By default, Express applications run in development mode. In development mode, Express returns more verbose errors which can result in information leakage. This also provides an attacker with information about the host system. It's recommended to configure Node.js to run in production mode.


You can signal Node.js that you are running in production by setting the NODE_ENV=production environment variable.


Related Vulnerabilities