generator icon indicating copy to clipboard operation
generator copied to clipboard

Published 20 hours ago verified publisher icon expressjs

Changed default view engine to pug

Open ghost opened this issue 5 years ago • 2 comments

npm says that jade package includes some security vulnerabilities which is one of them is critical. so, I changed the default engine immediately. I didn't tested the app, since I don't know how to do it.

ghost avatar Aug 17 '19 05:08 ghost

Changed default view engine from jade to pug. Also adjusted tests.

ghost avatar Aug 17 '19 05:08 ghost

I'd like to see this change as well, having security vulns in the default use case isn't something that should be enouraged for express users (or any project).

@replacepreg this needs additional changes:

  1. package.engines.node has to change to > 0.12
  2. package.version has to change to 5.0.0 (because dropping support for a node version is semver-major)
  3. .travis.yml needs 0.10 and 0.12 removed

Maintainers - opinions?

https://www.npmjs.com/package/jade has been thorougly deprecated, its not a good default.

sam-github avatar Nov 05 '19 19:11 sam-github