update to eslint 9

benchmarks/middleware.js

@@ -1,20 +1,19 @@
-
-var express = require('..');
-var app = express();
+const express = require('../')
+const app = express()
 
 // number of middleware
 
-var n = parseInt(process.env.MW || '1', 10);
-console.log('  %s middleware', n);
+let n = parseInt(process.env.MW || '1', 10)
+console.log('  %s middleware', n)
 
 while (n--) {
-  app.use(function(req, res, next){
-    next();
-  });
+  app.use((req, res, next) => {
+    next()
+  })
 }
 
-app.use(function(req, res){
+app.use((req, res) => {
   res.send('Hello World')
-});
+})
 
-app.listen(3333);
+app.listen(3333)

eslint.config.mjs

@@ -0,0 +1,23 @@
+import globals from 'globals'
+import neostandard from 'neostandard'
+
+// globals present in Node.js but not in browsers.
+const nodeGlobals = Object.keys(globals.node).filter(g => !Object.keys(globals.browser).includes(g))
+
+// Node.js-specific globals that are allowed.
+const allowedGlobals = [
+  'require', 'module', 'exports', '__dirname', 'process', 'setImmediate'
+]
+
+export default [
+  ...neostandard({
+    env: ['mocha']
+  }),
+  {
+    rules: {
+      'global-require': 'warn',
+      'no-restricted-globals': ['error', ...nodeGlobals.filter(g => !allowedGlobals.includes(g))],
+      'n/handle-callback-err': 'off'
+    }
+  }
+]

examples/auth/index.js

@@ -4,17 +4,17 @@
  * Module dependencies.
  */
 
-var express = require('../..');
-var hash = require('pbkdf2-password')()
-var path = require('node:path');
-var session = require('express-session');
+const express = require('../../')
+const hash = require('pbkdf2-password')()
+const path = require('node:path')
+const session = require('express-session')
 
-var app = module.exports = express();
+const app = module.exports = express()
 
 // config
 
-app.set('view engine', 'ejs');
-app.set('views', path.join(__dirname, 'views'));
+app.set('view engine', 'ejs')
+app.set('views', path.join(__dirname, 'views'))
 
 // middleware
 
@@ -23,112 +23,111 @@ app.use(session({
   resave: false, // don't save session if unmodified
   saveUninitialized: false, // don't create session until something stored
   secret: 'shhhh, very secret'
-}));
+}))
 
 // Session-persisted message middleware
 
-app.use(function(req, res, next){
-  var err = req.session.error;
-  var msg = req.session.success;
-  delete req.session.error;
-  delete req.session.success;
-  res.locals.message = '';
-  if (err) res.locals.message = '<p class="msg error">' + err + '</p>';
-  if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>';
-  next();
-});
+app.use((req, res, next) => {
+  const err = req.session.error
+  const msg = req.session.success
+  delete req.session.error
+  delete req.session.success
+  res.locals.message = ''
+  if (err) res.locals.message = '<p class="msg error">' + err + '</p>'
+  if (msg) res.locals.message = '<p class="msg success">' + msg + '</p>'
+  next()
+})
 
 // dummy database
 
-var users = {
+const users = {
   tj: { name: 'tj' }
-};
+}
 
 // when you create a user, generate a salt
 // and hash the password ('foobar' is the pass here)
 
-hash({ password: 'foobar' }, function (err, pass, salt, hash) {
-  if (err) throw err;
+hash({ password: 'foobar' }, (err, pass, salt, hash) => {
+  if (err) throw err
   // store the salt & hash in the "db"
-  users.tj.salt = salt;
-  users.tj.hash = hash;
-});
-
+  users.tj.salt = salt
+  users.tj.hash = hash
+})
 
 // Authenticate using our plain-object database of doom!
 
-function authenticate(name, pass, fn) {
-  if (!module.parent) console.log('authenticating %s:%s', name, pass);
-  var user = users[name];
+function authenticate (name, pass, fn) {
+  if (!module.parent) console.log('authenticating %s:%s', name, pass)
+  const user = users[name]
   // query the db for the given username
   if (!user) return fn(null, null)
   // apply the same algorithm to the POSTed password, applying
   // the hash against the pass / salt, if there is a match we
   // found the user
-  hash({ password: pass, salt: user.salt }, function (err, pass, salt, hash) {
-    if (err) return fn(err);
+  hash({ password: pass, salt: user.salt }, (err, pass, salt, hash) => {
+    if (err) return fn(err)
     if (hash === user.hash) return fn(null, user)
     fn(null, null)
-  });
+  })
 }
 
-function restrict(req, res, next) {
+function restrict (req, res, next) {
   if (req.session.user) {
-    next();
+    next()
   } else {
-    req.session.error = 'Access denied!';
-    res.redirect('/login');
+    req.session.error = 'Access denied!'
+    res.redirect('/login')
   }
 }
 
-app.get('/', function(req, res){
-  res.redirect('/login');
-});
+app.get('/', (req, res) => {
+  res.redirect('/login')
+})
 
-app.get('/restricted', restrict, function(req, res){
-  res.send('Wahoo! restricted area, click to <a href="/logout">logout</a>');
-});
+app.get('/restricted', restrict, (req, res) => {
+  res.send('Wahoo! restricted area, click to <a href="/logout">logout</a>')
+})
 
-app.get('/logout', function(req, res){
+app.get('/logout', (req, res) => {
   // destroy the user's session to log them out
   // will be re-created next request
-  req.session.destroy(function(){
-    res.redirect('/');
-  });
-});
+  req.session.destroy(() => {
+    res.redirect('/')
+  })
+})
 
-app.get('/login', function(req, res){
-  res.render('login');
-});
+app.get('/login', (req, res) => {
+  res.render('login')
+})
 
-app.post('/login', function (req, res, next) {
+app.post('/login', (req, res, next) => {
   if (!req.body) return res.sendStatus(400)
-  authenticate(req.body.username, req.body.password, function(err, user){
+  authenticate(req.body.username, req.body.password, (err, user) => {
     if (err) return next(err)
     if (user) {
       // Regenerate session when signing in
       // to prevent fixation
-      req.session.regenerate(function(){
+      req.session.regenerate(() => {
         // Store the user's primary key
         // in the session store to be retrieved,
         // or in this case the entire user object
-        req.session.user = user;
-        req.session.success = 'Authenticated as ' + user.name
-          + ' click to <a href="/logout">logout</a>. '
-          + ' You may now access <a href="/restricted">/restricted</a>.';
-        res.redirect(req.get('Referrer') || '/');
-      });
+        req.session.user = user
+        req.session.success = 'Authenticated as ' + user.name +
+          ' click to <a href="/logout">logout</a>. ' +
+          ' You may now access <a href="/restricted">/restricted</a>.'
+        res.redirect(req.get('Referrer') || '/')
+      })
     } else {
-      req.session.error = 'Authentication failed, please check your '
-        + ' username and password.'
-        + ' (use "tj" and "foobar")';
-      res.redirect('/login');
+      req.session.error = 'Authentication failed, please check your ' +
+        ' username and password.' +
+        ' (use "tj" and "foobar")'
+      res.redirect('/login')
     }
-  });
-});
+  })
+})
 
 /* istanbul ignore next */
 if (!module.parent) {
-  app.listen(3000);
-  console.log('Express started on port 3000');
+  app.listen(3000)
+  console.log('Express started on port 3000')
 }

examples/content-negotiation/db.js

@@ -1,9 +1,9 @@
 'use strict'
 
-var users = [];
+const users = []
 
-users.push({ name: 'Tobi' });
-users.push({ name: 'Loki' });
-users.push({ name: 'Jane' });
+users.push({ name: 'Tobi' })
+users.push({ name: 'Loki' })
+users.push({ name: 'Jane' })
 
-module.exports = users;
+module.exports = users

examples/content-negotiation/index.js

@@ -1,46 +1,43 @@
 'use strict'
 
-var express = require('../../');
-var app = module.exports = express();
-var users = require('./db');
+const express = require('../../')
+const app = module.exports = express()
+const users = require('./db')
 
 // so either you can deal with different types of formatting
 // for expected response in index.js
-app.get('/', function(req, res){
+app.get('/', (req, res) => {
   res.format({
-    html: function(){
-      res.send('<ul>' + users.map(function(user){
-        return '<li>' + user.name + '</li>';
-      }).join('') + '</ul>');
+    html: function () {
+      res.send('<ul>' + users.map((user) => '<li>' + user.name + '</li>').join('') + '</ul>')
     },
 
-    text: function(){
-      res.send(users.map(function(user){
-        return ' - ' + user.name + '\n';
-      }).join(''));
+    text: function () {
+      res.send(users.map((user) => ' - ' + user.name + '\n').join(''))
     },
 
-    json: function(){
-      res.json(users);
+    json: function () {
+      res.json(users)
     }
-  });
-});
+  })
+})
 
 // or you could write a tiny middleware like
 // this to add a layer of abstraction
 // and make things a bit more declarative:
 
-function format(path) {
-  var obj = require(path);
-  return function(req, res){
-    res.format(obj);
-  };
+function format (path) {
+  // eslint-disable-next-line global-require
+  const obj = require(path)
+  return function (req, res) {
+    res.format(obj)
+  }
 }
 
-app.get('/users', format('./users'));
+app.get('/users', format('./users'))
 
 /* istanbul ignore next */
 if (!module.parent) {
-  app.listen(3000);
-  console.log('Express started on port 3000');
+  app.listen(3000)
+  console.log('Express started on port 3000')
 }

examples/content-negotiation/users.js

@@ -1,19 +1,15 @@
 'use strict'
 
-var users = require('./db');
+const users = require('./db')
 
-exports.html = function(req, res){
-  res.send('<ul>' + users.map(function(user){
-    return '<li>' + user.name + '</li>';
-  }).join('') + '</ul>');
-};
+exports.html = function (req, res) {
+  res.send('<ul>' + users.map((user) => '<li>' + user.name + '</li>').join('') + '</ul>')
+}
 
-exports.text = function(req, res){
-  res.send(users.map(function(user){
-    return ' - ' + user.name + '\n';
-  }).join(''));
-};
+exports.text = function (req, res) {
+  res.send(users.map((user) => ' - ' + user.name + '\n').join(''))
+}
 
-exports.json = function(req, res){
-  res.json(users);
-};
+exports.json = function (req, res) {
+  res.json(users)
+}