memory user store.\\n\\n- **Parameters:**\\n - `name` - Username to authenticate\\n - `pass` - Plaintext password\\n - `fn` - Callback `(err, user)` where `user` is `null` on failure\\n- **Behavior:** Retrieves the user by name, then hashes the submitted password with the stored salt. Compares the result against the stored hash.\\n\\n**`restrict(req, res, next)`**\\n\\nMiddleware that protects routes from unauthenticated access.\\n\\n- Sets `req.session.error` and redirects to `/login` if no `req.session.user` exists\\n- Calls `next()` when authentication is present\\n\\n#### Authentication Flow\\n\\n1. **POST /login** receives credentials via `req.body.username` and `req.body.password`\\n2. `authenticate()` verifies credentials using PBKDF2 password hashing\\n3. On success, `req.session.regenerate()` creates a new session (prevents session fixation)\\n4. User object stored in `req.session.user`\\n5. Subsequent requests check `req.session.user` via `restrict` middleware\\n\\n#### Session Configuration\\n\\n```javascript\\napp.use(session({\\n resave: false, // Skip saving unmodified sessions\\n saveUninitialized: false, // Don't create session until data stored\\n secret: 'shhhh, very secret'\\n}));\\n```\\n\\n#### Password Hashing\\n\\nUses `pbkdf2-password` for secure password storage. When a user is created, a salt is generated and the password is hashed:\\n\\n```javascript\\nhash({ password: 'foobar' }, function (err, pass, salt, hash) {\\n users.tj.salt = salt;\\n users.tj.hash = hash;\\n});\\n```\\n\\nDuring authentication, the same salt is applied to the submitted password:\\n\\n```javascript\\nhash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) {\\n if (hash === user.hash) return fn(null, user);\\n fn(null, null);\\n});\\n```\\n\\n#### Flash Messages\\n\\nThe session-persisted message middleware extracts `error` and `success` from the session and makes them available in `res.locals.message` for template rendering:\\n\\n```javascript\\napp.use(function(req, res, next){\\n var err = req.session.error;\\n var msg = req.session.success;\\n delete req.session.error;\\n delete req.session.success;\\n res.locals.message = '';\\n if (err) res.locals.message = '\n' + err + '<\\/p>';\\n if (msg) res.locals.message = '\n' + msg + '<\\/p>';\\n next();\\n});\\n```\\n\\n---\\n\\n### Cookie Sessions (`examples/cookie-sessions/`)\\n\\nLightweight session storage using client-side cookies via `cookie-session`.\\n\\n```javascript\\napp.use(cookieSession({ secret: 'manny is cool' }));\\n\\napp.get('/', function (req, res) {\\n req.session.count = (req.session.count || 0) + 1;\\n res.send('viewed ' + req.session.count + ' times\\\\n');\\n});\\n```\\n\\n**Use case:** Small session data that doesn't require server-side storage. Session data is encrypted and stored in the client cookie.\\n\\n---\\n\\n### Cookie Parser (`examples/cookies/`)\\n\\nDemonstrates reading and writing cookies with `cookie-parser`.\\n\\n**Key operations:**\\n\\n- `req.cookies` - Parsed unsigned cookies\\n- `req.signedCookies` - Parsed signed cookies\\n- `res.cookie(name, value, options)` - Set a cookie\\n- `res.clearCookie(name)` - Remove a cookie\\n\\n**Remember-me example:**\\n\\n```javascript\\n// Set cookie with expiration\\nres.cookie('remember', 1, { maxAge: 60000 });\\n\\n// Check for cookie\\nif (req.cookies.remember) {\\n // User is remembered\\n}\\n\\n// Clear cookie\\nres.clearCookie('remember');\\n```\\n\\n---\\n\\n### Redis-Backed Sessions (`examples/session/redis.js`)\\n\\nProduction-ready session storage using Redis via `connect-redis`.\\n\\n```javascript\\nvar RedisStore = require('connect-redis')(session);\\n\\napp.use(session({\\n resave: false,\\n saveUninitialized: false,\\n secret: 'keyboard cat',\\n store: new RedisStore\\n}));\\n```\\n\\n**Benefits:**\\n- Sessions persist across server restarts\\n- Shared session storage for multiple server instances\\n- Automatic session expiration via Redis TTL\\n\\n**Prerequisites:**\\n- Redis server running (`redis-server`)\\n- `npm install redis connect-redis`\\n\\n---\\n\\n### Online User Tracking (`examples/online/`)\\n\\nTracks active users using Redis and the `online` package.\\n\\n```javascript\\nvar online = require('online');\\nvar redis = require('redis');\\nvar db = redis.createClient();\\nonline = online(db);\\n\\n// Track each request\\napp.use(function(req, res, next){\\n online.add(req.headers['user-agent']);\\n next();\\n});\\n\\n// Query recent users\\napp.get('/', function(req, res, next){\\n online.last(5, function(err, ids){\\n // ids = array of recent user identifiers\\n });\\n});\\n```\\n\\n---\\n\\n## Routes Reference\\n\\n### Authentication Example Routes\\n\\n| Route | Method | Handler | Description |\\n|-------|--------|---------|-------------|\\n| `/` | GET | redirects to `/login` | Root redirect |\\n| `/login` | GET | renders login view | Display login form |\\n| `/login` | POST | authenticate, session regenerate | Process credentials |\\n| `/logout` | GET | `req.session.destroy()` | End session |\\n| `/restricted` | GET | `restrict` middleware, send response | Protected content |\\n\\n### Session Example Routes\\n\\n| Route | Method | Handler | Description |\\n|-------|--------|---------|-------------|\\n| `/` | GET | increment `req.session.views` | View counter |\\n\\n---\\n\\n## Security Considerations\\n\\n### Session Fixation Prevention\\n\\nThe authentication example regenerates the session ID on successful login:\\n\\n```javascript\\nreq.session.regenerate(function(){\\n req.session.user = user;\\n // ...\\n});\\n```\\n\\nThis prevents attackers from using a known session ID to hijack authenticated sessions.\\n\\n### Password Storage\\n\\n- Passwords are never stored in plaintext\\n- PBKDF2 derives a key from the password with a unique salt per user\\n- The salt and hash are stored; the plaintext password is discarded\\n\\n### Session Configuration\\n\\n- `resave: false` - Avoids unnecessary session store writes\\n- `saveUninitialized: false` - Prevents creating empty session records for unauthenticated users\\n\\n### Production Requirements\\n\\nBefore deploying to production:\\n\\n1. Replace hardcoded secrets with environment variables\\n2. Use HTTPS to protect cookies in transit\\n3. Set `secure: true` and `httpOnly: true` cookie options\\n4. Use Redis or another persistent store for sessions\\n5. Implement proper user database (replace placeholder `users` object)\\n\\n---\\n\\n## Dependencies\\n\\n| Package | Purpose |\\n|---------|---------|\\n| `express-session` | Server-side session management |\\n| `cookie-session` | Client-side cookie-based sessions |\\n| `cookie-parser` | Parse cookies from request headers |\\n| `pbkdf2-password` | Password hashing with PBKDF2 |\\n| `connect-redis` | Redis session store adapter |\\n| `redis` | Redis client |\\n| `online` | Online user tracking with Redis |\",\"basic-usage\":\"# Basic Usage\\n\\n# Basic Usage Examples\\n\\nThis module contains example applications demonstrating core Express.js patterns. Each example is self-contained and runnable, progressing from minimal setup to more realistic use cases.\\n\\n## Examples Overview\\n\\n| Example | Purpose | Dependencies |\\n|---------|---------|--------------|\\n| `hello-world` | Minimal Express server | None |\\n| `search` | Redis-backed search API | redis |\\n\\n---\\n\\n## Hello World\\n\\n**Location:** `examples/hello-world/index.js`\\n\\nThe simplest Express application. Creates a server that responds to GET requests on the root path.\\n\\n### Code Structure\\n\\n```javascript\\nvar express = require('../../');\\nvar app = module.exports = express();\\n\\napp.get('/', function(req, res){\\n res.send('Hello World');\\n});\\n\\nif (!module.parent) {\\n app.listen(3000);\\n console.log('Express started on port 3000');\\n}\\n```\\n\\n### Key Patterns\\n\\n**Exportable App Pattern:** The `app` is assigned to `module.exports`, allowing the application to be imported by tests or other modules without starting the server:\\n\\n```javascript\\nvar app = module.exports = express()\\n```\\n\\n**Conditional Server Start:** The `!module.parent` check ensures the server only starts when the file is run directly, not when imported:\\n\\n```javascript\\nif (!module.parent) {\\n app.listen(3000);\\n}\\n```\\n\\n### Running\\n\\n```bash\\nnode examples/hello-world/index.js\\n# Visit http://localhost:3000\\n```\\n\\n---\\n\\n## Search Example\\n\\n**Location:** `examples/search/index.js`\\n\\nA more complete application demonstrating static file serving, Redis integration, and dynamic routing.\\n\\n### Architecture\\n\\n```mermaid\\nflowchart LR\\n A[Client Browser] --> B[Express Server]\\n B --> C[Redis Database]\\n B --> D[Static Files]\\n A -->|AJAX /search/:query| B\\n B -->|sMembers| C\\n C -->|results| B\\n B -->|JSON response| A\\n```\\n\\n### Components\\n\\n#### Redis Initialization\\n\\nThe `initializeRedis()` function handles async database setup:\\n\\n```javascript\\nasync function initializeRedis() {\\n await db.connect();\\n await db.sAdd('ferret', 'tobi');\\n await db.sAdd('ferret', 'loki');\\n await db.sAdd('ferret', 'jane');\\n await db.sAdd('cat', 'manny');\\n await db.sAdd('cat', 'luna');\\n}\\n```\\n\\nPopulates Redis sets with sample data for demonstration.\\n\\n#### Static File Serving\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n\\nServes files from `public/` directory. Note: This middleware is placed before route definitions, allowing explicit routes to override static files when needed.\\n\\n#### Search Endpoint\\n\\n```javascript\\napp.get('/search/{:query}', function (req, res, next) {\\n var query = req.params.query || '';\\n db.sMembers(query)\\n .then((vals) => res.send(vals))\\n .catch((err) => {\\n console.error(`Redis error for query \\\"${query}\\\":`, err);\\n next(err);\\n });\\n});\\n```\\n\\n**Route Pattern:** `/search/{:query}` captures the search term as a route parameter.\\n\\n**Error Handling:** Redis errors are passed to Express error middleware via `next(err)`.\\n\\n#### Explicit File Route\\n\\n```javascript\\napp.get('/client.js', function(req, res){\\n res.sendFile(path.join(__dirname, 'client.js'));\\n});\\n```\\n\\nDemonstrates `sendFile()` for serving individual files with full path resolution. This pattern is useful when you need to serve specific files outside the static directory or with additional logic.\\n\\n### Client-Side Integration\\n\\n**Location:** `examples/search/public/client.js`\\n\\nImplements live search using XMLHttpRequest:\\n\\n```javascript\\nvar search = document.querySelector('[type=search]');\\nsearch.addEventListener('keyup', function(){\\n var xhr = new XMLHttpRequest;\\n xhr.open('GET', '/search/' + search.value, true);\\n xhr.onreadystatechange = function(){\\n if (xhr.readyState === 4) {\\n code.textContent = xhr.responseText;\\n }\\n };\\n xhr.send();\\n}, false);\\n```\\n\\nTriggers a search request on each keystroke and displays results in a `\n` element.\\n\\n### Running\\n\\n```bash\\n# Prerequisites\\nnpm install redis\\nredis-server\\n\\n# Start the application\\nnode examples/search/index.js\\n# Visit http://localhost:3000\\n```\\n\\n---\\n\\n## Common Patterns Demonstrated\\n\\n### Response Methods\\n\\n| Method | Example | Use Case |\\n|--------|---------|----------|\\n| `res.send()` | `res.send('Hello World')` | Text or JSON responses |\\n| `res.sendFile()` | `res.sendFile(path.join(...))` | Serving individual files |\\n\\n### Middleware Order\\n\\nThe search example demonstrates middleware ordering importance:\\n\\n1. `express.static()` \u2014 serves public assets first\\n2. Route handlers \u2014 explicit routes can intercept or add logic\\n3. Error handling \u2014 `next(err)` propagates to error middleware\\n\\n### Module Export Pattern\\n\\nBoth examples use the exportable app pattern for testability:\\n\\n```javascript\\n// In test file\\nvar app = require('../examples/hello-world');\\n// App is available without starting server\\n```\",\"core-framework\":\"# Core Framework\\n\\n# Express Core Framework\\n\\nThe Express Core Framework provides the foundational building blocks for creating web applications and APIs. It implements the application factory, request/response prototypes, middleware system, routing infrastructure, and view rendering.\\n\\n## Architecture Overview\\n\\n```mermaid\\ngraph TD\\n A[createApplication] --> B[app function]\\n B --> C[EventEmitter.prototype]\\n B --> D[application prototype]\\n D --> E[router - lazy init]\\n B --> F[request prototype]\\n B --> G[response prototype]\\n F --> H[http.IncomingMessage]\\n G --> I[http.ServerResponse]\\n D --> J[View class]\\n D --> K[utils]\\n```\\n\\n## Application Factory\\n\\nThe `createApplication()` function in `lib/express.js` is the main entry point that constructs an Express application:\\n\\n```javascript\\nfunction createApplication() {\\n var app = function(req, res, next) {\\n app.handle(req, res, next);\\n };\\n\\n mixin(app, EventEmitter.prototype, false);\\n mixin(app, proto, false);\\n\\n app.request = Object.create(req, {\\n app: { configurable: true, enumerable: true, writable: true, value: app }\\n });\\n\\n app.response = Object.create(res, {\\n app: { configurable: true, enumerable: true, writable: true, value: app }\\n });\\n\\n app.init();\\n return app;\\n}\\n```\\n\\nThe returned `app` is both a callable function (for use with `http.createServer`) and an object with methods for configuration, routing, and middleware registration.\\n\\n## Application Prototype (`lib/application.js`)\\n\\n### Initialization\\n\\n**`app.init()`** \u2014 Sets up the application's internal state:\\n- Creates empty `cache`, `engines`, and `settings` objects\\n- Calls `defaultConfiguration()` to apply default settings\\n- Lazily initializes the router via a getter\\n\\n**`app.defaultConfiguration()`** \u2014 Applies default settings:\\n\\n| Setting | Default Value |\\n|---------|---------------|\\n| `x-powered-by` | `true` |\\n| `etag` | `'weak'` |\\n| `env` | `process.env.NODE_ENV \\\\|\\\\| 'development'` |\\n| `query parser` | `'simple'` |\\n| `subdomain offset` | `2` |\\n| `trust proxy` | `false` |\\n| `view` | `View` class |\\n| `views` | `'views'` (resolved path) |\\n| `jsonp callback name` | `'callback'` |\\n\\nIn production mode, `view cache` is automatically enabled.\\n\\n### Request Handling\\n\\n**`app.handle(req, res, callback)`** \u2014 The core request dispatcher:\\n\\n1. Creates a final handler for uncaught errors\\n2. Sets `X-Powered-By: Express` header if enabled\\n3. Establishes circular `req.res` and `res.req` references\\n4. Sets prototypes on `req` and `res` to extend them with Express methods\\n5. Initializes `res.locals` if not present\\n6. Delegates to `this.router.handle()`\\n\\n### Middleware & Routing\\n\\n**`app.use(fn)`** \u2014 Registers middleware on the application router:\\n\\n```javascript\\n// Mount middleware at root\\napp.use(express.json());\\n\\n// Mount middleware at path\\napp.use('/api', authMiddleware);\\n\\n// Mount sub-application\\napp.use('/admin', adminApp);\\n```\\n\\nWhen mounting a sub-application:\\n- The sub-app's `mountpath` and `parent` properties are set\\n- A wrapper function restores request/response prototypes after the sub-app handles\\n- The `'mount'` event is emitted on the sub-app\\n\\n**`app.route(path)`** \u2014 Creates a new `Route` instance for the given path. Routes are isolated middleware stacks for specific paths.\\n\\n**`app.param(name, fn)`** \u2014 Registers parameter middleware. The `name` can be a string or array of strings.\\n\\n**HTTP Method Methods** \u2014 `app.get()`, `app.post()`, `app.put()`, `app.delete()`, etc.:\\n- `app.get(setting)` with one argument retrieves a setting value\\n- `app.get(path, ...handlers)` with multiple arguments creates a route\\n\\n**`app.all(path, ...handlers)`** \u2014 Registers handlers for all HTTP methods on the given path.\\n\\n### Settings Management\\n\\n**`app.set(setting, val)`** \u2014 Sets or retrieves settings:\\n\\n```javascript\\napp.set('title', 'My App'); // Set\\napp.set('title'); // Get \u2192 'My App'\\n```\\n\\nSpecial settings trigger compiled functions:\\n\\n| Setting | Compiled Function |\\n|---------|-------------------|\\n| `etag` | `etag fn` (via `compileETag`) |\\n| `query parser` | `query parser fn` (via `compileQueryParser`) |\\n| `trust proxy` | `trust proxy fn` (via `compileTrust`) |\\n\\n**`app.enable(setting)`** / **`app.disable(setting)`** \u2014 Set to `true` or `false`.\\n\\n**`app.enabled(setting)`** / **`app.disabled(setting)`** \u2014 Check boolean state.\\n\\n### View Rendering\\n\\n**`app.render(name, options, callback)`** \u2014 Renders a view template:\\n\\n1. Merges options with `app.locals` and `opts._locals`\\n2. Checks cache if `view cache` is enabled\\n3. Creates a new `View` instance if not cached\\n4. Calls `view.render()` with the merged options\\n\\n### Server\\n\\n**`app.listen(...)`** \u2014 Creates and starts an HTTP server:\\n\\n```javascript\\napp.listen(3000);\\napp.listen(3000, '127.0.0.1');\\napp.listen(3000, () => console.log('Server started'));\\n```\\n\\n## Request Prototype (`lib/request.js`)\\n\\nExtends `http.IncomingMessage` with properties and methods for handling incoming requests.\\n\\n### Header Access\\n\\n**`req.get(name)`** / **`req.header(name)`** \u2014 Retrieves request headers (case-insensitive). Special-cases `Referer`/`Referrer`.\\n\\n### Content Negotiation\\n\\n| Method | Description |\\n|--------|-------------|\\n| `req.accepts(types)` | Best matching MIME type from Accept header |\\n| `req.acceptsEncodings(...encodings)` | Accepted encodings |\\n| `req.acceptsCharsets(...charsets)` | Accepted charsets |\\n| `req.acceptsLanguages(...languages)` | Accepted languages |\\n\\n### Request Properties\\n\\nAll properties are defined via getters for lazy evaluation:\\n\\n| Property | Description |\\n|----------|-------------|\\n| `req.query` | Parsed query string object |\\n| `req.protocol` | `'http'` or `'https'` |\\n| `req.secure` | `true` if HTTPS |\\n| `req.ip` | Client IP address (respects trust proxy) |\\n| `req.ips` | Array of IPs from X-Forwarded-For |\\n| `req.subdomains` | Array of subdomain parts |\\n| `req.path` | URL pathname |\\n| `req.host` | Host header (respects X-Forwarded-Host) |\\n| `req.hostname` | Host without port |\\n| `req.fresh` | `true` if cache is fresh (ETag/Last-Modified) |\\n| `req.stale` | Opposite of `fresh` |\\n| `req.xhr` | `true` if XMLHttpRequest |\\n\\n### Other Methods\\n\\n**`req.range(size, options)`** \u2014 Parses the `Range` header. Returns `undefined` if no range, `-1` if unsatisfiable, `-2` if invalid, or an array of range objects.\\n\\n**`req.is(types)`** \u2014 Checks if the request Content-Type matches the given types.\\n\\n## Response Prototype (`lib/response.js`)\\n\\nExtends `http.ServerResponse` with methods for sending responses.\\n\\n### Status & Headers\\n\\n**`res.status(code)`** \u2014 Sets HTTP status code. Validates integer range 100-999.\\n\\n**`res.set(field, val)`** / **`res.header(field, val)`** \u2014 Sets response headers. Accepts object or key-value pairs.\\n\\n**`res.get(field)`** \u2014 Retrieves a response header.\\n\\n**`res.append(field, val)`** \u2014 Appends to an existing header.\\n\\n**`res.vary(field)`** \u2014 Adds to the `Vary` header.\\n\\n**`res.links(links)`** \u2014 Sets `Link` header from an object.\\n\\n### Sending Responses\\n\\n**`res.send(body)`** \u2014 Universal response sender:\\n- Strings: sent as HTML with UTF-8 charset\\n- Objects/Arrays: converted to JSON\\n- Buffers: sent as binary\\n- Numbers/Booleans: converted to JSON\\n- Automatically sets `Content-Length` and `ETag`\\n- Handles 204, 205, 304 status codes specially\\n\\n**`res.json(obj)`** \u2014 Sends JSON response with `Content-Type: application/json`.\\n\\n**`res.jsonp(obj)`** \u2014 Sends JSONP response. Uses the query parameter specified by `jsonp callback name` setting.\\n\\n**`res.sendStatus(statusCode)`** \u2014 Sends status code with its standard message.\\n\\n### Files & Downloads\\n\\n**`res.sendFile(path, options, callback)`** \u2014 Streams a file:\\n- Options: `maxAge`, `root`, `headers`, `dotfiles`\\n- Requires absolute path or `root` option\\n- Uses the `send` module internally\\n\\n**`res.download(path, filename, options, callback)`** \u2014 Sends file as attachment with `Content-Disposition` header.\\n\\n**`res.attachment(filename)`** \u2014 Sets `Content-Disposition: attachment` header.\\n\\n### Content Type\\n\\n**`res.type(type)`** / **`res.contentType(type)`** \u2014 Sets Content-Type. Accepts extensions or full MIME types.\\n\\n**`res.format(obj)`** \u2014 Content negotiation based on Accept header:\\n\\n```javascript\\nres.format({\\n 'text/plain': () => res.send('text'),\\n 'text/html': () => res.send('\nhtml<\\/p>'),\\n 'application/json': () => res.json({ data: 'json' }),\\n default: () => res.status(406).send('Not Acceptable')\\n});\\n```\\n\\n### Cookies\\n\\n**`res.cookie(name, value, options)`** \u2014 Sets a cookie:\\n- `maxAge`: milliseconds until expiry\\n- `signed`: sign with `req.secret`\\n- `path`: defaults to `/`\\n- Other options: `expires`, `httpOnly`, `secure`, `sameSite`, etc.\\n\\n**`res.clearCookie(name, options)`** \u2014 Clears a cookie by setting expiry to the past.\\n\\n### Redirects\\n\\n**`res.location(url)`** \u2014 Sets `Location` header. Handles `'back'` for referrer.\\n\\n**`res.redirect(url)`** / **`res.redirect(status, url)`** \u2014 Performs HTTP redirect (default 302). Responds with appropriate body based on Accept header.\\n\\n### Rendering\\n\\n**`res.render(view, options, callback)`** \u2014 Renders a view template:\\n1. Merges `res.locals` into options\\n2. Calls `app.render()` with the view name\\n3. Default callback sends the rendered HTML\\n\\n## View Class (`lib/view.js`)\\n\\nHandles template lookup and rendering.\\n\\n### Constructor\\n\\n```javascript\\nnew View(name, {\\n defaultEngine: 'ejs',\\n root: './views',\\n engines: { '.ejs': ejs.__express }\\n});\\n```\\n\\n- Resolves the file extension from the name or default engine\\n- Loads the template engine if not already cached\\n- Looks up the view file\\n\\n### Methods\\n\\n**`view.lookup(name)`** \u2014 Searches for the view file in configured root directories.\\n\\n**`view.resolve(dir, file)`** \u2014 Resolves a file within a directory, checking:\\n1. `.`\\n2. `/index.`\\n\\n**`view.render(options, callback)`** \u2014 Renders the view using the loaded engine. Ensures the callback is always invoked asynchronously via `process.nextTick()`.\\n\\n## Utilities (`lib/utils.js`)\\n\\nInternal helper functions used throughout the framework:\\n\\n| Function | Purpose |\\n|----------|---------|\\n| `methods` | Array of lowercase HTTP methods from Node.js |\\n| `etag(body, encoding)` | Generate strong ETag |\\n| `wetag(body, encoding)` | Generate weak ETag |\\n| `compileETag(val)` | Convert setting to ETag function |\\n| `compileQueryParser(val)` | Convert setting to query parser function |\\n| `compileTrust(val)` | Convert setting to trust proxy function |\\n| `normalizeType(type)` | Normalize MIME type with params |\\n| `normalizeTypes(types)` | Normalize array of types |\\n| `setCharset(type, charset)` | Add charset to Content-Type |\\n\\n## Sub-Application Mounting\\n\\nWhen mounting an Express app within another app:\\n\\n```javascript\\nvar admin = express();\\nadmin.locals.title = 'Admin';\\n\\napp.use('/admin', admin);\\n```\\n\\nThe sub-app:\\n- Receives `mountpath` set to `/admin`\\n- Receives `parent` reference to the main app\\n- Emits `'mount'` event\\n- Inherits `request`, `response`, `engines`, and `settings` prototypes from parent\\n- Inherits `trust proxy` setting if not explicitly set\\n\\n## Error Handling\\n\\nThe `finalhandler` module is used as the default error handler when no callback is provided to `app.handle()`. Errors are logged via `logerror()` in non-test environments.\\n\\n## Exports\\n\\nThe main `express` module exports:\\n\\n```javascript\\nexpress() // createApplication factory\\nexpress.application // application prototype\\nexpress.request // request prototype\\nexpress.response // response prototype\\nexpress.Route // Route class from router\\nexpress.Router // Router class\\nexpress.json() // JSON body parser\\nexpress.raw() // Raw body parser\\nexpress.text() // Text body parser\\nexpress.urlencoded() // URL-encoded body parser\\nexpress.static() // Static file server\\n```\",\"error-handling\":\"# Error Handling\\n\\n# Error Handling Module\\n\\nThis module demonstrates Express.js error handling patterns through two example applications: a comprehensive error pages example with content negotiation, and a minimal error handling example.\\n\\n## Overview\\n\\nExpress distinguishes between two types of middleware:\\n- **Regular middleware**: signature `(req, res, next)` \u2014 handles normal request flow\\n- **Error-handling middleware**: signature `(err, req, res, next)` \u2014 catches errors passed through `next(err)` or thrown synchronously\\n\\nError-handling middleware must be registered **after** all routes and regular middleware to receive errors.\\n\\n## Architecture\\n\\n```mermaid\\nflowchart TD\\n A[Request] --> B{Route Handler}\\n B -->|Success| C[Response]\\n B -->|throw Error| D[Error Middleware]\\n B -->|next err| D\\n B -->|next without response| E[404 Handler]\\n D --> F[Error Response]\\n E --> G[404 Response]\\n```\\n\\n## Examples\\n\\n### Error Pages Example (`examples/error-pages/`)\\n\\nA full-featured error handling demonstration with custom views and content negotiation.\\n\\n#### Configuration\\n\\n```javascript\\napp.set('views', path.join(__dirname, 'views'));\\napp.set('view engine', 'ejs');\\napp.enable('verbose errors');\\n\\n// Disable verbose errors in production\\nif (app.settings.env === 'production') app.disable('verbose errors')\\n```\\n\\nThe `verbose errors` setting controls whether stack traces are displayed in error pages. This is exposed to templates via `settings['verbose errors']`.\\n\\n#### Triggering Errors\\n\\n| Route | Method | Behavior |\\n|-------|--------|----------|\\n| `GET /404` | `next()` | No response sent, falls through to 404 handler |\\n| `GET /403` | `next(err)` | Passes a 403 error to error middleware |\\n| `GET /500` | `next(new Error(...))` | Triggers a generic 500 error |\\n\\n```javascript\\napp.get('/403', function(req, res, next){\\n var err = new Error('not allowed!');\\n err.status = 403;\\n next(err);\\n});\\n```\\n\\n#### 404 Handler\\n\\nPlaced after all routes. If no route matched or no middleware responded, this handler creates a 404 response:\\n\\n```javascript\\napp.use(function(req, res, next){\\n res.status(404);\\n res.format({\\n html: function () {\\n res.render('404', { url: req.url })\\n },\\n json: function () {\\n res.json({ error: 'Not found' })\\n },\\n default: function () {\\n res.type('txt').send('Not found')\\n }\\n })\\n});\\n```\\n\\nThe `res.format()` method performs content negotiation based on the `Accept` header.\\n\\n#### Error Middleware\\n\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500);\\n res.render('500', { error: err });\\n});\\n```\\n\\nUses `err.status` if available, otherwise defaults to 500 (Internal Server Error).\\n\\n#### Views\\n\\n**500.ejs** \u2014 Conditionally displays stack traces:\\n\\n```ejs\\n\nError: <%= error.message %><\\/h2>\\n<% if (settings['verbose errors']) { %>\\n \n<%= error.stack %><\\/pre>\\n<% } else { %>\\n \nAn error occurred!<\\/p>\\n<% } %>\\n```\\n\\n### Minimal Error Example (`examples/error/`)\\n\\nDemonstrates two ways errors reach error-handling middleware:\\n\\n#### Synchronous Throw\\n\\n```javascript\\napp.get('/', function () {\\n throw new Error('something broke!');\\n});\\n```\\n\\nThrown errors are automatically caught by Express and passed to error middleware.\\n\\n#### Async with next(err)\\n\\n```javascript\\napp.get('/next', function(req, res, next){\\n process.nextTick(function(){\\n next(new Error('oh no!'));\\n });\\n});\\n```\\n\\nFor async operations, pass errors to `next()`. Throwing inside async callbacks won't be caught by Express.\\n\\n#### Error Handler\\n\\n```javascript\\nfunction error(err, req, res, next) {\\n if (!test) console.error(err.stack);\\n res.status(500);\\n res.send('Internal Server Error');\\n}\\n\\napp.use(error);\\n```\\n\\n## Key Concepts\\n\\n### Middleware Arity\\n\\nExpress uses function arity (argument count) to identify error-handling middleware:\\n\\n| Arity | Type | Signature |\\n|-------|------|-----------|\\n| 3 | Regular | `(req, res, next)` |\\n| 4 | Error | `(err, req, res, next)` |\\n\\n### Error Propagation\\n\\n1. **Synchronous throws**: Caught automatically by Express\\n2. **`next(err)`**: Passes error to next error-handling middleware\\n3. **`next()`**: Continues to next regular middleware (no error)\\n4. **No response + no next()**: Falls through to subsequent middleware\\n\\n### Middleware Order\\n\\nError handlers must be registered **after** routes:\\n\\n```javascript\\n// \u2713 Correct\\napp.get('/', routeHandler);\\napp.use(errorHandler);\\n\\n// \u2717 Wrong - handler never receives errors\\napp.use(errorHandler);\\napp.get('/', routeHandler);\\n```\\n\\n### Production vs Development\\n\\n| Environment | Verbose Errors | Stack Traces |\\n|--------------|----------------|--------------|\\n| Development | Enabled | Shown |\\n| Production | Disabled | Hidden |\\n\\n## Testing Error Responses\\n\\n```bash\\n# 404 with different Accept headers\\ncurl http://localhost:3000/notfound\\ncurl http://localhost:3000/notfound -H \\\"Accept: application/json\\\"\\ncurl http://localhost:3000/notfound -H \\\"Accept: text/plain\\\"\\n```\",\"other-acceptance\":\"# Other \u2014 acceptance\\n\\n# Acceptance Tests Module\\n\\nThe `test/acceptance/` directory contains integration tests for Express example applications. Each test file validates the end-to-end behavior of a corresponding example in the `examples/` directory using HTTP requests via `supertest`.\\n\\n## Purpose\\n\\nThese tests serve as:\\n- **Integration verification** \u2014 Confirm example apps work correctly as complete systems\\n- **Documentation by example** \u2014 Demonstrate expected HTTP behavior for each feature\\n- **Regression protection** \u2014 Catch breaking changes in example applications\\n\\n## Architecture\\n\\n```\\ntest/acceptance/\\n\u251c\u2500\u2500 auth.js \u2192 examples/auth\\n\u251c\u2500\u2500 content-negotiation.js \u2192 examples/content-negotiation\\n\u251c\u2500\u2500 cookie-sessions.js \u2192 examples/cookie-sessions\\n\u251c\u2500\u2500 cookies.js \u2192 examples/cookies\\n\u251c\u2500\u2500 downloads.js \u2192 examples/downloads\\n\u251c\u2500\u2500 ejs.js \u2192 examples/ejs\\n\u251c\u2500\u2500 error.js \u2192 examples/error\\n\u251c\u2500\u2500 error-pages.js \u2192 examples/error-pages\\n\u251c\u2500\u2500 hello-world.js \u2192 examples/hello-world\\n\u251c\u2500\u2500 markdown.js \u2192 examples/markdown\\n\u251c\u2500\u2500 multi-router.js \u2192 examples/multi-router\\n\u251c\u2500\u2500 mvc.js \u2192 examples/mvc\\n\u251c\u2500\u2500 params.js \u2192 examples/params\\n\u251c\u2500\u2500 resource.js \u2192 examples/resource\\n\u251c\u2500\u2500 route-map.js \u2192 examples/route-map\\n\u251c\u2500\u2500 route-separation.js \u2192 examples/route-separation\\n\u251c\u2500\u2500 vhost.js \u2192 examples/vhost\\n\u2514\u2500\u2500 web-service.js \u2192 examples/web-service\\n```\\n\\n## Test Structure\\n\\nAll tests follow a consistent pattern using Mocha and supertest:\\n\\n```javascript\\nvar request = require('supertest');\\nvar app = require('../../examples/example-name');\\n\\ndescribe('example-name', function(){\\n describe('GET /path', function(){\\n it('should respond with expected behavior', function(done){\\n request(app)\\n .get('/path')\\n .expect(200, done);\\n });\\n });\\n});\\n```\\n\\n## Key Test Categories\\n\\n### Authentication & Sessions\\n\\n**auth.js** \u2014 Tests login/logout flow, session persistence, and route protection:\\n- Redirects unauthenticated users to `/login`\\n- Validates credentials (username: `tj`, password: `foobar`)\\n- Sets session cookies on successful login\\n- Restricts `/restricted` to authenticated users\\n\\n**cookie-sessions.js** \u2014 Tests cookie-based session state:\\n- Tracks view counts across requests\\n- Persists session data via cookies\\n\\n**cookies.js** \u2014 Tests cookie handling:\\n- Setting and clearing cookies\\n- \\\"Remember me\\\" functionality\\n\\n### Content Handling\\n\\n**content-negotiation.js** \u2014 Tests response format negotiation:\\n- `Accept: text/html` \u2192 HTML list\\n- `Accept: text/plain` \u2192 Plain text list\\n- `Accept: application/json` \u2192 JSON array\\n\\n**downloads.js** \u2014 Tests file download behavior:\\n- Sets `Content-Disposition: attachment` headers\\n- Blocks path traversal attacks (`/files/../index.js` returns 403)\\n- Returns 404 for missing files\\n\\n**ejs.js** \u2014 Tests EJS template rendering with proper HTML escaping\\n\\n**markdown.js** \u2014 Tests markdown-to-HTML conversion\\n\\n### Routing Patterns\\n\\n**multi-router.js** \u2014 Tests multiple Express routers:\\n- Root routes (`/`)\\n- Versioned API routes (`/api/v1/`, `/api/v2/`)\\n\\n**route-map.js** \u2014 Tests route mapping with HTTP method verbs\\n\\n**route-separation.js** \u2014 Tests modular route organization:\\n- User routes (`/users`, `/user/:id`)\\n- Pet routes (`/pet/:id`)\\n- Post routes (`/posts`)\\n\\n**params.js** \u2014 Tests route parameter preconditions:\\n- User lookup by ID\\n- Range parsing (`/users/0-2`)\\n- Error handling for invalid params\\n\\n### Error Handling\\n\\n**error.js** \u2014 Tests error middleware:\\n- Synchronous errors return 500\\n- Missing routes return 404\\n\\n**error-pages.js** \u2014 Tests custom error pages with content negotiation:\\n- HTML, JSON, and plain text error responses\\n- Status codes: 403, 404, 500\\n\\n### API Patterns\\n\\n**web-service.js** \u2014 Tests REST API with API key authentication:\\n- Missing API key \u2192 400 Bad Request\\n- Invalid API key \u2192 401 Unauthorized\\n- Valid API key (`foo` or `bar`) \u2192 JSON response\\n\\n**resource.js** \u2014 Tests resource-based routing:\\n- CRUD operations on `/users`\\n- Range queries (`/users/1..3`)\\n- JSON format suffix (`.json`)\\n\\n### Virtual Hosting\\n\\n**vhost.js** \u2014 Tests virtual host routing:\\n- `example.com` \u2192 main app\\n- `foo.example.com` \u2192 redirects to `/foo`\\n- `bar.example.com` \u2192 redirects to `/bar`\\n\\n### MVC Pattern\\n\\n**mvc.js** \u2014 Tests full MVC implementation:\\n- User CRUD operations\\n- Pet management per user\\n- Edit forms and updates\\n\\n## Helper Functions\\n\\n### getCookie (auth.js)\\n\\nExtracts session cookie from response headers:\\n\\n```javascript\\nfunction getCookie(res) {\\n return res.headers['set-cookie'][0].split(';')[0];\\n}\\n```\\n\\n### getCookies (cookie-sessions.js)\\n\\nExtracts all cookies for multi-cookie responses:\\n\\n```javascript\\nfunction getCookies(res) {\\n return res.headers['set-cookie'].map(function (val) {\\n return val.split(';')[0]\\n }).join('; ');\\n}\\n```\\n\\n## External Dependencies\\n\\n- **supertest** \u2014 HTTP assertion library for testing Express apps\\n- **test/support/utils.js** \u2014 Shared test utilities:\\n - `shouldNotHaveHeader(headerName)` \u2014 Asserts response lacks a specific header\\n\\n## Running Tests\\n\\n```bash\\n# Run all acceptance tests\\nnpm test -- --grep \\\"acceptance\\\"\\n\\n# Run specific example test\\nnpm test -- test/acceptance/auth.js\\n```\\n\\n## Adding New Acceptance Tests\\n\\n1. Create `test/acceptance/your-feature.js`\\n2. Import the example app: `var app = require('../../examples/your-feature')`\\n3. Structure tests by HTTP method and route\\n4. Test both success and error scenarios\\n5. Verify status codes, response bodies, and headers\",\"other-examples\":\"# Other \u2014 examples\\n\\n# Express Examples\\n\\nThe `examples/` directory contains reference applications demonstrating Express.js features and common patterns. Each subdirectory is a self-contained, runnable application focused on a specific concept.\\n\\n## Overview\\n\\nThese examples serve as practical guides for implementing common web application features with Express. They range from basic request handling to advanced patterns like MVC architecture and virtual hosting.\\n\\n## Example Categories\\n\\n### Core Concepts\\n\\n| Example | Description |\\n|---------|-------------|\\n| `hello-world` | Minimal Express server with a single request handler |\\n| `static-files` | Serving static assets (CSS, JS, images) |\\n| `error` | Error handling middleware implementation |\\n| `error-pages` | Custom error page rendering |\\n\\n### Routing Patterns\\n\\n| Example | Description |\\n|---------|-------------|\\n| `params` | Route parameter extraction and validation |\\n| `route-middleware` | Middleware specific to routes |\\n| `route-separation` | Organizing routes by resource |\\n| `route-map` | Route definitions using configuration maps |\\n| `multi-router` | Multiple Express routers for modular routing |\\n| `resource` | RESTful resource handling with multiple HTTP methods |\\n\\n### Sessions and Authentication\\n\\n| Example | Description |\\n|---------|-------------|\\n| `auth` | Login and password authentication flow |\\n| `session` | Server-side session management |\\n| `cookie-sessions` | Client-side session storage via cookies |\\n| `cookies` | Reading and writing HTTP cookies |\\n| `online` | Real-time user activity tracking with Redis |\\n\\n### Views and Templating\\n\\n| Example | Description |\\n|---------|-------------|\\n| `ejs` | Embedded JavaScript templates |\\n| `markdown` | Markdown as a template engine |\\n| `view-constructor` | Dynamic view rendering |\\n| `view-locals` | Passing data through `res.locals` |\\n\\n### HTTP Features\\n\\n| Example | Description |\\n|---------|-------------|\\n| `content-negotiation` | Responding based on `Accept` headers |\\n| `downloads` | File transfer to clients |\\n| `search` | Search API implementation |\\n| `web-service` | RESTful API service |\\n| `vhost` | Virtual hosting for multiple domains |\\n\\n### Architecture Patterns\\n\\n| Example | Description |\\n|---------|-------------|\\n| `mvc` | Model-View-Controller structure |\\n| `online` | Integration with external services (Redis) |\\n\\n## Running an Example\\n\\nEach example is a standalone Node.js application:\\n\\n```bash\\ncd examples/hello-world\\nnpm install\\nnode app.js\\n```\\n\\nMost examples follow this pattern, though some (like `online`) require additional setup such as a running Redis instance.\\n\\n## Directory Structure\\n\\nEach example typically contains:\\n\\n```\\nexample-name/\\n\u251c\u2500\u2500 app.js # Main application entry point\\n\u251c\u2500\u2500 package.json # Dependencies and scripts\\n\u251c\u2500\u2500 routes/ # Route handlers (in larger examples)\\n\u251c\u2500\u2500 views/ # Template files (when applicable)\\n\u2514\u2500\u2500 public/ # Static assets (when applicable)\\n```\\n\\n## Learning Path\\n\\nRecommended order for newcomers:\\n\\n1. `hello-world` \u2014 Understand basic server setup\\n2. `static-files` \u2014 Learn to serve assets\\n3. `route-middleware` \u2014 Grasp middleware chains\\n4. `params` \u2014 Work with dynamic routes\\n5. `error` \u2014 Implement error handling\\n6. `session` \u2014 Add state management\\n7. `auth` \u2014 Secure your application\\n8. `mvc` \u2014 Structure larger applications\",\"other-history-md\":\"# Other \u2014 History.md\\n\\n# History.md - Express.js Changelog\\n\\n## Overview\\n\\n`History.md` is the canonical changelog for Express.js, documenting the complete evolution of the framework from early 0.x releases through the current 5.x series. It serves as the primary historical record of all changes, including new features, bug fixes, breaking changes, deprecations, security updates, and dependency updates.\\n\\n## Purpose\\n\\nThis file provides:\\n\\n- **Release history**: Chronological record of all published versions with release dates\\n- **Migration guidance**: Breaking changes and deprecation notices to help developers upgrade\\n- **Feature documentation**: New capabilities added in each release\\n- **Security tracking**: CVE references and security advisory links\\n- **Dependency evolution**: External package version changes and their impact\\n\\n## Structure\\n\\nThe changelog follows a reverse-chronological format with these conventions:\\n\\n### Version Headers\\n\\n```\\n5.2.1 / 2025-12-01\\n===================\\n```\\n\\nEach version entry includes:\\n- Version number (semver format)\\n- Release date in `YYYY-MM-DD` format\\n\\n### Change Categories\\n\\nChanges are organized by type using emoji prefixes:\\n\\n| Category | Prefix | Description |\\n|----------|--------|-------------|\\n| Improvements | \ud83d\ude80 | Enhancements and refinements |\\n| Performance | \u26a1 | Optimizations and speed improvements |\\n| Breaking | `breaking:` | Changes requiring code modification |\\n| Remove | `remove:` | Deprecated features removed |\\n| Change | `change:` | Modified behavior |\\n| Add | `add:` | New features |\\n| Fix | `fix:` | Bug corrections |\\n| Deps | `deps:` | Dependency updates |\\n| Deprecate | `deprecate` | Features scheduled for removal |\\n| Perf | `perf:` | Performance improvements |\\n| Security | Security fix | CVE and security advisory references |\\n\\n### Pull Request References\\n\\nChanges link to their source:\\n\\n```\\n- by [@username](https://github.com/username) in [#1234](https://github.com/expressjs/express/pull/1234)\\n```\\n\\n### Code Examples\\n\\nSignificant changes include usage examples:\\n\\n```js\\napp.render('index', null, callback); // now works as expected\\n```\\n\\n## Key Version Milestones\\n\\n### Express 5.x (Current)\\n\\nThe 5.x series represents a major evolution with significant breaking changes:\\n\\n**5.0.0 (2024-09-10)** - Major release highlights:\\n- `res.status()` now validates integer status codes (99 < code < 1000)\\n- Removed `res.redirect('back')` magic string support\\n- `res.clearCookie` ignores user-provided `maxAge` and `expires`\\n- Removed `path-is-absolute` dependency (use `path.isAbsolute`)\\n- Multiple dependency updates to modern versions\\n\\n**5.1.0 (2025-03-31)** - Feature additions:\\n- `Uint8Array` support in `res.send()`\\n- ETag option in `res.sendFile()`\\n- Multiple links with same rel in `res.links()`\\n- Removed legacy dependencies: `setprototypeof`, `safe-buffer`, `utils-merge`, `methods`, `depd`\\n\\n**Unreleased** - Upcoming improvements:\\n- Enhanced HTML structure in `res.redirect()` responses\\n- `app.render()` now handles `null` options correctly\\n- Performance: reduced duplicate Content-Type processing in `res.send()`\\n\\n### Express 4.x (Stable Legacy)\\n\\nThe 4.x series remains widely used with active maintenance:\\n\\n**4.20.0 (2024-09-10)** - Security and dependency updates:\\n- Removed link renderization in `res.redirect` HTML responses\\n- `body-parser` depth option (default: 32, previously Infinity)\\n- `path-to-regexp@0.1.10` with named matching groups support\\n\\n**4.19.x (2024-03)** - Security fixes:\\n- Open redirect allow list bypass prevention\\n- Non-string encoding handling in `res.location`\\n\\n**4.18.x (2022)** - Feature additions:\\n- `res.download` \\\"root\\\" option\\n- `res.status` deprecation for non-integer arguments\\n- Proper 205 response handling\\n\\n### Express 3.x (Deprecated)\\n\\nHistorical reference for legacy applications. Key transitions from 3.x to 4.x:\\n\\n- Removed bundled middleware (except `static`)\\n- `app.router` removed\\n- `req.params` changed from array to object\\n- `res.locals` changed from function to plain object\\n\\n## Breaking Changes Reference\\n\\n### Response Method Signatures\\n\\nSeveral response method signatures changed across versions:\\n\\n| Version | Old Signature | New Signature |\\n|---------|---------------|---------------|\\n| 5.0.0-alpha.6 | `res.redirect(url, status)` | `res.redirect(status, url)` |\\n| 5.0.0-alpha.6 | `res.send(status, body)` | `res.status(status).send(body)` |\\n| 5.0.0-alpha.3 | `res.json(status, obj)` | `res.status(status).json(obj)` |\\n| 5.0.0-alpha.3 | `res.jsonp(status, obj)` | `res.status(status).jsonp(obj)` |\\n\\n### Removed Features\\n\\n| Feature | Removed In | Replacement |\\n|---------|------------|-------------|\\n| `app.del()` | 5.0.0-alpha.1 | `app.delete()` |\\n| `req.param()` | 5.0.0-alpha.2 | `req.params`, `req.body`, `req.query` |\\n| `res.sendfile` | 5.0.0-beta.1 | `res.sendFile` |\\n| `res.redirect('back')` | 5.0.0 | `req.get('Referrer') || '/'` |\\n| `express.query` | 5.0.0-alpha.1 | Use body-parser middleware |\\n\\n## Security Advisories\\n\\nThe changelog documents security vulnerabilities with full references:\\n\\n| CVE | Version Fixed | Description |\\n|-----|---------------|-------------|\\n| CVE-2024-47764 | 5.0.1 | Cookie semver vulnerability |\\n| CVE-2024-51999 | 5.2.0 (reverted in 5.2.1) | Extended query parser (rejected CVE) |\\n| GHSA-pj86-cfqh-vqx6 | 5.2.0 | Related to CVE-2024-51999 |\\n\\n## Dependency Evolution\\n\\n### Core Dependencies (5.x)\\n\\n```\\nbody-parser@^2.2.1\\nrouter@^2.2.0\\ndebug@^4.4.0\\nqs@^6.14.0\\ncontent-type@^1.0.5\\nfinalhandler@^2.1.0\\n```\\n\\n### Removed Dependencies (5.1.0)\\n\\nSeveral legacy compatibility packages were removed:\\n- `setprototypeof` - now uses native `Object.setPrototypeOf`\\n- `safe-buffer` - uses native `Buffer` API\\n- `utils-merge` - replaced with native spread/assign\\n- `methods` - internalized\\n- `depd` - deprecation handling simplified\\n\\n## Usage for Developers\\n\\n### When Upgrading\\n\\n1. **Identify target version** - Locate the version header for your upgrade target\\n2. **Review breaking changes** - Check `breaking:` and `remove:` entries\\n3. **Note deprecations** - Plan for `deprecate` items in future releases\\n4. **Check dependencies** - Verify compatible dependency versions\\n5. **Test security fixes** - Ensure security-related changes don't affect behavior\\n\\n### Version Range Navigation\\n\\nFor upgrading across multiple versions, read entries between your current and target versions. Each entry is self-contained with sufficient context for understanding the change impact.\\n\\n### Pull Request Investigation\\n\\nEach change links to its originating PR. For detailed implementation details, discussion context, or related issues, follow the PR links provided.\",\"other-package-json\":\"# Other \u2014 package.json\\n\\n# package.json\\n\\nExpress.js package manifest defining project metadata, dependencies, and development workflows.\\n\\n## Overview\\n\\nThis is the npm package configuration for Express 5.2.1. It declares the framework's public API surface, runtime requirements, and development toolchain.\\n\\n## Runtime Requirements\\n\\n```json\\n\\\"engines\\\": {\\n \\\"node\\\": \\\">= 18\\\"\\n}\\n```\\n\\nExpress 5.x requires Node.js 18 or later. This aligns with the framework's use of modern JavaScript features and the updated dependency versions.\\n\\n## Published Files\\n\\n```json\\n\\\"files\\\": [\\n \\\"LICENSE\\\",\\n \\\"Readme.md\\\",\\n \\\"index.js\\\",\\n \\\"lib/\\\"\\n]\\n```\\n\\nWhen published to npm, only these files are included. The `lib/` directory contains the core framework implementation, while `index.js` serves as the main entry point.\\n\\n## Production Dependencies\\n\\n| Package | Version | Purpose |\\n|---------|---------|---------|\\n| `accepts` | ^2.0.0 | Content negotiation for Accept headers |\\n| `body-parser` | ^2.2.1 | Request body parsing middleware |\\n| `content-disposition` | ^1.0.0 | Content-Disposition header generation |\\n| `content-type` | ^1.0.5 | Content-Type header parsing |\\n| `cookie` | ^0.7.1 | Cookie parsing and serialization |\\n| `cookie-signature` | ^1.2.1 | Cookie signing for tamper detection |\\n| `debug` | ^4.4.0 | Debugging output with namespace support |\\n| `depd` | ^2.0.0 | Deprecation warnings |\\n| `encodeurl` | ^2.0.0 | URL encoding utilities |\\n| `escape-html` | ^1.0.3 | HTML entity escaping for XSS prevention |\\n| `etag` | ^1.8.1 | ETag header generation for caching |\\n| `finalhandler` | ^2.1.0 | Final request handler for cleanup |\\n| `fresh` | ^2.0.0 | HTTP cache freshness validation |\\n| `http-errors` | ^2.0.0 | HTTP error object creation |\\n| `merge-descriptors` | ^2.0.0 | Property descriptor merging |\\n| `mime-types` | ^3.0.0 | MIME type lookup and resolution |\\n| `on-finished` | ^2.4.1 | Callback attachment for request/response completion |\\n| `once` | ^1.4.0 | Single-execution function wrapper |\\n| `parseurl` | ^1.3.3 | URL parsing with caching |\\n| `proxy-addr` | ^2.0.7 | Proxy address resolution for X-Forwarded-For |\\n| `qs` | ^6.14.2 | Query string parsing with nesting support |\\n| `range-parser` | ^1.2.1 | Range header parsing for file downloads |\\n| `router` | ^2.2.0 | Core routing implementation |\\n| `send` | ^1.1.0 | Static file serving with caching |\\n| `serve-static` | ^2.2.0 | Static file serving middleware |\\n| `statuses` | ^2.0.1 | HTTP status code mappings |\\n| `type-is` | ^2.0.1 | Request content-type checking |\\n| `vary` | ^1.1.2 | Vary header manipulation for caching |\\n\\n### Key Dependency Groups\\n\\n**Request Processing**: `body-parser`, `qs`, `type-is`, `content-type`\\n\\n**Response Handling**: `send`, `serve-static`, `content-disposition`, `etag`, `fresh`\\n\\n**Routing**: `router`, `parseurl`\\n\\n**Security**: `cookie-signature`, `escape-html`, `proxy-addr`, `http-errors`\\n\\n**HTTP Utilities**: `accepts`, `vary`, `statuses`, `range-parser`\\n\\n## Development Dependencies\\n\\n| Package | Version | Purpose |\\n|---------|---------|---------|\\n| `mocha` | ^10.7.3 | Test framework |\\n| `supertest` | ^6.3.0 | HTTP assertion testing |\\n| `nyc` | ^17.1.0 | Code coverage instrumentation |\\n| `eslint` | 8.47.0 | Code linting |\\n| `marked` | ^15.0.3 | Markdown processing for docs |\\n\\n### Session and Auth Testing\\n\\n| Package | Version | Purpose |\\n|---------|---------|---------|\\n| `express-session` | ^1.18.1 | Session middleware testing |\\n| `connect-redis` | ^8.0.1 | Redis session store testing |\\n| `cookie-parser` | 1.4.7 | Cookie parsing middleware testing |\\n| `cookie-session` | 2.1.1 | Cookie-based session testing |\\n| `pbkdf2-password` | 1.2.1 | Password hashing for auth examples |\\n\\n### Template Engine Testing\\n\\n| Package | Version | Purpose |\\n|---------|---------|---------|\\n| `ejs` | ^3.1.10 | Embedded JavaScript templates |\\n| `hbs` | 4.2.0 | Handlebars templates |\\n\\n### Middleware Testing\\n\\n| Package | Version | Purpose |\\n|---------|---------|---------|\\n| `morgan` | 1.10.1 | HTTP request logger |\\n| `method-override` | 3.0.0 | HTTP method override support |\\n| `vhost` | ~3.0.2 | Virtual host routing |\\n\\n## NPM Scripts\\n\\n### Linting\\n\\n```bash\\nnpm run lint # Check code style\\nnpm run lint:fix # Auto-fix style issues\\n```\\n\\nUses ESLint 8.47.0 for code quality enforcement.\\n\\n### Testing\\n\\n```bash\\nnpm test # Run full test suite with spec reporter\\nnpm run test-tap # Run tests with TAP output for CI parsing\\nnpm run test-cov # Run tests with HTML coverage report\\nnpm run test-ci # Run tests with lcov output for CI services\\n```\\n\\n**Test Configuration**:\\n- Test files: `test/` and `test/acceptance/`\\n- Environment setup: `test/support/env`\\n- Leak detection enabled (`--check-leaks`)\\n\\n**Coverage Exclusions**: `examples/`, `test/`, `benchmarks/`\\n\\n## Version Information\\n\\n- **Current Version**: 5.2.1\\n- **License**: MIT\\n- **Author**: TJ Holowaychuk\\n- **Repository**: expressjs/express\\n\\n## Funding\\n\\nThe project accepts funding through Open Collective:\\n\\n```json\\n\\\"funding\\\": {\\n \\\"type\\\": \\\"opencollective\\\",\\n \\\"url\\\": \\\"https://opencollective.com/express\\\"\\n}\\n```\",\"other-readme-md\":\"# Other \u2014 Readme.md\\n\\n# Express.js README\\n\\n## Overview\\n\\nThe `Readme.md` file serves as the primary entry point for developers discovering and adopting Express.js. It provides essential information for installation, quick start, and contribution to the project.\\n\\n## Purpose\\n\\nThis documentation file fulfills several key functions:\\n\\n1. **Project Introduction** \u2014 Establishes Express.js as a fast, unopinionated, minimalist web framework for Node.js\\n2. **Installation Guidance** \u2014 Provides step-by-step setup instructions\\n3. **Feature Overview** \u2014 Summarizes core capabilities\\n4. **Community Resources** \u2014 Links to documentation, discussions, and governance\\n5. **Contribution Guidelines** \u2014 Directs contributors to proper channels and procedures\\n\\n## Key Sections\\n\\n### Requirements\\n\\nThe README specifies the minimum Node.js version requirement:\\n\\n```\\nNode.js 18 or higher is required\\n```\\n\\nThis is critical information for developers before installation.\\n\\n### Installation\\n\\nStandard npm installation:\\n\\n```bash\\nnpm install express\\n```\\n\\nFor new projects, developers should initialize with `npm init` first.\\n\\n### Quick Start Options\\n\\nTwo paths are documented:\\n\\n| Approach | Use Case |\\n|----------|----------|\\n| Manual setup | Simple applications, learning |\\n| `express-generator` | Full application scaffolding |\\n\\n**Generator-based setup:**\\n\\n```bash\\nnpm install -g express-generator@4\\nexpress /tmp/foo && cd /tmp/foo\\nnpm install\\nnpm start\\n```\\n\\n### Core Features\\n\\nThe README highlights these capabilities:\\n\\n- **Robust routing** \u2014 URL pattern matching and HTTP method handling\\n- **High performance** \u2014 Optimized for speed\\n- **Test coverage** \u2014 Comprehensive test suite\\n- **HTTP helpers** \u2014 Built-in utilities for redirection, caching, etc.\\n- **View system** \u2014 Support for 14+ template engines via `@ladjs/consolidate`\\n- **Content negotiation** \u2014 Automatic response format handling\\n- **Application generator** \u2014 CLI tool for rapid scaffolding\\n\\n### Philosophy\\n\\nExpress.js is intentionally unopinionated:\\n\\n> Express does not force you to use any specific ORM or template engine.\\n\\nThis design principle means developers can:\\n- Choose their own database layer\\n- Select any template engine\\n- Structure applications as needed\\n\\n### Contributing\\n\\nThe README directs contributors to:\\n\\n1. **[Contributing Guide]** \u2014 Technical details on contributing\\n2. **Security Issues** \u2014 Security policy for vulnerability reporting\\n3. **Running Tests** \u2014 Test suite execution via `npm test`\\n\\n### Project Governance\\n\\nTeam structure is documented:\\n\\n- **Technical Committee (TC)** \u2014 8 active members with decision-making authority\\n- **TC Emeriti** \u2014 Former TC members\\n- **Triagers** \u2014 11 active members handling issue triage\\n- **Emeritus Triagers** \u2014 Former triage team members\\n\\nGovernance details: [GOVERNANCE.md](https://github.com/expressjs/discussions/blob/HEAD/docs/GOVERNANCE.md)\\n\\n## Important Links\\n\\n| Resource | URL |\\n|----------|-----|\\n| Official Documentation | https://expressjs.com/ |\\n| GitHub Organization | https://github.com/expressjs |\\n| GitHub Discussions | https://github.com/expressjs/discussions |\\n| Migration Guide to v5 | https://expressjs.com/en/guide/migrating-5 |\\n| Security Policy | https://github.com/expressjs/express/security/policy |\\n\\n## Badge Status Indicators\\n\\nThe README displays real-time project health indicators:\\n\\n- **NPM Version** \u2014 Current published version\\n- **NPM Downloads** \u2014 Download statistics\\n- **CI Status** \u2014 GitHub Actions build status\\n- **Test Coverage** \u2014 Coveralls coverage percentage\\n- **OpenSSF Scorecard** \u2014 Security assessment score\\n\\n## License\\n\\nMIT License \u2014 see [LICENSE](LICENSE) file for full text.\\n\\n## Related Files\\n\\n- `CONTRIBUTING.md` \u2014 Detailed contribution guidelines\\n- `CODE_OF_CONDUCT.md` \u2014 Community standards\\n- `GOVERNANCE.md` \u2014 Project governance structure\\n- `Security Policy` \u2014 Vulnerability reporting procedures\\n\\n---\\n\\n*Note: This README is the primary onboarding document. For API documentation, refer to the [official Express.js documentation site](https://expressjs.com/).*\",\"other-support\":\"# Other \u2014 support\\n\\n# Test Support Module\\n\\nThe `test/support` directory provides shared utilities for the Express test suite, including environment configuration, template rendering, and supertest assertion helpers.\\n\\n## Overview\\n\\n```\\ntest/support/\\n\u251c\u2500\u2500 env.js # Test environment configuration\\n\u251c\u2500\u2500 tmpl.js # Simple template renderer\\n\u2514\u2500\u2500 utils.js # Supertest assertion helpers\\n```\\n\\n## Environment Configuration (`env.js`)\\n\\nSets required environment variables before tests execute:\\n\\n```javascript\\nprocess.env.NODE_ENV = 'test';\\nprocess.env.NO_DEPRECATION = 'body-parser,express';\\n```\\n\\n- **NODE_ENV**: Ensures Express runs in test mode\\n- **NO_DEPRECATION**: Suppresses deprecation warnings from body-parser and express to keep test output clean\\n\\nThis file should be imported at the top of test files that need these settings.\\n\\n## Template Renderer (`tmpl.js`)\\n\\nA minimal template engine for test fixtures that performs variable substitution.\\n\\n### Usage\\n\\n```javascript\\nconst renderFile = require('./support/tmpl');\\n\\nrenderFile('/path/to/template.html', { name: 'Express' }, (err, result) => {\\n // result contains the rendered template\\n});\\n```\\n\\n### Variable Syntax\\n\\nVariables use `$` prefix notation and support dot notation for nested objects:\\n\\n```\\nHello, $user.name!\\nEmail: $user.email\\n```\\n\\n### How It Works\\n\\n1. Reads the template file asynchronously\\n2. Replaces all `$variable.path` patterns with corresponding values from the options object\\n3. Returns the rendered string via callback\\n\\nThe `generateVariableLookup` function traverses nested objects using the dot-separated path:\\n\\n```javascript\\n// $user.profile.name resolves to options.user.profile.name\\n```\\n\\n## Assertion Helpers (`utils.js`)\\n\\nFactory functions that create supertest assertion callbacks. Each function returns a function that receives a supertest response object.\\n\\n### `shouldHaveBody(buf)`\\n\\nAsserts the response body matches the expected buffer (hex comparison).\\n\\n```javascript\\nconst expected = Buffer.from('Hello World');\\nrequest(app)\\n .get('/')\\n .expect(shouldHaveBody(expected));\\n```\\n\\nHandles both buffer and text responses internally by converting to Buffer for comparison.\\n\\n### `shouldHaveHeader(header)`\\n\\nAsserts the response includes a specific header (case-insensitive).\\n\\n```javascript\\nrequest(app)\\n .get('/')\\n .expect(shouldHaveHeader('Content-Type'));\\n```\\n\\n### `shouldNotHaveBody()`\\n\\nAsserts the response has no body (empty or undefined text).\\n\\n```javascript\\nrequest(app)\\n .get('/empty')\\n .expect(shouldNotHaveBody());\\n```\\n\\n### `shouldNotHaveHeader(header)`\\n\\nAsserts the response does not include a specific header.\\n\\n```javascript\\nrequest(app)\\n .get('/')\\n .expect(shouldNotHaveHeader('X-Custom-Header'));\\n```\\n\\n### `shouldSkipQuery(versionString)`\\n\\nDetermines whether to skip HTTP QUERY method tests based on Node.js version.\\n\\n```javascript\\nconst nodeVersion = process.version; // e.g., 'v20.10.0'\\nif (shouldSkipQuery(nodeVersion)) {\\n // Skip QUERY tests\\n}\\n```\\n\\nHTTP QUERY support was added in Node.js 22. This helper ensures tests don't fail on older Node versions.\\n\\n## Usage Across Test Suite\\n\\nThe assertion helpers are used throughout the Express test files:\\n\\n| Helper | Used In |\\n|--------|---------|\\n| `shouldHaveBody` | `res.send.js`, `res.sendFile.js`, `res.download.js`, `express.static.js` |\\n| `shouldNotHaveBody` | `res.send.js`, `res.redirect.js`, `express.static.js` |\\n| `shouldHaveHeader` | `res.sendFile.js`, `express.static.js` |\\n| `shouldNotHaveHeader` | `res.jsonp.js`, `res.download.js`, `res.vary.js`, `res.send.js`, `res.redirect.js`, `res.sendFile.js`, `cookies.js`, `express.static.js` |\\n\\n## Adding New Assertions\\n\\nWhen adding new helpers, follow the existing pattern:\\n\\n```javascript\\nfunction shouldHaveCustomProperty(prop) {\\n return function (res) {\\n assert.ok(prop in res.body, 'should have property ' + prop);\\n };\\n}\\n\\nexports.shouldHaveCustomProperty = shouldHaveCustomProperty;\\n```\\n\\nAll assertion helpers:\\n1. Return a function that accepts a supertest response object\\n2. Use Node's built-in `assert` module\\n3. Include descriptive error messages\",\"overview\":\"# express \u2014 Wiki\\n\\n# Express\\n\\n**Fast, unopinionated, minimalist web framework for Node.js**\\n\\nExpress provides a thin layer of fundamental web application features without obscuring Node.js features you already know. It's designed to build web applications and APIs with minimal overhead, giving you the flexibility to structure your project however you see fit.\\n\\n## Architecture at a Glance\\n\\nExpress is built around a small, focused core that handles HTTP request/response processing, middleware orchestration, and routing. Everything else\u2014template rendering, static file serving, session management\u2014is either built on top of this core or provided through extensions.\\n\\n```mermaid\\ngraph TD\\n A[HTTP Request] --> B[Express App]\\n B --> C[Middleware Stack]\\n C --> D[Router]\\n D --> E[Route Handlers]\\n E --> F[Response]\\n \\n B --> G[Request Prototype]\\n B --> H[Response Prototype]\\n \\n I[Views & Templates] --> E\\n J[Static Files] --> C\\n K[Error Handling] --> C\\n```\\n\\n## Core Concepts\\n\\nThe **[Core Framework](core-framework.md)** is the heart of Express. It creates the application instance, extends Node's `http.IncomingMessage` and `http.ServerResponse` with useful properties and methods, and implements the middleware system that makes Express so flexible. When you call `express()`, you're getting an application object that inherits from EventEmitter and manages a stack of middleware functions.\\n\\nRouting is handled lazily\u2014the router isn't initialized until the first route is defined, keeping the minimal footprint Express is known for.\\n\\n## Learning by Example\\n\\nThe repository includes a rich set of examples organized by feature area:\\n\\n- **[Basic Usage](basic-usage.md)** \u2014 Start here. The `hello-world` example shows the minimal Express server in about 10 lines, while the `search` example demonstrates a more realistic application with Redis integration.\\n\\n- **[Routing Patterns](routing-patterns.md)** \u2014 Once you're comfortable with basics, explore patterns for organizing routes: multi-router setups for API versioning, parameter preprocessing, RESTful resource conventions, and declarative route mapping.\\n\\n- **[Views & Templates](views-templates.md)** \u2014 Express supports any template engine that follows the `(path, options, callback)` signature. This module shows how to register engines, render views, and pass data to templates.\\n\\n- **[Static Files & Downloads](static-files-downloads.md)** \u2014 Serving CSS, JavaScript, and images with `express.static()`, plus triggering file downloads with proper error handling.\\n\\n- **[Error Handling](error-handling.md)** \u2014 Understanding Express's error-handling middleware is crucial for production applications. Learn the difference between regular and error-handling middleware, and how to structure error responses.\\n\\n- **[Web Services & APIs](web-services-apis.md)** \u2014 Building REST APIs? This covers content negotiation, API key validation, virtual hosting for multi-tenant applications, and proper error responses.\\n\\n- **[Authentication & Sessions](authentication-sessions.md)** \u2014 Example implementations for password-based authentication, cookie sessions, and Redis-backed session storage.\\n\\n## Getting Started\\n\\n### Prerequisites\\n\\n- Node.js (see `.nvmrc` or `package.json` for supported versions)\\n- npm or yarn\\n\\n### Installation\\n\\n```bash\\ngit clone https://github.com/expressjs/express.git\\ncd express\\nnpm install\\n```\\n\\n### Running Tests\\n\\nExpress has a comprehensive test suite. Run tests with:\\n\\n```bash\\nnpm test # Run all tests\\nnpm run test-ci # CI mode\\nnpm run test-cov # With coverage\\n```\\n\\nCode quality is enforced via linting:\\n\\n```bash\\nnpm run lint # Check for issues\\nnpm run lint:fix # Auto-fix issues\\n```\\n\\n## Philosophy\\n\\nExpress is intentionally unopinionated. It provides the essential tools\u2014routing, middleware, request/response helpers\u2014without prescribing how you should structure your application, which template engine to use, or how to handle authentication. This minimalism is why Express works equally well for a simple API, a full-featured web application, or as a foundation for other frameworks.\\n\\n## Contributing\\n\\nThis project follows a [Code of Conduct](https://github.com/expressjs/express/blob/master/Code-of Conduct.md). See the repository's contributing guidelines and security policy for details on submitting pull requests and reporting vulnerabilities.\",\"routing-patterns\":\"# Routing Patterns\\n\\n# Routing Patterns\\n\\nThis module demonstrates several patterns for organizing and structuring routes in Express applications. Each example showcases a different approach to handling common routing scenarios.\\n\\n## Overview\\n\\nThe examples in this module cover:\\n\\n| Pattern | Location | Purpose |\\n|---------|----------|---------|\\n| Multi-Router | `multi-router/` | API versioning with separate routers |\\n| Route Parameters | `params/` | Parameter preprocessing and validation |\\n| Resource Routing | `resource/` | RESTful resource conventions |\\n| Route Mapping | `route-map/` | Declarative route configuration |\\n| Route Middleware | `route-middleware/` | Authentication and authorization chains |\\n| Route Separation | `route-separation/` | Modular route organization |\\n\\n---\\n\\n## Multi-Router Pattern\\n\\nOrganize multiple API versions using separate `Router` instances mounted at different paths.\\n\\n### Structure\\n\\n```\\nmulti-router/\\n\u251c\u2500\u2500 index.js # Main app, mounts routers\\n\u2514\u2500\u2500 controllers/\\n \u251c\u2500\u2500 api_v1.js # API v1 routes\\n \u2514\u2500\u2500 api_v2.js # API v2 routes\\n```\\n\\n### Implementation\\n\\n**Main application** (`index.js`):\\n```javascript\\nvar app = express();\\n\\napp.use('/api/v1', require('./controllers/api_v1'));\\napp.use('/api/v2', require('./controllers/api_v2'));\\n```\\n\\n**Router modules** (`controllers/api_v1.js`):\\n```javascript\\nvar apiv1 = express.Router();\\n\\napiv1.get('/', function(req, res) {\\n res.send('Hello from APIv1 root route.');\\n});\\n\\napiv1.get('/users', function(req, res) {\\n res.send('List of APIv1 users.');\\n});\\n\\nmodule.exports = apiv1;\\n```\\n\\n### Resulting Routes\\n\\n| Path | Handler |\\n|------|---------|\\n| `/api/v1/` | APIv1 root |\\n| `/api/v1/users` | APIv1 users list |\\n| `/api/v2/` | APIv2 root |\\n| `/api/v2/users` | APIv2 users list |\\n\\n---\\n\\n## Route Parameters Pattern\\n\\nUse `app.param()` to preprocess route parameters before reaching route handlers.\\n\\n### Parameter Callbacks\\n\\nThe `app.param()` method registers middleware that executes when a named parameter appears in any route:\\n\\n```javascript\\n// Convert :to and :from to integers\\napp.param(['to', 'from'], function(req, res, next, num, name){\\n req.params[name] = parseInt(num, 10);\\n if( isNaN(req.params[name]) ){\\n next(createError(400, 'failed to parseInt '+num));\\n } else {\\n next();\\n }\\n});\\n\\n// Load user by id\\napp.param('user', function(req, res, next, id){\\n req.user = users[id];\\n if (req.user) {\\n next();\\n } else {\\n next(createError(404, 'failed to find user'));\\n }\\n});\\n```\\n\\n### Parameter Callback Signature\\n\\n```javascript\\nfunction(req, res, next, value, name)\\n```\\n\\n| Argument | Description |\\n|----------|-------------|\\n| `req` | Request object |\\n| `res` | Response object |\\n| `next` | Callback to continue |\\n| `value` | The parameter value from URL |\\n| `name` | The parameter name |\\n\\n### Routes Using Parameters\\n\\n```javascript\\n// Uses :user param (triggers user loading)\\napp.get('/user/:user', function (req, res) {\\n res.send('user ' + req.user.name);\\n});\\n\\n// Uses :from and :to params (triggers integer conversion)\\napp.get('/users/:from-:to', function (req, res) {\\n var from = req.params.from;\\n var to = req.params.to;\\n var names = users.map(function(user){ return user.name; });\\n res.send('users ' + names.slice(from, to + 1).join(', '));\\n});\\n```\\n\\n---\\n\\n## Resource Routing Pattern\\n\\nCreate a custom `app.resource()` method that maps HTTP verbs to controller actions following REST conventions.\\n\\n### Resource Method Implementation\\n\\n```javascript\\napp.resource = function(path, obj) {\\n this.get(path, obj.index);\\n this.get(path + '/:a..:b{.:format}', function(req, res){\\n var a = parseInt(req.params.a, 10);\\n var b = parseInt(req.params.b, 10);\\n var format = req.params.format;\\n obj.range(req, res, a, b, format);\\n });\\n this.get(path + '/:id', obj.show);\\n this.delete(path + '/:id', function(req, res){\\n var id = parseInt(req.params.id, 10);\\n obj.destroy(req, res, id);\\n });\\n};\\n```\\n\\n### Controller Structure\\n\\n```javascript\\nvar User = {\\n index: function(req, res){\\n res.send(users);\\n },\\n show: function(req, res){\\n res.send(users[req.params.id] || { error: 'Cannot find user' });\\n },\\n destroy: function(req, res, id){\\n var destroyed = id in users;\\n delete users[id];\\n res.send(destroyed ? 'destroyed' : 'Cannot find user');\\n },\\n range: function(req, res, a, b, format){\\n var range = users.slice(a, b + 1);\\n switch (format) {\\n case 'json':\\n res.send(range);\\n break;\\n case 'html':\\n default:\\n var html = '\n' + range.map(function(user){\\n return '\n' + user.name + '<\\/li>';\\n }).join('\\\\n') + '<\\/ul>';\\n res.send(html);\\n break;\\n }\\n }\\n};\\n```\\n\\n### Generated Routes\\n\\n| HTTP Method | Path | Action |\\n|-------------|------|--------|\\n| GET | `/users` | `index` |\\n| GET | `/users/:id` | `show` |\\n| GET | `/users/:a..:b` | `range` |\\n| GET | `/users/:a..:b.json` | `range` (JSON format) |\\n| DELETE | `/users/:id` | `destroy` |\\n\\n---\\n\\n## Route Mapping Pattern\\n\\nDefine routes declaratively using nested objects that map to handler functions.\\n\\n### Map Implementation\\n\\n```javascript\\napp.map = function(a, route){\\n route = route || '';\\n for (var key in a) {\\n switch (typeof a[key]) {\\n // { '/path': { ... }}\\n case 'object':\\n app.map(a[key], route + key);\\n break;\\n // get: function(){ ... }\\n case 'function':\\n if (verbose) console.log('%s %s', key, route);\\n app[key](route, a[key]);\\n break;\\n }\\n }\\n};\\n```\\n\\n### Declarative Route Definition\\n\\n```javascript\\napp.map({\\n '/users': {\\n get: users.list,\\n delete: users.delete,\\n '/:uid': {\\n get: users.get,\\n '/pets': {\\n get: pets.list,\\n '/:pid': {\\n delete: pets.delete\\n }\\n }\\n }\\n }\\n});\\n```\\n\\n### Generated Routes\\n\\n| HTTP Method | Path | Handler |\\n|-------------|------|---------|\\n| GET | `/users` | `users.list` |\\n| DELETE | `/users` | `users.delete` |\\n| GET | `/users/:uid` | `users.get` |\\n| GET | `/users/:uid/pets` | `pets.list` |\\n| DELETE | `/users/:uid/pets/:pid` | `pets.delete` |\\n\\n---\\n\\n## Route Middleware Pattern\\n\\nChain middleware functions for authentication, authorization, and data loading.\\n\\n### Middleware Functions\\n\\n```javascript\\n// Load user from database\\nfunction loadUser(req, res, next) {\\n var user = users[req.params.id];\\n if (user) {\\n req.user = user;\\n next();\\n } else {\\n next(new Error('Failed to load user ' + req.params.id));\\n }\\n}\\n\\n// Restrict to the authenticated user\\nfunction andRestrictToSelf(req, res, next) {\\n if (req.authenticatedUser.id === req.user.id) {\\n next();\\n } else {\\n next(new Error('Unauthorized'));\\n }\\n}\\n\\n// Restrict to specific role (factory function)\\nfunction andRestrictTo(role) {\\n return function(req, res, next) {\\n if (req.authenticatedUser.role === role) {\\n next();\\n } else {\\n next(new Error('Unauthorized'));\\n }\\n }\\n}\\n```\\n\\n### Middleware Chains in Routes\\n\\n```javascript\\n// Chain: load user \u2192 render\\napp.get('/user/:id', loadUser, function(req, res){\\n res.send('Viewing user ' + req.user.name);\\n});\\n\\n// Chain: load user \u2192 check self \u2192 render\\napp.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){\\n res.send('Editing user ' + req.user.name);\\n});\\n\\n// Chain: load user \u2192 check role \u2192 render\\napp.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){\\n res.send('Deleted user ' + req.user.name);\\n});\\n```\\n\\n### Request Flow\\n\\n```mermaid\\nflowchart LR\\n A[Request] --> B[Auth Middleware]\\n B --> C[loadUser]\\n C --> D{Authorization}\\n D -->|Authorized| E[Route Handler]\\n D -->|Denied| F[Error]\\n```\\n\\n---\\n\\n## Route Separation Pattern\\n\\nOrganize routes into separate modules by domain (users, posts, etc.) with shared configuration.\\n\\n### Directory Structure\\n\\n```\\nroute-separation/\\n\u251c\u2500\u2500 index.js # Main app with route mounting\\n\u251c\u2500\u2500 site.js # Site-level routes\\n\u251c\u2500\u2500 user.js # User routes and handlers\\n\u251c\u2500\u2500 post.js # Post routes and handlers\\n\u251c\u2500\u2500 public/\\n\u2502 \u2514\u2500\u2500 style.css # Static assets\\n\u2514\u2500\u2500 views/\\n \u251c\u2500\u2500 header.ejs\\n \u251c\u2500\u2500 footer.ejs\\n \u251c\u2500\u2500 index.ejs\\n \u251c\u2500\u2500 posts/\\n \u2502 \u2514\u2500\u2500 index.ejs\\n \u2514\u2500\u2500 users/\\n \u251c\u2500\u2500 index.ejs\\n \u251c\u2500\u2500 view.ejs\\n \u2514\u2500\u2500 edit.ejs\\n```\\n\\n### Main Application (`index.js`)\\n\\n```javascript\\nvar app = express();\\n\\n// Configuration\\napp.set('view engine', 'ejs');\\napp.set('views', path.join(__dirname, 'views'));\\n\\n// Middleware\\napp.use(methodOverride('_method'));\\napp.use(cookieParser());\\napp.use(express.urlencoded({ extended: true }));\\napp.use(express.static(path.join(__dirname, 'public')));\\n\\n// Routes organized by domain\\napp.get('/', site.index);\\napp.get('/users', user.list);\\napp.all('/user/:id{/:op}', user.load);\\napp.get('/user/:id', user.view);\\napp.get('/user/:id/view', user.view);\\napp.get('/user/:id/edit', user.edit);\\napp.put('/user/:id/edit', user.update);\\napp.get('/posts', post.list);\\n```\\n\\n### Module Exports Pattern (`user.js`)\\n\\n```javascript\\nvar users = [\\n { name: 'TJ', email: 'tj@vision-media.ca' },\\n { name: 'Tobi', email: 'tobi@vision-media.ca' }\\n];\\n\\nexports.list = function(req, res){\\n res.render('users', { title: 'Users', users: users });\\n};\\n\\nexports.load = function(req, res, next){\\n var id = req.params.id;\\n req.user = users[id];\\n if (req.user) {\\n next();\\n } else {\\n var err = new Error('cannot find user ' + id);\\n err.status = 404;\\n next(err);\\n }\\n};\\n\\nexports.view = function(req, res){\\n res.render('users/view', {\\n title: 'Viewing user ' + req.user.name,\\n user: req.user\\n });\\n};\\n```\\n\\n### Shared Middleware with `app.all()`\\n\\nThe `app.all('/user/:id{/:op}', user.load)` pattern runs `user.load` for all HTTP methods matching the path, enabling shared data loading across multiple routes.\\n\\n---\\n\\n## Pattern Selection Guide\\n\\n| Scenario | Recommended Pattern |\\n|----------|---------------------|\\n| API versioning | Multi-Router |\\n| Parameter validation | Route Parameters |\\n| RESTful resources | Resource Routing |\\n| Configuration-heavy apps | Route Mapping |\\n| Auth/permission chains | Route Middleware |\\n| Large applications | Route Separation |\\n\\n## Common Patterns Across Examples\\n\\n### Error Handling in Middleware\\n\\n```javascript\\n// Pass errors to Express error handler\\nif (condition) {\\n next();\\n} else {\\n next(new Error('Description'));\\n // or with status\\n var err = new Error('Not found');\\n err.status = 404;\\n next(err);\\n}\\n```\\n\\n### Optional Route Segments\\n\\n```javascript\\n// Optional :op parameter\\napp.all('/user/:id{/:op}', user.load);\\n```\\n\\n### Range Parameters\\n\\n```javascript\\n// Custom range syntax\\napp.get('/users/:from-:to', handler);\\napp.get('/users/:a..:b{.:format}', handler);\\n```\",\"static-files-downloads\":\"# Static Files & Downloads\\n\\n# Static Files & Downloads Module\\n\\nThis module provides example implementations demonstrating two approaches to file handling in Express: serving static assets and triggering file downloads.\\n\\n## Overview\\n\\nThe module consists of two independent example applications:\\n\\n| Application | Purpose | Key Method |\\n|-------------|---------|------------|\\n| `static-files` | Serve static assets (CSS, JS, images) | `express.static()` |\\n| `downloads` | Trigger file downloads with error handling | `res.download()` |\\n\\n---\\n\\n## Static Files Server\\n\\n**Location:** `examples/static-files/index.js`\\n\\n### How It Works\\n\\nThe static files server demonstrates three patterns for serving static assets using Express's built-in middleware.\\n\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\n\\nThis middleware intercepts requests and checks if a file matching `req.path` exists in the specified directory. If found, it streams the file as the response.\\n\\n### Serving Patterns\\n\\n**1. Basic Static Serving**\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public')));\\n```\\nServes files directly from `./public`. A request for `/js/app.js` resolves to `./public/js/app.js`.\\n\\n**2. Mounted Path Prefix**\\n```javascript\\napp.use('/static', express.static(path.join(__dirname, 'public')));\\n```\\nAdds a URL prefix. A request for `/static/js/app.js` serves `./public/js/app.js` \u2014 the `/static` prefix is stripped before resolving.\\n\\n**3. Multiple Directories**\\n```javascript\\napp.use(express.static(path.join(__dirname, 'public', 'css')));\\n```\\nServes files from a nested directory at the root path. A request for `/style.css` serves `./public/css/style.css`.\\n\\n### File Structure\\n\\n```\\nstatic-files/\\n\u251c\u2500\u2500 index.js\\n\u2514\u2500\u2500 public/\\n \u251c\u2500\u2500 hello.txt\\n \u251c\u2500\u2500 css/\\n \u2502 \u2514\u2500\u2500 style.css\\n \u2514\u2500\u2500 js/\\n \u2514\u2500\u2500 app.js\\n```\\n\\n### Endpoints\\n\\n| URL | File Served |\\n|-----|-------------|\\n| `GET /hello.txt` | `public/hello.txt` |\\n| `GET /js/app.js` | `public/js/app.js` |\\n| `GET /css/style.css` | `public/css/style.css` |\\n| `GET /static/hello.txt` | `public/hello.txt` (via mounted path) |\\n\\n---\\n\\n## File Downloads Server\\n\\n**Location:** `examples/downloads/index.js`\\n\\n### How It Works\\n\\nThe downloads server uses `res.download()` to prompt browsers to save files rather than display them.\\n\\n```javascript\\napp.get('/files/*file', function (req, res, next) {\\n res.download(req.params.file.join('/'), { root: FILES_DIR }, function (err) {\\n if (!err) return;\\n if (err.status !== 404) return next(err);\\n res.statusCode = 404;\\n res.send('Cant find that file, sorry!');\\n });\\n});\\n```\\n\\n### Route Pattern Breakdown\\n\\nThe route `/files/*file` uses a wildcard parameter:\\n- `*file` captures all path segments after `/files/`\\n- `req.params.file` is an array of path segments\\n- `req.params.file.join('/')` reconstructs the file path\\n\\n**Example:** Request to `/files/notes/groceries.txt` produces:\\n- `req.params.file = ['notes', 'groceries.txt']`\\n- Resolved path: `FILES_DIR/notes/groceries.txt`\\n\\n### Error Handling\\n\\nThe callback to `res.download()` handles three scenarios:\\n\\n| Condition | Behavior |\\n|-----------|----------|\\n| No error | File sent successfully, return early |\\n| Non-404 error | Pass to `next(err)` for Express error handling |\\n| 404 error | Send custom \\\"file not found\\\" message |\\n\\n### File Structure\\n\\n```\\ndownloads/\\n\u251c\u2500\u2500 index.js\\n\u2514\u2500\u2500 files/\\n \u251c\u2500\u2500 amazing.txt\\n \u251c\u2500\u2500 CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\\n \u2514\u2500\u2500 notes/\\n \u2514\u2500\u2500 groceries.txt\\n```\\n\\n### Endpoints\\n\\n| URL | Result |\\n|-----|--------|\\n| `GET /` | HTML page with download links |\\n| `GET /files/amazing.txt` | Downloads `files/amazing.txt` |\\n| `GET /files/notes/groceries.txt` | Downloads `files/notes/groceries.txt` |\\n| `GET /files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt` | Downloads file with Unicode filename |\\n| `GET /files/missing.txt` | Custom 404 response |\\n\\n---\\n\\n## Key Differences\\n\\n```mermaid\\nflowchart LR\\n subgraph Static[\\\"express.static()\\\"]\\n A[Request] --> B{File exists?}\\n B -->|Yes| C[Stream file]\\n B -->|No| D[Next middleware]\\n end\\n \\n subgraph Download[\\\"res.download()\\\"]\\n E[Request] --> F{File exists?}\\n F -->|Yes| G[Set headerstrigger download]\\n F -->|No| H[Custom error handling]\\n end\\n```\\n\\n| Aspect | `express.static()` | `res.download()` |\\n|--------|-------------------|------------------|\\n| Use case | Assets (CSS, JS, images) | User downloads |\\n| Browser behavior | Display inline | Save dialog |\\n| Content-Disposition | Not set | `attachment` |\\n| Error handling | Automatic 404 | Manual via callback |\\n| Scope | Middleware (all routes) | Route handler (specific paths) |\\n\\n---\\n\\n## Running the Examples\\n\\n**Static Files:**\\n```bash\\nnode examples/static-files/index.js\\n# Listening on port 3000\\n# Test: GET /hello.txt, GET /js/app.js, GET /css/style.css\\n```\\n\\n**Downloads:**\\n```bash\\nnode examples/downloads/index.js\\n# Express started on port 3000\\n# Navigate to http://localhost:3000 for download links\\n```\\n\\n---\\n\\n## Security Considerations\\n\\nThe downloads example uses `{ root: FILES_DIR }` to prevent directory traversal attacks. Without this option, a malicious path like `/files/../../../etc/passwd` could access files outside the intended directory.\\n\\nWith `root` specified, Express resolves paths relative to `FILES_DIR` and rejects attempts to escape it.\",\"views-templates\":\"# Views & Templates\\n\\n# Views & Templates\\n\\nExpress provides a flexible view system that supports multiple template engines, custom view resolution, and various patterns for passing data to templates. This module demonstrates the core concepts through practical examples.\\n\\n## Core Concepts\\n\\n### Template Engine Registration\\n\\nExpress uses a callback-based system for template engines. Register an engine using `app.engine(ext, callback)`:\\n\\n```javascript\\n// Register EJS to handle .html files\\napp.engine('.html', require('ejs').__express);\\n\\n// Custom markdown engine\\napp.engine('md', function(path, options, fn){\\n fs.readFile(path, 'utf8', function(err, str){\\n if (err) return fn(err);\\n var html = marked.parse(str).replace(/\\\\{([^}]+)\\\\}/g, function(_, name){\\n return escapeHtml(options[name] || '');\\n });\\n fn(null, html);\\n });\\n});\\n```\\n\\nThe engine callback receives:\\n- `path` - the absolute path to the template file\\n- `options` - data locals passed to the view\\n- `fn` - callback `(err, renderedString)`\\n\\n### View Configuration Settings\\n\\n```javascript\\n// Set views directory (default: process.cwd() + '/views')\\napp.set('views', path.join(__dirname, 'views'));\\n\\n// Set default engine extension (avoids specifying extension in res.render)\\napp.set('view engine', 'html');\\n\\n// Register custom View constructor (advanced)\\napp.set('view', GithubView);\\n```\\n\\n### Rendering Views\\n\\n```javascript\\n// Basic render\\nres.render('users');\\n\\n// With locals\\nres.render('users', { \\n users: users, \\n title: \\\"User List\\\" \\n});\\n\\n// With callback for custom handling\\nres.render('template', { title: 'Page' }, function(err, html) {\\n if (err) return next(err);\\n // Process html before sending\\n});\\n```\\n\\n## View Resolution Flow\\n\\n```mermaid\\nflowchart TD\\n A[res.render 'template'] --> B{View engine set?}\\n B -->|Yes| C[Use default engine]\\n B -->|No| D{Extension in name?}\\n D -->|Yes| E[Lookup engine by extension]\\n D -->|No| F[Throw error]\\n C --> G[Resolve path in views directory]\\n E --> G\\n G --> H[Read template file]\\n H --> I[Compile with engine]\\n I --> J[Merge app.locals + res.locals + passed locals]\\n J --> K[Return rendered HTML]\\n```\\n\\n## Passing Data to Views\\n\\n### Approach 1: Direct Locals in res.render()\\n\\n```javascript\\napp.get('/', function(req, res, next){\\n User.count(function(err, count){\\n if (err) return next(err);\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.render('index', {\\n title: 'Users',\\n count: count,\\n users: users.filter(ferrets)\\n });\\n });\\n });\\n});\\n```\\n\\n### Approach 2: Middleware with req Properties\\n\\n```javascript\\nfunction count(req, res, next) {\\n User.count(function(err, count){\\n if (err) return next(err);\\n req.count = count;\\n next();\\n });\\n}\\n\\nfunction users(req, res, next) {\\n User.all(function(err, users){\\n if (err) return next(err);\\n req.users = users;\\n next();\\n });\\n}\\n\\napp.get('/middleware', count, users, function (req, res) {\\n res.render('index', {\\n title: 'Users',\\n count: req.count,\\n users: req.users.filter(ferrets)\\n });\\n});\\n```\\n\\n### Approach 3: Middleware with res.locals\\n\\n`res.locals` is automatically merged into the view context:\\n\\n```javascript\\nfunction count(req, res, next) {\\n User.count(function(err, count){\\n if (err) return next(err);\\n res.locals.count = count;\\n next();\\n });\\n}\\n\\nfunction users(req, res, next) {\\n User.all(function(err, users){\\n if (err) return next(err);\\n res.locals.users = users.filter(ferrets);\\n next();\\n });\\n}\\n\\napp.get('/middleware-locals', count, users, function (req, res) {\\n // Only need to pass title - count and users already in res.locals\\n res.render('index', { title: 'Users' });\\n});\\n```\\n\\n### Global Locals via Middleware\\n\\n```javascript\\n// Make data available to all views\\napp.use(function(req, res, next){\\n res.locals.user = req.user;\\n res.locals.sess = req.session;\\n next();\\n});\\n\\n// Or scoped to specific paths\\napp.use('/api', function(req, res, next){\\n res.locals.user = req.user;\\n next();\\n});\\n```\\n\\n## Custom View Constructor\\n\\nFor advanced use cases like loading templates from a database or remote source, implement a custom View class:\\n\\n```javascript\\nfunction GithubView(name, options){\\n this.name = name;\\n options = options || {};\\n this.engine = options.engines[path.extname(name)];\\n // options.root is the app.set('views') setting\\n this.path = '/' + options.root + '/master/' + name;\\n}\\n\\nGithubView.prototype.render = function(options, fn){\\n var self = this;\\n https.get({\\n host: 'raw.githubusercontent.com',\\n path: this.path\\n }, function(res) {\\n var buf = '';\\n res.setEncoding('utf8');\\n res.on('data', function(str){ buf += str });\\n res.on('end', function(){\\n self.engine(buf, options, fn);\\n });\\n });\\n};\\n\\n// Register the custom view\\napp.set('view', GithubView);\\napp.set('views', 'expressjs/express');\\n```\\n\\nThe View constructor receives:\\n- `name` - the template name passed to `res.render()`\\n- `options` - contains `engines` (map of registered engines) and `root` (views directory)\\n\\nThe `render(options, fn)` method must call `fn(err, html)` with the rendered output.\\n\\n## MVC Pattern with Per-Controller Views\\n\\nThe MVC example demonstrates organizing views by controller:\\n\\n```\\ncontrollers/\\n\u251c\u2500\u2500 user/\\n\u2502 \u251c\u2500\u2500 index.js # Controller logic\\n\u2502 \u2514\u2500\u2500 views/\\n\u2502 \u251c\u2500\u2500 list.hbs\\n\u2502 \u251c\u2500\u2500 show.hbs\\n\u2502 \u2514\u2500\u2500 edit.hbs\\n\u251c\u2500\u2500 pet/\\n\u2502 \u251c\u2500\u2500 index.js\\n\u2502 \u2514\u2500\u2500 views/\\n\u2502 \u251c\u2500\u2500 show.ejs\\n\u2502 \u2514\u2500\u2500 edit.ejs\\n```\\n\\nEach controller configures its own view engine:\\n\\n```javascript\\n// controllers/user/index.js\\nexports.engine = 'hbs'; // Use Handlebars for this controller\\n\\n// In the boot loader:\\nif (obj.engine) app.set('view engine', obj.engine);\\napp.set('views', path.join(__dirname, '..', 'controllers', name, 'views'));\\n```\\n\\n### Route Generation from Controller Exports\\n\\nControllers export methods that map to conventional routes:\\n\\n| Export | Method | Generated Route |\\n|--------|--------|-----------------|\\n| `index` | GET | `/` |\\n| `list` | GET | `/:name+s` |\\n| `show` | GET | `/:name/:name_id` |\\n| `edit` | GET | `/:name/:name_id/edit` |\\n| `update` | PUT | `/:name/:name_id` |\\n| `create` | POST | `/:name` |\\n\\n```javascript\\n// controllers/pet/index.js\\nexports.before = function(req, res, next){\\n var pet = db.pets[req.params.pet_id];\\n if (!pet) return next('route');\\n req.pet = pet;\\n next();\\n};\\n\\nexports.show = function(req, res, next){\\n res.render('show', { pet: req.pet });\\n};\\n```\\n\\nThe `before` middleware runs before the handler, useful for loading resources.\\n\\n## Template Examples\\n\\n### EJS with Partials\\n\\n```html\\n<%- include('header.html') -%>\\n\\n\nUsers<\\/h1>\\n\n\\n <% users.forEach(function(user){ %>\\n \n<%= user.name %> <<%= user.email %>><\\/li>\\n <% }) %>\\n<\\/ul>\\n\\n<%- include('footer.html') -%>\\n```\\n\\n### Handlebars Conditionals\\n\\n```html\\n{{#if user.pets.length}}\\n \n\\n {{#each user.pets}}\\n \n{{name}}<\\/a><\\/li>\\n {{/each}}\\n <\\/ul>\\n{{else}}\\n \nNo pets!<\\/p>\\n{{/if}}\\n```\\n\\n### Markdown with Variable Substitution\\n\\n```markdown\\n# {title}\\n\\nJust an example view rendered with _markdown_.\\n```\\n\\nVariables are replaced via regex: `/\\\\{([^}]+)\\\\}/g`\\n\\n## Flash Messages Pattern\\n\\nStore messages in the session and expose to views via middleware:\\n\\n```javascript\\n// Custom response method\\napp.response.message = function(msg){\\n var sess = this.req.session;\\n sess.messages = sess.messages || [];\\n sess.messages.push(msg);\\n return this;\\n};\\n\\n// Expose to views\\napp.use(function(req, res, next){\\n var msgs = req.session.messages || [];\\n res.locals.messages = msgs;\\n res.locals.hasMessages = !!msgs.length;\\n next();\\n req.session.messages = []; // Clear after exposing\\n});\\n```\\n\\nIn the template:\\n\\n```html\\n{{#if hasMessages}}\\n \n\\n {{#each messages}}\\n \n{{this}}<\\/li>\\n {{/each}}\\n <\\/ul>\\n{{/if}}\\n```\\n\\n## Error Views\\n\\n```javascript\\n// 500 error handler\\napp.use(function(err, req, res, next){\\n console.error(err.stack);\\n res.status(500).render('5xx');\\n});\\n\\n// 404 handler (must be last)\\napp.use(function(req, res, next){\\n res.status(404).render('404', { url: req.originalUrl });\\n});\\n```\",\"web-services-apis\":\"# Web Services & APIs\\n\\n# Web Services & APIs Module\\n\\nThis module demonstrates production-ready patterns for building RESTful web services and APIs with Express.js, covering content negotiation, virtual hosting, API key validation, and error handling.\\n\\n## Overview\\n\\nThe module contains three interconnected examples that showcase different aspects of API development:\\n\\n| Example | Purpose |\\n|---------|---------|\\n| `content-negotiation` | Multi-format response handling (HTML, JSON, text) |\\n| `web-service` | REST API with authentication middleware and error handling |\\n| `vhost` | Virtual hosting for multi-tenant applications |\\n\\n## Content Negotiation\\n\\nThe content negotiation example demonstrates how to serve the same data in multiple formats based on the client's `Accept` header.\\n\\n### Architecture\\n\\n```\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 Client Request \u2502\\n\u2502 Accept: text/html \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502\\n \u25bc\\n\u250c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510\\n\u2502 res.format() \u2502\\n\u2502 Inspects Accept header and routes \u2502\\n\u2502 to appropriate handler \u2502\\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u252c\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\\n \u2502 \u2502 \u2502\\n html()\u2502 text()\u2502 json()\u2502\\n \u25bc \u25bc \u25bc\\n HTML list Plain text JSON array\\n```\\n\\n### Two Implementation Patterns\\n\\n**Pattern 1: Inline Handlers** (`/` endpoint)\\n\\n```javascript\\napp.get('/', function(req, res){\\n res.format({\\n html: function(){ /* render HTML */ },\\n text: function(){ /* render plain text */ },\\n json: function(){ res.json(users); }\\n });\\n});\\n```\\n\\n**Pattern 2: Declarative Middleware** (`/users` endpoint)\\n\\nThe `format()` helper function abstracts handler definitions into a separate module:\\n\\n```javascript\\nfunction format(path) {\\n var obj = require(path);\\n return function(req, res){\\n res.format(obj);\\n };\\n}\\n\\napp.get('/users', format('./users'));\\n```\\n\\nThe `users.js` module exports format handlers as separate functions:\\n\\n```javascript\\nexports.html = function(req, res){ /* ... */ };\\nexports.text = function(req, res){ /* ... */ };\\nexports.json = function(req, res){ res.json(users); };\\n```\\n\\n### Data Layer\\n\\nThe `db.js` module provides a simple in-memory data store:\\n\\n```javascript\\nvar users = [];\\nusers.push({ name: 'Tobi' });\\nusers.push({ name: 'Loki' });\\nusers.push({ name: 'Jane' });\\nmodule.exports = users;\\n```\\n\\n## Web Service API\\n\\nThe `web-service` example demonstrates a complete REST API with middleware-based authentication and structured error handling.\\n\\n### Request Flow\\n\\n```mermaid\\nflowchart TD\\n A[Request] --> B{API Key Present?}\\n B -->|No| C[400: api key required]\\n B -->|Yes| D{Valid Key?}\\n D -->|No| E[401: invalid api key]\\n D -->|Yes| F[Route Handler]\\n F --> G{Data Found?}\\n G -->|Yes| H[200: JSON Response]\\n G -->|No| I[404: Not Found]\\n \\n C --> J[Error Handler]\\n E --> J\\n I --> K[404 Middleware]\\n```\\n\\n### API Key Validation Middleware\\n\\nThe middleware is mounted at `/api`, ensuring all API routes require authentication:\\n\\n```javascript\\napp.use('/api', function(req, res, next){\\n var key = req.query['api-key'];\\n \\n if (!key) return next(error(400, 'api key required'));\\n if (apiKeys.indexOf(key) === -1) return next(error(401, 'invalid api key'));\\n \\n req.key = key; // Store for route access\\n next();\\n});\\n```\\n\\n**Valid API Keys**: `foo`, `bar`, `baz`\\n\\n### Available Endpoints\\n\\n| Endpoint | Description | Example |\\n|----------|-------------|---------|\\n| `GET /api/users` | List all users | `/api/users/?api-key=foo` |\\n| `GET /api/repos` | List all repositories | `/api/repos/?api-key=foo` |\\n| `GET /api/user/:name/repos` | Get user's repositories | `/api/user/tobi/repos/?api-key=foo` |\\n\\n### Data Models\\n\\n```javascript\\n// Repositories\\nvar repos = [\\n { name: 'express', url: 'https://github.com/expressjs/express' },\\n { name: 'stylus', url: 'https://github.com/learnboost/stylus' },\\n { name: 'cluster', url: 'https://github.com/learnboost/cluster' }\\n];\\n\\n// Users\\nvar users = [\\n { name: 'tobi' },\\n { name: 'loki' },\\n { name: 'jane' }\\n];\\n\\n// User-Repository mapping\\nvar userRepos = {\\n tobi: [repos[0], repos[1]],\\n loki: [repos[1]],\\n jane: [repos[2]]\\n};\\n```\\n\\n### Error Handling\\n\\n**Custom Error Factory**\\n\\n```javascript\\nfunction error(status, msg) {\\n var err = new Error(msg);\\n err.status = status;\\n return err;\\n}\\n```\\n\\n**Error Handler Middleware** (4-arity function)\\n\\n```javascript\\napp.use(function(err, req, res, next){\\n res.status(err.status || 500);\\n res.send({ error: err.message });\\n});\\n```\\n\\n**404 Fallback Middleware**\\n\\n```javascript\\napp.use(function(req, res){\\n res.status(404);\\n res.send({ error: \\\"Sorry, can't find that\\\" });\\n});\\n```\\n\\n## Virtual Hosting\\n\\nThe `vhost` example demonstrates routing requests to different applications based on the hostname.\\n\\n### Host Configuration\\n\\nAdd to `/etc/hosts`:\\n```\\n127.0.0.1 foo.example.com\\n127.0.0.1 bar.example.com\\n127.0.0.1 example.com\\n```\\n\\n### Architecture\\n\\n```mermaid\\nflowchart LR\\n A[Request] --> B{vhost router}\\n B -->|*.example.com| C[Redirect App]\\n B -->|example.com| D[Main App]\\n C --> E[Redirect to /:subdomain]\\n D --> F[Serve main content]\\n```\\n\\n### Application Structure\\n\\n**Main Application** (`main`)\\n\\n```javascript\\nvar main = express();\\nmain.get('/', function(req, res){\\n res.send('Hello from main app!');\\n});\\nmain.get('/:sub', function(req, res){\\n res.send('requested ' + req.params.sub);\\n});\\n```\\n\\n**Redirect Application** (`redirect`)\\n\\n```javascript\\nvar redirect = express();\\nredirect.use(function(req, res){\\n res.redirect('http://example.com:3000/' + req.vhost[0]);\\n});\\n```\\n\\n**Vhost Router** (`app`)\\n\\n```javascript\\nvar app = express();\\napp.use(vhost('*.example.com', redirect));\\napp.use(vhost('example.com', main));\\n```\\n\\n### Request Routing Examples\\n\\n| Request URL | Routed To | Response |\\n|-------------|-----------|----------|\\n| `http://example.com:3000/` | Main app | \\\"Hello from main app!\\\" |\\n| `http://example.com:3000/test` | Main app | \\\"requested test\\\" |\\n| `http://foo.example.com:3000/` | Redirect app | Redirect to `/foo` |\\n| `http://bar.example.com:3000/` | Redirect app | Redirect to `/bar` |\\n\\n## Running the Examples\\n\\nEach example runs independently on port 3000:\\n\\n```bash\\n# Content negotiation\\nnode examples/content-negotiation/index.js\\n\\n# Web service API\\nnode examples/web-service/index.js\\n\\n# Virtual hosting\\nnode examples/vhost/index.js\\n```\\n\\n## Key Patterns Summary\\n\\n1. **Content Negotiation**: Use `res.format()` to serve multiple content types from a single endpoint\\n2. **Middleware Authentication**: Mount validation middleware at a path prefix to protect all sub-routes\\n3. **Error Propagation**: Use `next(err)` with custom error objects and handle with 4-arity middleware\\n4. **Virtual Hosting**: Use `vhost()` middleware to route by hostname to different Express applications\"};\nvar TREE = [{\"name\":\"Core Framework\",\"slug\":\"core-framework\",\"files\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"]},{\"name\":\"Authentication & Sessions\",\"slug\":\"authentication-sessions\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\",\"examples/cookie-sessions/index.js\",\"examples/cookies/index.js\",\"examples/online/index.js\",\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Routing Patterns\",\"slug\":\"routing-patterns\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\",\"examples/params/index.js\",\"examples/resource/index.js\",\"examples/route-map/index.js\",\"examples/route-middleware/index.js\",\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Views & Templates\",\"slug\":\"views-templates\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\",\"examples/markdown/index.js\",\"examples/markdown/views/index.md\",\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\",\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\",\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Static Files & Downloads\",\"slug\":\"static-files-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\",\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Error Handling\",\"slug\":\"error-handling\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\",\"examples/error/index.js\"]},{\"name\":\"Web Services & APIs\",\"slug\":\"web-services-apis\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\",\"examples/vhost/index.js\",\"examples/web-service/index.js\"]},{\"name\":\"Basic Usage\",\"slug\":\"basic-usage\",\"files\":[\"examples/hello-world/index.js\",\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}];\nvar META = {\"fromCommit\":\"f873ac23124ffcff8c040b4bd257b32c29828d53\",\"generatedAt\":\"2026-05-08T07:35:04.785Z\",\"model\":\"glm-5\",\"moduleFiles\":{\"Core Framework\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"],\"Authentication & Sessions\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\",\"examples/cookie-sessions/index.js\",\"examples/cookies/index.js\",\"examples/online/index.js\",\"examples/session/index.js\",\"examples/session/redis.js\"],\"Routing Patterns\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\",\"examples/params/index.js\",\"examples/resource/index.js\",\"examples/route-map/index.js\",\"examples/route-middleware/index.js\",\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"],\"Views & Templates\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\",\"examples/markdown/index.js\",\"examples/markdown/views/index.md\",\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\",\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\",\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"],\"Static Files & Downloads\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\",\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"],\"Error Handling\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\",\"examples/error/index.js\"],\"Web Services & APIs\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\",\"examples/vhost/index.js\",\"examples/web-service/index.js\"],\"Basic Usage\":[\"examples/hello-world/index.js\",\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"],\"Other\":[\"History.md\",\"Readme.md\",\"examples/README.md\",\"package.json\",\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\",\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\",\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"],\"Other \u2014 History.md\":[\"History.md\"],\"Other \u2014 Readme.md\":[\"Readme.md\"],\"Other \u2014 examples\":[\"examples/README.md\"],\"Other \u2014 package.json\":[\"package.json\"],\"Other \u2014 test\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"],\"Other \u2014 acceptance\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"],\"Other \u2014 support\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]},\"moduleTree\":[{\"name\":\"Core Framework\",\"slug\":\"core-framework\",\"files\":[\"index.js\",\"lib/application.js\",\"lib/express.js\",\"lib/request.js\",\"lib/response.js\",\"lib/utils.js\",\"lib/view.js\"]},{\"name\":\"Authentication & Sessions\",\"slug\":\"authentication-sessions\",\"files\":[\"examples/auth/index.js\",\"examples/auth/views/foot.ejs\",\"examples/auth/views/head.ejs\",\"examples/auth/views/login.ejs\",\"examples/cookie-sessions/index.js\",\"examples/cookies/index.js\",\"examples/online/index.js\",\"examples/session/index.js\",\"examples/session/redis.js\"]},{\"name\":\"Routing Patterns\",\"slug\":\"routing-patterns\",\"files\":[\"examples/multi-router/controllers/api_v1.js\",\"examples/multi-router/controllers/api_v2.js\",\"examples/multi-router/index.js\",\"examples/params/index.js\",\"examples/resource/index.js\",\"examples/route-map/index.js\",\"examples/route-middleware/index.js\",\"examples/route-separation/index.js\",\"examples/route-separation/post.js\",\"examples/route-separation/public/style.css\",\"examples/route-separation/site.js\",\"examples/route-separation/user.js\",\"examples/route-separation/views/footer.ejs\",\"examples/route-separation/views/header.ejs\",\"examples/route-separation/views/index.ejs\",\"examples/route-separation/views/posts/index.ejs\",\"examples/route-separation/views/users/edit.ejs\",\"examples/route-separation/views/users/index.ejs\",\"examples/route-separation/views/users/view.ejs\"]},{\"name\":\"Views & Templates\",\"slug\":\"views-templates\",\"files\":[\"examples/ejs/index.js\",\"examples/ejs/public/stylesheets/style.css\",\"examples/ejs/views/footer.html\",\"examples/ejs/views/header.html\",\"examples/ejs/views/users.html\",\"examples/markdown/index.js\",\"examples/markdown/views/index.md\",\"examples/mvc/controllers/main/index.js\",\"examples/mvc/controllers/pet/index.js\",\"examples/mvc/controllers/pet/views/edit.ejs\",\"examples/mvc/controllers/pet/views/show.ejs\",\"examples/mvc/controllers/user-pet/index.js\",\"examples/mvc/controllers/user/index.js\",\"examples/mvc/controllers/user/views/edit.hbs\",\"examples/mvc/controllers/user/views/list.hbs\",\"examples/mvc/controllers/user/views/show.hbs\",\"examples/mvc/db.js\",\"examples/mvc/index.js\",\"examples/mvc/lib/boot.js\",\"examples/mvc/public/style.css\",\"examples/mvc/views/404.ejs\",\"examples/mvc/views/5xx.ejs\",\"examples/view-constructor/github-view.js\",\"examples/view-constructor/index.js\",\"examples/view-locals/index.js\",\"examples/view-locals/user.js\",\"examples/view-locals/views/index.ejs\"]},{\"name\":\"Static Files & Downloads\",\"slug\":\"static-files-downloads\",\"files\":[\"examples/downloads/files/CCTV\u5927\u8d5b\u4e0a\u6d77\u5206\u8d5b\u533a.txt\",\"examples/downloads/files/amazing.txt\",\"examples/downloads/files/notes/groceries.txt\",\"examples/downloads/index.js\",\"examples/static-files/index.js\",\"examples/static-files/public/css/style.css\",\"examples/static-files/public/hello.txt\",\"examples/static-files/public/js/app.js\"]},{\"name\":\"Error Handling\",\"slug\":\"error-handling\",\"files\":[\"examples/error-pages/index.js\",\"examples/error-pages/views/404.ejs\",\"examples/error-pages/views/500.ejs\",\"examples/error-pages/views/error_header.ejs\",\"examples/error-pages/views/footer.ejs\",\"examples/error-pages/views/index.ejs\",\"examples/error/index.js\"]},{\"name\":\"Web Services & APIs\",\"slug\":\"web-services-apis\",\"files\":[\"examples/content-negotiation/db.js\",\"examples/content-negotiation/index.js\",\"examples/content-negotiation/users.js\",\"examples/vhost/index.js\",\"examples/web-service/index.js\"]},{\"name\":\"Basic Usage\",\"slug\":\"basic-usage\",\"files\":[\"examples/hello-world/index.js\",\"examples/search/index.js\",\"examples/search/public/client.js\",\"examples/search/public/index.html\"]},{\"name\":\"Other\",\"slug\":\"other\",\"files\":[],\"children\":[{\"name\":\"Other \u2014 History.md\",\"slug\":\"other-history-md\",\"files\":[\"History.md\"]},{\"name\":\"Other \u2014 Readme.md\",\"slug\":\"other-readme-md\",\"files\":[\"Readme.md\"]},{\"name\":\"Other \u2014 examples\",\"slug\":\"other-examples\",\"files\":[\"examples/README.md\"]},{\"name\":\"Other \u2014 package.json\",\"slug\":\"other-package-json\",\"files\":[\"package.json\"]},{\"name\":\"Other \u2014 test\",\"slug\":\"other-test\",\"files\":[\"test/Route.js\",\"test/Router.js\",\"test/app.all.js\",\"test/app.engine.js\",\"test/app.head.js\",\"test/app.js\",\"test/app.listen.js\",\"test/app.locals.js\",\"test/app.options.js\",\"test/app.param.js\",\"test/app.render.js\",\"test/app.request.js\",\"test/app.response.js\",\"test/app.route.js\",\"test/app.router.js\",\"test/app.routes.error.js\",\"test/app.use.js\",\"test/config.js\",\"test/exports.js\",\"test/express.json.js\",\"test/express.raw.js\",\"test/express.static.js\",\"test/express.text.js\",\"test/express.urlencoded.js\",\"test/middleware.basic.js\",\"test/regression.js\",\"test/req.accepts.js\",\"test/req.acceptsCharsets.js\",\"test/req.acceptsEncodings.js\",\"test/req.acceptsLanguages.js\",\"test/req.baseUrl.js\",\"test/req.fresh.js\",\"test/req.get.js\",\"test/req.host.js\",\"test/req.hostname.js\",\"test/req.ip.js\",\"test/req.ips.js\",\"test/req.is.js\",\"test/req.path.js\",\"test/req.protocol.js\",\"test/req.query.js\",\"test/req.range.js\",\"test/req.route.js\",\"test/req.secure.js\",\"test/req.signedCookies.js\",\"test/req.stale.js\",\"test/req.subdomains.js\",\"test/req.xhr.js\",\"test/res.append.js\",\"test/res.attachment.js\",\"test/res.clearCookie.js\",\"test/res.cookie.js\",\"test/res.download.js\",\"test/res.format.js\",\"test/res.get.js\",\"test/res.json.js\",\"test/res.jsonp.js\",\"test/res.links.js\",\"test/res.locals.js\",\"test/res.location.js\",\"test/res.redirect.js\",\"test/res.render.js\",\"test/res.send.js\",\"test/res.sendFile.js\",\"test/res.sendStatus.js\",\"test/res.set.js\",\"test/res.status.js\",\"test/res.type.js\",\"test/res.vary.js\",\"test/utils.js\"]},{\"name\":\"Other \u2014 acceptance\",\"slug\":\"other-acceptance\",\"files\":[\"test/acceptance/auth.js\",\"test/acceptance/content-negotiation.js\",\"test/acceptance/cookie-sessions.js\",\"test/acceptance/cookies.js\",\"test/acceptance/downloads.js\",\"test/acceptance/ejs.js\",\"test/acceptance/error-pages.js\",\"test/acceptance/error.js\",\"test/acceptance/hello-world.js\",\"test/acceptance/markdown.js\",\"test/acceptance/multi-router.js\",\"test/acceptance/mvc.js\",\"test/acceptance/params.js\",\"test/acceptance/resource.js\",\"test/acceptance/route-map.js\",\"test/acceptance/route-separation.js\",\"test/acceptance/vhost.js\",\"test/acceptance/web-service.js\"]},{\"name\":\"Other \u2014 support\",\"slug\":\"other-support\",\"files\":[\"test/support/env.js\",\"test/support/tmpl.js\",\"test/support/utils.js\"]}]}]};\n\n(function() {\n var activePage = 'overview';\n\n document.addEventListener('DOMContentLoaded', function() {\n mermaid.initialize({ startOnLoad: false, theme: 'neutral', securityLevel: 'loose' });\n renderMeta();\n renderNav();\n document.getElementById('menu-toggle').addEventListener('click', function() {\n document.getElementById('sidebar').classList.toggle('open');\n });\n if (location.hash && location.hash.length > 1) {\n activePage = decodeURIComponent(location.hash.slice(1));\n }\n navigateTo(activePage);\n });\n\n function renderMeta() {\n if (!META) return;\n var el = document.getElementById('meta-info');\n var parts = [];\n if (META.generatedAt) {\n parts.push(new Date(META.generatedAt).toLocaleDateString());\n }\n if (META.model) parts.push(META.model);\n if (META.fromCommit) parts.push(META.fromCommit.slice(0, 8));\n el.textContent = parts.join(' \\u00b7 ');\n }\n\n function renderNav() {\n var container = document.getElementById('nav-tree');\n var html = '\n';\n html += 'Overview';\n html += '';\n if (TREE.length > 0) {\n html += '\nModules';\n html += buildNavTree(TREE);\n }\n container.innerHTML = html;\n container.addEventListener('click', function(e) {\n var target = e.target;\n while (target && !target.dataset.page) { target = target.parentElement; }\n if (target && target.dataset.page) {\n e.preventDefault();\n navigateTo(target.dataset.page);\n }\n });\n }\n\n function buildNavTree(nodes) {\n var html = '';\n for (var i = 0; i < nodes.length; i++) {\n var node = nodes[i];\n html += '\n';\n html += '' + escH(node.name) + '';\n if (node.children && node.children.length > 0) {\n html += '\n' + buildNavTree(node.children) + '';\n }\n html += '';\n }\n return html;\n }\n\n function escH(s) {\n var d = document.createElement('div');\n d.textContent = s;\n return d.innerHTML;\n }\n\n function navigateTo(page) {\n activePage = page;\n location.hash = encodeURIComponent(page);\n\n var items = document.querySelectorAll('.nav-item');\n for (var i = 0; i < items.length; i++) {\n if (items[i].dataset.page === page) {\n items[i].classList.add('active');\n } else {\n items[i].classList.remove('active');\n }\n }\n\n var contentEl = document.getElementById('content');\n var md = PAGES[page];\n\n if (!md) {\n contentEl.innerHTML = '\n\nPage not found\n' + escH(page) + '.md does not exist.';\n return;\n }\n\n contentEl.innerHTML = marked.parse(md);\n\n // Rewrite .md links to hash navigation\n var links = contentEl.querySelectorAll('a[href]');\n for (var i = 0; i < links.length; i++) {\n var href = links[i].getAttribute('href');\n if (href && href.endsWith('.md') && href.indexOf('://') === -1) {\n var slug = href.replace(/\\.md$/, '');\n links[i].setAttribute('href', '#' + encodeURIComponent(slug));\n (function(s) {\n links[i].addEventListener('click', function(e) {\n e.preventDefault();\n navigateTo(s);\n });\n })(slug);\n }\n }\n\n // Convert mermaid code blocks into mermaid divs\n var mermaidBlocks = contentEl.querySelectorAll('pre code.language-mermaid');\n for (var i = 0; i < mermaidBlocks.length; i++) {\n var pre = mermaidBlocks[i].parentElement;\n var div = document.createElement('div');\n div.className = 'mermaid';\n div.textContent = mermaidBlocks[i].textContent;\n pre.parentNode.replaceChild(div, pre);\n }\n try { mermaid.run({ querySelector: '.mermaid' }); } catch(e) {}\n\n window.scrollTo(0, 0);\n document.getElementById('sidebar').classList.remove('open');\n }\n})();\n\n\n\n", "creation_timestamp": "2026-05-08T07:36:05.000000Z"}]}