Express generator does not provide the recommendations on handling post request, performance, security and testing.

Introduction

Express generator creates a simple boilerplate without much assumption. But some notable things left out are as follows

Body parser

Normally you will use body parser to get the form submitted values in post body from client to req.body. So if a name is submitted inside body in post request from client, then name will be available as req.body.name inside our express function.

Testing

If you have any business logic inside the express server, then you would ofcourse write some unit tests. But there is no option to have the testing setup through any configuration options.

Database integration

There are many types of database avaible, and trying to have an integration to each one of them as a configuration option would be not possible. But just like we have integration for view engine and css middleware, we could have had some boilderplate for database integration for some of the popular databases.

Performance

Express recommends to use gzip in production to compress the payload from server.

app.use(compression()) It also recommends to set the NODE_ENV to production. But these preformance recommendations are not available by default or through configuration in the boilerplate.

There are some other recommendations which are dependant upon the environment like caching or clustering. These cannot be put in boilerplate, as the user can either use Nginx, or HAProxy or some other web server. Similarly, cluster is dependant upon the server, and how is the environemnt set up. These kind of recommendations cannot be put in boilerplate.

Security

Just like performance recommendations, there are some recommendations on security as well. And these security recommendations are again not available as configuration or default in boilerplate.

Like for example, Express recommends to use Helmet library to set security-related HTTP headers like content-security-policy, X-Powered-By and more. You will have to set these security related code manually.