Hi,
in our next main release, we plan to update the version of Express we use in Node-RED. The version we use currently, 3.x, is quite old and is no longer getting any fixes by its maintainers.
The move to Express 4.x is fairly straightforward but it isn't an upgrade we can do entirely under the covers without a risk of impacting existing users. The purpose of this email is to both publicise the changes and to get your feedback.
The main place where Express 3.x leaks out to the end user is the msg.req and msg.res properties emitted by the HTTP In node. These properties are the request/response objects generated by Express itself, so with the move to 4.x, these objects inevitably change.
I've said before that the way we expose these objects is one of the things I would do differently if we had the luxury of starting from scratch. This is because these objects are not serializable to JSON, making it impossible to fully encode a message containing them.
With the upgrade to 4.x, we're going to alter these objects to be ones we create ourselves rather than directly expose the Express ones. But to do so, we need to make sure we keep things as backwards compatible as possible.
The proposal is that msg.req will be an object that contains just the cloneable properties of the original request - headers, params, query, body etc. It will not contain any of the functions that the express object exposes.
What I really want feedback on is how any of you make use of msg.res, the response object. It exposes a number of functions for setting how the request is responded to. If you're using the HTTP Response node, chances are you don't touch msg.res yourself. When using the response node, you can set the status code, headers and the body via top-level message properties (msg.statusCode, msg.headers and msg.payload).
So, the question is: do you call any of the functions under msg.res directly? And if so, for what purpose?
We want to get to the point where msg.res is no longer emitted by the node at all and any functionality it exposed can be done by passing appropriate properties to the HTTP Response node. The first step will be to deprecate the functions in the next release (with log messages when calls to the functions are detected), and then remove them entirely in NextRelease+1.
Nick