express 4.0.0 generates deprecated dependencies and vulnerabilities

Question

Having installed all the default versions from the Ubuntu 18.04 LTS repos:

nvm 0.35.0
node v10.16.3
npm 6.9.0
express 4.0.0

All the following commands (provided in the express starter tutorial and several StackOverflow questions and blogs)

express app --view=pug
express --view pug
express --pug

generate package.json like so:

{
  "name": "application-name",
  "version": "0.0.1",
  "private": true,
  "scripts": {
    "start": "nodejs ./bin/www"
  },
  "dependencies": {
    "express": "~4.0.0",
    "static-favicon": "~1.0.0",
    "morgan": "~1.0.0",
    "cookie-parser": "~1.0.1",
    "body-parser": "~1.0.0",
    "debug": "~0.7.4",
    "jade": "~1.3.0"
  }
}

Running npm install on that will, of course, produce depreciation warning for jade and also report a critical vulnerability for constantinople@2.0.1.

Not a good start, huh?

Question: How to get a working and current kickstart with express-generator (or anyhow else)?

Answer 1

If you want to upgrade package.json dependencies to the latest version, follow these steps -

1. Run npx express-generator --view=ejs my-app (you can change view to pug/handlebars if you want)
2. cd my-app, open in VS Code
3. Run npx npm-check-updates -u
4. Run npm install

Answer 2

• Please use npx express-generator to get the latest version of express.
• In package.json remove Jade
• Install Pug (Jade has been renamed to pug) npm install pug
• Run npm install again
• In app.js changes app.set('view engine', 'jade'); to app.set('view engine', 'pug');
• In views folder rename any jade file to pug. Ex: index.jade -> index.pug
• Run npm audit to check for any vulnerabilities again