Last Updated: May 2, 2026
Advanced Express.js patterns: middleware chains, error handling, async route wrappers, rate limiting, helmet security, and production deployment.
Middleware Patterns
| Pattern | Usage |
|---|---|
| Application-level | app.use(logger('dev')) |
| Router-level | router.use(authMiddleware) |
| Error-handling | app.use((err, req, res, next) => { ... }) |
| Built-in | express.json(), express.static() |
Error Handling
express-async-errorsAuto-catches async errors and passes to error handler.
Custom error classesExtend Error with statusCode for structured error responses.
Security with Helmet
| Middleware | Protection |
|---|---|
helmet() | Sets 11 security headers |
helmet.contentSecurityPolicy() | Control script/style sources |
helmet.frameguard() | Prevent clickjacking |
Production Deployment
| Strategy | Details |
|---|---|
| Cluster mode | cluster.fork() — one per CPU core |
| PM2 | Auto-restart, log management |
| Graceful shutdown | Listen for SIGTERM, drain connections |
Pro Tip: Use express-async-errors as a one-line safety net for async route handlers.