Skip to content

Near term roadmap

Jump to bottom
Rand McKinney edited this page Oct 7, 2015 · 3 revisions

Express Roadmap meeting

  • Ritchie
  • Hage Yaapa
  • Doug Wilson
  • Rand

============

Other possible future attendees:

  • Jonathan Nong
  • Fishrock123 (Jeremiah)

High level Express roadmap.

I'd like to spend the majority of the meeting on this. Let's get some concrete buckets down and areas we think would be valuable Express users.

What’s preventing 5.0 beta release?

  • Doug has some things that are breaking changes, but he’s been waiting.
  • For things that we don’t have an alternative, can we create an upgrade library.

Documentation

What would we like to do with documentation in the short term.

  • Best practices for writing middleware (Ritch)
  • More guide-type info
  • Stuff for Node newbies
  • People Google info from StackOverflow that is old.
  • Find out the most common questions / mistakes. (Doug)
  • We should start writing the migration guide now, even though the beta is not yet released.
  • How can we provide a place for people to contribute guide type docs.
  • Having two places might be problematic (wiki & website).

Improve community participation

How can we make it easier for contributors to add value to Express.

  • Need a better contributing.md file that explains how to contribute meaningfully. What we have now doesn’t give enough info. Needs some work, more explanation.
    • E.g. How to get tests running
    • Need a way to incentivize people

Dependibility

How can we make Express more dependable? Includes performance, stability, security, etc.

  • Need a security.md at a minimum. Basic procedure for people to submit private security issues, e.g. a security email alias vs. just emailing an individual
  • Need some stuff written up.

Need also:

  • Known configuration problems that can lead to security issues.

  • Give tips on how to configure things properly

  • People encounter 3d party bugs that lead to security issues. Link to Node.js security known issues. Need more documentation around this.

  • IBM people have access to an HTTP validation library that could be run vs. Express. Does it make sense to do that? If so, can we make it happen? (Ritch)

  • Express has no performance benchmarks/tests. Need a way to gauge if a change will improve or worsen performance (Doug)

  • Want continuous benchmarking (Ritch)

  • Anything is better than what is there now (Doug)

Compatibility

How to make it clear what versions of Node and other modules you can use Express with?

  • Big can of worms (Ritch)
  • Should we add Express to StrongLoop’s “top down” CI? Could also add all the sub-dependencies. (Ritch)
  • CI would only need to be invoked when there is a new node.js or module release.

Notes from Hage Yaapa

  1. More / better guides for beginners
  2. Possibly create Express 5 migration guide
  3. Possibly put up the 5.x alpha docs
  4. Express library patcher (auto updater)
  5. Document configurations which can help harden security / stability
  6. Wiki-based community-contributed guides
  7. What can we do to encourage and facilitate contributions?
Clone this wiki locally