Skip to content

chore: bring in the changes from fastify/send #293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bjohansebas wants to merge 111 commits into
base: master
Choose a base branch
from
Open

chore: bring in the changes from fastify/send #293

bjohansebas wants to merge 111 commits into from

Conversation

@bjohansebas
Copy link
Member

@bjohansebas bjohansebas commented Jan 21, 2026

Hi! I’m bringing in the changes from fastify/send so we can work on a version that doesn’t break the current send API too much, while still getting the performance improvements from the send fork. The goal is only to bring in the existing changes for now, not to make it compatible yet. I’ve noticed that they removed some dependencies and added their own implementations of those dependencies in their fork; I think we could send those changes upstream so everyone can benefit from them. While it’s probably possible to work on an API in Node core, we also need to focus on our current issues.

base commit: fastify/send@030392f of fastify/send

closes #159

cc: @mcollina @Uzlopak @Fdawgs @climba03003 because they are the ones who maintained the fork.
cc: @pillarjs/express-tc

mcollina and others added 30 commits January 11, 2023 11:25
@mcollina
module rename
72004f0 
Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina
fixup
ac7922b 
Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina
Update debug
70aa309 
Signed-off-by: Matteo Collina <hello@matteocollina.com>
@mcollina
Merge pull request #1 from fastify/update-debug
a5ba254 
Update debug
@mcollina
Bumped v1.0.0
e5ebad0 
Signed-off-by: Matteo Collina <hello@matteocollina.com>
@Fdawgs
chore: repo updates (pillarjs#3)
a225093 
* chore: disable package-lock generation

* ci: use org reusable workflow

* chore(.gitignore): use skeleton template

* docs: remove security policy, allowing org one to show

* chore(package): replace eslint with standard

* chore(package): remove engines

* docs(readme): update title, add badges

* chore: lint files
@dependabot
build(deps-dev): bump supertest from 6.2.2 to 6.3.3 (pillarjs#8)
b05ea94 
Bumps [supertest](https://github.com/visionmedia/supertest) from 6.2.2 to 6.3.3.
- [Release notes](https://github.com/visionmedia/supertest/releases)
- [Commits](forwardemail/supertest@v6.2.2...v6.3.3)

---
updated-dependencies:
- dependency-name: supertest
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
build(deps-dev): bump mocha from 9.2.2 to 10.2.0 (pillarjs#9)
8a01a72 
Bumps [mocha](https://github.com/mochajs/mocha) from 9.2.2 to 10.2.0.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](mochajs/mocha@v9.2.2...v10.2.0)

---
updated-dependencies:
- dependency-name: mocha
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Uzlopak
replace mocha with tap (#10)
e86dba5 
* replace mocha with tap

* fix coverage issue
@Uzlopak
add types, nodenext, upgrade mime (pillarjs#6)
46fd432 
* add types, nodenext, upgrade mime

* improve test coverage
@Uzlopak
use t.error instead of t.pass (pillarjs#11)
5b263c2
@Uzlopak
use listenerCount immediatly (pillarjs#13)
3c18fc1 
* use listenerCount immediatly

* like before
@Uzlopak
remove deprecated options and methods (pillarjs#12)
8642dfb 
* remove deprecated option and methods

* decrease branch coverage to 95
@Uzlopak
remove node < 8 ponyfills for res.headersSent and res.getHeaderNames (p…
ae87c17 
…illarjs#14)
@Uzlopak
100% test coverage (pillarjs#16)
8c05363 
* 100% test coverage

* add ENAMETOOLONG test

* add test case for ENOTDIR

* fix linting

* increase longFilename to 512 characters

* patch onStatError for further investigation on windows

* try to ignore block for coverage

* windows switch

* fix linting
@Uzlopak
avoid deoptimization in range support (pillarjs#20)
7ce38ec
@Uzlopak
add example (pillarjs#19)
3f4ffb2
@Uzlopak
add pre-commit (pillarjs#18)
3ec3d1d
@Uzlopak
use fast-decode-uri-component (pillarjs#21)
75e0ff4
@Uzlopak
remove statuses package, precompute errors (pillarjs#17)
ae3d3d9
@Uzlopak
remove encodeurl (pillarjs#23)
5e28adc
@Uzlopak
remove destroy (pillarjs#25)
9f0df93
@Uzlopak
remove backwards compatibilty of dotfiles (pillarjs#22)
3d6de26
@Uzlopak
remove debug (pillarjs#24)
5ba5860
@Uzlopak
remove etag (pillarjs#26)
54f74ae
@Uzlopak
restructure (pillarjs#27)
504b981
@Fdawgs
chore(license): use github mit license template; add fastify team (pi…
d70d7ca 
…llarjs#28)
@Fdawgs
docs(readme): grammar and clarity fixes (pillarjs#29)
123e7e5
@Uzlopak
integrate range-parser (pillarjs#30)
ff81e96 
* integrate rangeg-parser

* named export parseRange
@Uzlopak
fix benchmark (pillarjs#32)
0c3307b
dependabot bot and others added 11 commits May 1, 2025 05:25
@dependabot
build(deps-dev): bump tsd from 0.31.2 to 0.32.0 (pillarjs#111)
bb6ccc1 
Bumps [tsd](https://github.com/tsdjs/tsd) from 0.31.2 to 0.32.0.
- [Release notes](https://github.com/tsdjs/tsd/releases)
- [Commits](tsdjs/tsd@v0.31.2...v0.32.0)

---
updated-dependencies:
- dependency-name: tsd
  dependency-version: 0.32.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@johaven
feat: add highWaterMark option (pillarjs#113)
c2760b1
@Fdawgs
4.1.0
1b54ebf
@Fdawgs
chore(license): update date ranges; standardise style (pillarjs#115)
107b7e0
@dependabot
build(deps-dev): bump @types/node from 22.15.34 to 24.0.8 (pillarjs#116)
c253fab 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 22.15.34 to 24.0.8.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.0.8
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Fdawgs
chore(.npmrc): ignore scripts (pillarjs#118)
27b6d67
@Fdawgs
build(deps-dev): remove @fastify/pre-commit (#119)
6b70f2c
@dependabot
build(deps-dev): bump tsd from 0.32.0 to 0.33.0 (pillarjs#120)
b043307 
Bumps [tsd](https://github.com/tsdjs/tsd) from 0.32.0 to 0.33.0.
- [Release notes](https://github.com/tsdjs/tsd/releases)
- [Commits](tsdjs/tsd@v0.32.0...v0.33.0)

---
updated-dependencies:
- dependency-name: tsd
  dependency-version: 0.33.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@Fdawgs
ci(ci): add concurrency config (#121)
3637eaf
@dependabot
build(deps-dev): bump @types/node from 24.10.4 to 25.0.3 (pillarjs#122)
030392f 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.10.4 to 25.0.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.0.3
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@bjohansebas
Merge remote-tracking branch 'fastify/main' into merge-fastify-send-2
2c5a5f2
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 21, 2026
View reviewed changes
test/utils.js
stream.pipe(res)
} catch (err) {
res.statusCode = 500
res.end(String(err))

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML Medium test

Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.
Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.
Exception text
Loading
is reinterpreted as HTML without escaping meta-characters.
@socket-security
Copy link

socket-security bot commented Jan 21, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addedfast-decode-uri-component@​1.0.11001008175100
Addedbenchmark@​2.1.41001009875100
Added@​lukeed/​ms@​2.0.210010010079100
Addedmime@​3.0.01001009981100
Addedc8@​10.1.39910010082100
Addedtsd@​0.33.09910010083100
Addedneostandard@​0.12.29910010085100
Updatedeslint@​7.32.0 ⏵ 9.39.294 -2100100 +194 +44100
Added@​types/​node@​25.0.10100100100100100

View full report

blakeembrey
blakeembrey reviewed Jan 21, 2026
View reviewed changes
Copy link
Member

@blakeembrey blakeembrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a few changes in the test suite from t. to using node:assert that I think we can omit from the PR and follow up on, but LGTM as a starting point to iterate from if the Fastify team is good with this.

package.json
"Douglas Christopher Wilson <doug@somethingdoug.com>",
"James Wyatt Cready <jcready@gmail.com>",
"Jesús Leganés Combarro <piranna@gmail.com>"
"Jesús Leganés Combarro <piranna@gmail.com>",
Copy link
Member

@blakeembrey blakeembrey Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consistent contributors list.

Copy link
Member Author

@bjohansebas bjohansebas Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you want me to do, remove them or what?

Copy link
Member

@blakeembrey blakeembrey Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They can all be written in the same format, no need to remove any. I can also do it in a follow up PR if you prefer.

Copy link
Member Author

@bjohansebas bjohansebas Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let’s do it in follow-up PRs

LICENSE Outdated

Copyright (c) 2012 TJ Holowaychuk
Copyright (c) 2014-2022 Douglas Christopher Wilson
Copyright (c) 2023-present The Fastify team
Copy link
Member

@blakeembrey blakeembrey Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't change the license so much but we can add:

Suggested change
Copyright (c) 2023-present The Fastify team
Copyright (c) 2023-2025 Fastify Team (https://github.com/fastify/fastify#team)

Copy link
Member Author

@bjohansebas bjohansebas Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if that is allowed.

https://github.com/openjs-foundation/cross-project-council/blob/main/governance/IP_POLICY_GUIDANCE.md#editing-existing-copyright-notices

Copy link
Member

@ctcpip ctcpip Jan 21, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

per the guidance:

By using this format, the project avoids having to deal with names of copyright holders, years or ranges of years, and variations on the (c) symbol.

I think the changes needs to be:

Copyright The Fastify Contributors.
Copyright The Express Contributors.

and avoid any other changes

Copy link
Member Author

@bjohansebas bjohansebas Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done
imagen

@bjohansebas
Copy link
Member Author

bjohansebas commented Jan 21, 2026

There's a few changes in the test suite from t. to using node:assert

Yes, but that was done to maintain compatibility with Node.js 18, since t.assert was added in later versions.

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 21, 2026
View reviewed changes
test/utils.js
stream.pipe(res)
} catch (err) {
res.statusCode = 500
res.end(String(err))

Check warning

Code scanning / CodeQL

Exception text reinterpreted as HTML

[Exception text](1) is reinterpreted as HTML without escaping meta-characters. [Exception text](2) is reinterpreted as HTML without escaping meta-characters. [Exception text](3) is reinterpreted as HTML without escaping meta-characters.
test/utils.js
stream.pipe(res)
} catch (err) {
res.statusCode = 500
res.end(String(err))

Check warning

Code scanning / CodeQL

Information exposure through a stack trace

This information exposed to the user depends on [stack trace information](1).
@bjohansebas
Copy link
Member Author

bjohansebas commented Jan 21, 2026

Next changes would be to go back to using mime-types, go back to using range-parser, also use etag as a dependency, things like that which were removed because of the fork.

@blakeembrey
Copy link
Member

blakeembrey commented Jan 21, 2026

Yes, but that was done to maintain compatibility with Node.js 18

Is node 18 a requirement? I didn’t see that mentioned, I thought I this PR was a direct port and we’d do follow up PRs for changes.

@bjohansebas
Copy link
Member Author

bjohansebas commented Jan 22, 2026
edited
Loading

Is node 18 a requirement? I didn’t see that mentioned, I thought I this PR was a direct port and we’d do follow up PRs for changes.

Well, that’s what the latest change does. If you want, I can do restoring that support in a follow-up PR and have this one only bring in the Fastify changes.

Edit: I’ve already removed those changes, and now it only supports Node>= 20 because of the test runner features. In follow-up PRs, we can bring back support for Node.js 18, 19 and 21.

@bjohansebas
refactor: update package details and README for migration to pillarjs…
e1469ad 
…/send

- I also run the npm run lint:fix command
@blakeembrey
Copy link
Member

blakeembrey commented Jan 22, 2026

Well, that’s what the latest change does. If you want, I can do restoring that support in a follow-up PR and have this one only bring in the Fastify changes.

I wanted to understand if it’s a requirement that I’ve missed somewhere, otherwise I’d push for a new major being v22 onwards. Everything else will be unmaintained by the time this releases as a major.

@bjohansebas
Copy link
Member Author

bjohansebas commented Jan 22, 2026
edited
Loading

I wanted to understand if it’s a requirement that I’ve missed somewhere, otherwise I’d push for a new major being v22 onwards. Everything else will be unmaintained by the time this releases as a major.

What our LTS policy says is a bit vague, and I don’t think the topic has been discussed further or has it? (i don’t remember), but the understanding (and how it has been handled so far), is that the support we have in Express is the minimum we must maintain in dependencies/middlewares. This would indicate that we should support the same minimum Node version that Express supports. https://github.com/expressjs/discussions/blob/master/docs/adr/352-lts-strategy.md#decision

express dependency packages will follow the same timeline and support dates for the express version which they are included with.

So far, this will be included in Express 5, since Express 6 has not been defined yet

@blakeembrey
Copy link
Member

blakeembrey commented Jan 22, 2026

is that the support we have in Express is the minimum we must maintain in dependencies/middlewares

That is an LTS document for Express, not node.js support, and IIRC in calls I advocated for and it was agreed that the dependency would be maintained as long as depended on in Express, and there was no requirement for new majors to support current express versions. Using a new major in the current Express version is a whole different can of worms, and independent to this PR which is meant to be porting work from a fork.

My priority is:

  1. Merging the fork and removing duplication so the whole ecosystem is safer (one dependency, one CVE triage).
  2. Making sure it can be maintained long term, as that's what I'm signing up for
  3. Making sure any new major can be used in the existing version of Express

FWIW, if every release had to work in the current major of Express it would be impossible to bump node version support. As such, this PR should only be to port the work and patch minor things (e.g. README, package name) and follow up PRs to figure out the level of support required for old node versions or API changes can be done later.

In the original PR description:

The goal is only to bring in the existing changes for now, not to make it compatible yet.

This is what the PR should be. I'd leave everything else to future PRs. The most important thing is obtaining ecosystem buy-in from Fastify, then iterating to a place where it's in the best place for as many users as possible (including Fastify, Express, etc). If needed the existing major can be used indefinitely, which isn't unprecedented. I maintained path-to-regexp 0.1.x for 10 years before Express moved to the current major. I prefer that over being unable to change anything for 10 years, so we should do the best we can for the package today and worry the rest later. And who knows, perhaps node 18 support will be naturally anyway because there aren't any trade-offs.

blakeembrey
blakeembrey approved these changes Jan 22, 2026
View reviewed changes
Copy link
Member

@blakeembrey blakeembrey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cc @mcollina @Fdawgs @Uzlopak

I'm happy if y'all are, I'll iterate and release this similar to cookie. I'd like to look into further perf optimizations and any potential breaking changes from this PR I can cc @Fdawgs. I don't anticipate breaking things for fun or backward compatibility, only if there's a major performance or maintenance win hidden somewhere that requires it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blakeembrey blakeembrey blakeembrey approved these changes

@ctcpip ctcpip Awaiting requested review from ctcpip

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adhere to the full Streams API