Express.js is the most popular Node.js web framework for building APIs and web applications, offering minimalism, flexibility, and a massive ecosystem.
If you're building a backend with Node.js, you've likely used or considered Express.js. It's the unopinionated, minimalist framework that has dominated the Node ecosystem for over a decade. I use it as the foundation for most API servers at Anjeer Labs because it gets out of the way and lets you structure your application logic. This guide will walk through its core concepts, practical setup, and when it's the right—or wrong—tool for the job.
Why Express.js Matters (and When to Skip It)
Express.js matters because it solved a fundamental problem: creating a web server in Node.js without rewriting low-level HTTP modules. It introduced middleware, a simple routing API, and just enough structure to build serious applications. The ecosystem that grew around it—authentication libraries, template engines, ORM integrations—is its real superpower.
However, you should skip Express.js if you're building a real-time application with heavy bidirectional communication. While possible with Socket.io, frameworks like Socket.io or specialized real-time services are better suited. Also, if you strongly prefer convention-over-configuration and built-in best practices, consider NestJS or AdonisJS. Express gives you freedom, which can lead to messy architecture if you're not disciplined.
Getting Started with Express.js
The fastest way to start is with a minimal TypeScript setup. First, initialize a project and install dependencies.
npm init -y
npm install express
npm install -D typescript @types/node @types/express ts-node nodemon
Create a tsconfig.json and then your first server file, src/index.ts.
import express, { Request, Response } from 'express';
const app = express();
const port = 3000;
// Basic route
app.get('/', (req: Request, res: Response) => {
res.send('Hello from Express.js');
});
// Start server
app.listen(port, () => {
console.log(`Server running at http://localhost:${port}`);
});
Add a start script to your package.json: "dev": "nodemon src/index.ts". Run npm run dev and visit localhost:3000. You now have a live server. This simplicity is Express's greatest strength—you're writing application logic within minutes.
Core Express.js Concepts Every Developer Should Know
Understanding middleware, routing, and the request-response cycle is non-negotiable.
Middleware are functions that have access to the request, response, and the next function in the cycle. They can execute code, modify objects, or end the cycle. This is how you handle logging, authentication, and parsing.
import express, { Request, Response, NextFunction } from 'express';
const app = express();
// Custom logging middleware
app.use((req: Request, res: Response, next: NextFunction) => {
console.log(`${req.method} ${req.path} at ${new Date().toISOString()}`);
next(); // Pass control to the next middleware/route
});
// Built-in middleware for parsing JSON
app.use(express.json());
app.post('/api/data', (req: Request, res: Response) => {
console.log(req.body); // Parsed JSON available here
res.json({ received: req.body });
});
Routing defines how your application responds to client requests to specific endpoints. Express's routing is intuitive and flexible.
// Route parameters
app.get('/api/users/:userId', (req: Request, res: Response) => {
res.send(`Fetching user with ID: ${req.params.userId}`);
});
// Route grouping with express.Router()
const router = express.Router();
router.get('/profile', (req, res) => res.send('User Profile'));
router.post('/settings', (req, res) => res.send('Settings Updated'));
app.use('/user', router); // Mount router at /user
Error Handling Middleware is a special type of middleware with four arguments. You must define it after all other app.use() calls.
// After all your routes and middleware
app.use((err: Error, req: Request, res: Response, next: NextFunction) => {
console.error(err.stack);
res.status(500).send('Something broke!');
});
Common Express.js Mistakes and How to Fix Them
The most common pitfalls stem from misunderstanding middleware flow and asynchronous code.
Blocking the Event Loop with Synchronous Code. Express runs on Node's single thread. A long synchronous operation in a route handler will freeze the entire server.
// ❌ BAD: Synchronous loop blocks all other requests.
app.get('/slow', (req, res) => {
for (let i = 0; i < 1e10; i++) {} // CPU-intensive loop
res.send('Done');
});
// ✅ FIX: Offload heavy work. Use async/await for I/O, or queue CPU tasks.
app.get('/fast', async (req, res) => {
await someAsyncDatabaseQuery(); // Non-blocking
res.send('Done');
});
Not Handling Async Errors in Middleware. Async route handlers that throw errors will crash your app if not caught.
// ❌ BAD: Error will not be caught by your error middleware.
app.get('/async-route', async (req, res) => {
const data = await fetchData(); // Might reject
res.json(data);
});
// ✅ FIX: Wrap async handler or use a library.
const asyncHandler = (fn: Function) => (req: Request, res: Response, next: NextFunction) => {
Promise.resolve(fn(req, res, next)).catch(next);
};
app.get('/async-route', asyncHandler(async (req, res) => {
const data = await fetchData();
res.json(data);
}));
Serving Static Files Without Security Considerations. Using express.static() is easy, but exposing your entire project root is dangerous.
// ❌ BAD: Exposes potentially sensitive files if structure changes.
app.use(express.static(__dirname));
// ✅ FIX: Create a dedicated 'public' directory and serve only that.
app.use(express.static('public'));
// Now only files in ./public are accessible via HTTP.
When Should You Use Express.js?
Use Express.js when you need to build a RESTful API, a server-rendered web application, or a proxy/middleware layer quickly. It's perfect for prototypes, MVPs, and microservices where you value developer speed and control over the stack. It's also the right choice when you need to integrate a wide variety of npm packages without framework compatibility headaches.
Do not use Express.js as a static site generator for a simple marketing page—use a dedicated static site tool. Avoid it for complex enterprise applications that require strict architectural layers and dependency injection out-of-the-box, unless you plan to enforce those patterns yourself.
Express.js in Production
For production deployments on my projects at suhailroushan.com, I follow two key practices. First, always use a reverse proxy like Nginx or a cloud load balancer in front of your Express app. It handles SSL termination, gzip compression, and static file serving more efficiently. Second, implement structured logging and health checks. Your app.get('/health') route should check database connectivity and critical external services.
Use the helmet middleware to set secure HTTP headers and compression for gzipping responses. These are one-line additions with significant impact. Finally, never trust user input—always validate and sanitize request data using a library like Joi or Zod before it touches your business logic.
Start your next backend by defining your routes and middleware stack on paper before writing a single line of Express.js code.