(Wed Jun 26 2019 00:00:00 GMT+0300 (Eastern European Summer Time)) Wandering across a question on Quora (Is Express.js dying? What are the alternatives?) had me stop and take a look at the facts. I'd noticed a few months ago that contributions to the main Express repository had dried up, and therefore I was worried the Express project was dying from neglect. So let's talk about this, because it is important to clear up the air.
(Tue Jun 18 2019 00:00:00 GMT+0300 (Eastern European Summer Time)) Recently security vulnerabilities were discovered in the event-stream package, and at least one other. Malicious code was added to specific packages in a way that could be done much more broadly. While the specific vulnerability was tightly focused on one specific target and did not affect most of us, the problem could have been extremely wide-spread. As a result we, the Node.js community, need to rethink how packages are managed.