express-nodejs-expert
Provides expert knowledge of Express.js and Node.js for building secure, performant web applications and APIs.
Install this skill
Security score
The express-nodejs-expert skill was audited on Feb 9, 2026 and we found 36 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 25 | console.log(`Server running at http://localhost:${port}`); |
Template literal with variable interpolation in command context
| 63 | console.log(`Server running in ${process.env.NODE_ENV || 'development'} mode on port ${port}`); |
Template literal with variable interpolation in command context
| 163 | console.log(`${req.method} ${req.path}`); |
Template literal with variable interpolation in command context
| 424 | this.status = `${statusCode}`.startsWith('4') ? 'fail' : 'error'; |
Template literal with variable interpolation in command context
| 903 | console.log(`${req.method} ${req.url} - ${time.toFixed(2)}ms`); |
Template literal with variable interpolation in command context
| 980 | console.log(`Server running on port ${port}`); |
Template literal with variable interpolation in command context
| 985 | console.log(`\n${signal} signal received: closing HTTP server`); |
Access to .env file
| 18 | const port = process.env.PORT || 3000; |
Access to .env file
| 37 | const port = process.env.PORT || 3000; |
Access to .env file
| 56 | ...(process.env.NODE_ENV === 'development' && { stack: err.stack }) |
Access to .env file
| 63 | console.log(`Server running in ${process.env.NODE_ENV || 'development'} mode on port ${port}`); |
Access to .env file
| 189 | if (process.env.NODE_ENV === 'development') { |
Access to .env file
| 216 | error: process.env.NODE_ENV === 'production' |
Access to .env file
| 454 | ...(process.env.NODE_ENV === 'development' && { stack: err.stack }) |
Access to .env file
| 768 | origin: process.env.ALLOWED_ORIGINS?.split(',') || 'https://myapp.com', |
Access to .env file
| 917 | host: process.env.DB_HOST, |
Access to .env file
| 918 | port: process.env.DB_PORT, |
Access to .env file
| 919 | database: process.env.DB_NAME, |
Access to .env file
| 920 | user: process.env.DB_USER, |
Access to .env file
| 921 | password: process.env.DB_PASSWORD, |
Access to .env file
| 946 | const isDevelopment = process.env.NODE_ENV === 'development'; |
Access to .env file
| 947 | const isProduction = process.env.NODE_ENV === 'production'; |
Access to .env file
| 977 | const port = process.env.PORT || 3000; |
Access to .env file
| 1026 | level: process.env.LOG_LEVEL || 'info', |
Access to .env file
| 1037 | if (process.env.NODE_ENV !== 'production') { |
External URL reference
| 25 | console.log(`Server running at http://localhost:${port}`); |
External URL reference
| 595 | 'https://external-api.com/endpoint', |
External URL reference
| 624 | 'https://external-api.com/endpoint', |
External URL reference
| 669 | 'https://external-api.com/endpoint', |
External URL reference
| 713 | 'https://external-api.com/search', |
External URL reference
| 768 | origin: process.env.ALLOWED_ORIGINS?.split(',') || 'https://myapp.com', |
External URL reference
| 778 | const allowedOrigins = ['https://myapp.com', 'https://app.example.com']; |
External URL reference
| 1312 | - Express.js Documentation: https://expressjs.com/ |
External URL reference
| 1314 | - Express Security: https://expressjs.com/en/advanced/best-practice-security.html |
External URL reference
| 1315 | - Helmet Documentation: https://helmetjs.github.io/ |
External URL reference
| 1316 | - Axios Documentation: https://axios-http.com/docs/intro |