Express Development Mode Is Enabled

Severity: Medium

Invicti detected that the development mode is enabled in the Express.


By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.

Actions To Take#

You can signal Node.js that you are running in production by setting the NODE_ENV environment variable like below:


Dead accurate, fast & easy-to-use Web Application Security Scanner

Get a demo