The minimalist that defined Node.js backends. Tiny core, middleware everywhere — Express is the foundation under thousands of production APIs.
← Back to Server Side(req, res, next). Stack them to add behavior — logging, auth, parsing, your handler.import express from "express"; const app = express(); app.use(express.json()); // Middleware app.use((req, res, next) => { console.log(`${req.method} ${req.url}`); next(); }); // Routes app.get("/api/products", async (req, res) => { const products = await db.query("SELECT * FROM products"); res.json(products); }); app.post("/api/products", async (req, res) => { const created = await db.insert(req.body); res.status(201).json(created); }); app.listen(3000);
The whole framework is essentially this pattern: every request flows through an ordered chain of (req, res, next) functions. Add cross-cutting concerns (auth, validation, error handling) by inserting middleware at the right spot.
express.Router() lets you split routes by feature: app.use("/users", usersRouter). Combined with TypeScript and Zod, you can get type-safe routes without leaving Express.
| Package | Purpose |
|---|---|
| express.json / urlencoded | Parse request bodies. |
| cors | Cross-origin support. |
| helmet | Sensible HTTP security headers. |
| morgan | HTTP request logging. |
| passport / express-session | Authentication strategies. |
| express-rate-limit | Brute-force protection. |
Express 5 (current) finally handles thrown errors from async handlers natively — no more try/catch + next(err) boilerplate. Promise rejections automatically bubble to error middleware.
From npm i express to a working endpoint in minutes.
Backend-for-frontend services that proxy and shape data for SPAs.
Tiny, focused services — Express is light enough not to get in the way.
The lingua franca of Node tutorials.