finalhandler is a Node.js module that provides a function to run as the final step in an HTTP server request, generating a 404 response when there is no error or an error response when there is an error. It’s useful for wiring up request handling, including middleware-style flows, and lets you control environment behavior and optionally receive errors via an onerror callback.
Project status
- The repository appears actively maintained, with recent tag activity in late 2025 (v1.3.2, v2.1.1) and a most recent upstream push dated 2026-06-02.
- The apparent updates cadence is relatively steady but not frequent, with a sequence of updates concentrated around 2025-12 and earlier major refactoring work in 2025-03, after which the next explicitly summarized update is v2.1.1 (timing of any intermediate changes between tags is not shown here).
AI summary generated Today
Recent updates
v2.1.1
6 months agov2.1.1 release notes primarily describe CI and documentation/metadata updates (CodeQL, Dependabot, Scorecard badge, action version pinning) plus an engines field correction. The actual diff shows additional runtime behavior changes in index.js, along with significant dependency and test infrastructure updates that are not called out in the v2.1.1 release notes text.
Breakingv1.3.2
6 months agov1.3.2 primarily updates dependency versions and adjusts CI/test coverage. The main runtime code change is in how response `statusMessage` is set, specifically gating it based on HTTP version.
Breakingv2.1.0
3/5/2025v2.1.0 refactors finalhandler internals to remove several compatibility/legacy shims (notably headersSent and setImmediate handling), and modernizes string and object handling. It also updates CI and test tooling, and bumps several dependencies while switching to caret-based version ranges.
Breakingv1.2.0
3/23/2022Release 1.2.0 updates finalhandler to newer versions of on-finished and statuses, and changes how it determines HTTP status messages. It also adds logic to remove certain Content-* headers before sending an error/404 response, aiming to avoid responses that break due to incorrect content metadata.
Breakingv1.1.2
5/10/2019Release 1.1.2 tightens the Content-Security-Policy header used by finalhandler responses and bumps runtime dependencies parseurl and statuses. The code diff also shows additional contributor-facing changes to CI/lint/test configuration.
BreakingSecurityv1.1.1
3/6/2018Release v1.1.1 primarily fixes how finalhandler formats the default 404 message when the request path is missing or cannot be parsed. It also bumps a couple of runtime dependencies (encodeurl and statuses). The code changes are localized to error/404 message construction in index.js.
v1.1.0
9/25/2017Release 1.1.0 updates finalhandler to detect whether response headers have already been sent using the standard res.headersSent property when available. It replaces previous internal checks against the non-standard res._header field with a small helper to choose the best available signal.
v1.0.6
9/22/2017Release v1.0.6 updates the `finalhandler` package version and bumps the `debug` dependency from 2.6.8 to 2.6.9. The provided release notes mention only the dependency update, and the code diff shows no other functional changes beyond metadata/history updates.
v1.0.5
9/16/2017Release v1.0.5 updates the dependency parseurl to version ~1.3.2, aligning with the stated performance improvements. The code diff also shows minor non-runtime changes to CI testing and README formatting.
v1.0.4
8/4/2017Release v1.0.4 primarily updates the debug dependency to 2.6.8, as stated in the release notes. The code diff shows additional dependency bumps and CI configuration changes that are not mentioned in the release notes.