Governance
ExpressoTS is an independent, MIT-licensed open-source project maintained by a small core team with help from the community. This page explains how decisions are made, how to contribute, how releases work, and how to report security issues. Nothing more, nothing less.
What we optimise for
- A small, focused core. The framework keeps a tight kernel; optional behaviour lives in separate packages and in Studio.
- Sensible defaults. The common case should work with little or no configuration, with escape hatches when you need them.
- An observable runtime. What the framework does at runtime should be inspectable in Studio without changing your code.
How decisions are made
There is no heavy process. The path depends on the size of the change:
| Change | What to do |
|---|---|
| Bug fix, docs, small refactor, additive helper | Open a pull request directly |
| New feature in an existing package | Open an issue to discuss first, then a PR |
| New package or a breaking change | Open an issue, agree on the approach, then a PR targeted at the next major |
| Security issue | Report privately; do not open a public issue |
The core team reviews contributions and decides whether to merge, request changes, or discuss further. Significant architectural decisions are recorded as ADRs in the source tree (packages/**/.docs/decision-log.md).
Who maintains it
| Role | What it means |
|---|---|
| Contributor | Anyone who opens an issue, files a PR, reviews code, or helps in Discord. No formal step; just start. |
| Core team | A small group with merge rights who review PRs, cut releases, and maintain the packages. |
We're actively looking to grow the core team. The path is concrete: deliver a few meaningful contributions (a feature, a significant improvement, or sustained quality work in one area), and you'll be invited to join.
How to contribute
- Use it. Create a project and exercise Core, Adapter-Express, the CLI, and Studio. Note what could be better.
- Pick something. Browse open issues or propose your own.
- Clone and explore:
git clone https://github.com/expressots/expressots.git
- Open a PR. Use conventional commits. We'll review it and give feedback.
- Join the conversation on Discord.
Ready to start? Fix a bug or open a proposal
Releases
ExpressoTS follows Semantic Versioning and ships as a bundle: every published package shares the same version on each release, so you never have to reconcile cross-package version drift.
Releases are published to npm in dependency order (shared → core → adapter-express → cli → templates → studio-agent → studio), tagged on GitHub, and documented in the release notes.
See Release notes → Support policy for the support window of each version.
Code of conduct
We follow the Contributor Covenant. Report unacceptable behaviour privately via Discord DM or the security contact below. All reports are confidential.
Security disclosures
Please do not open public issues for security vulnerabilities.
- Report privately via GitHub Security Advisories on the relevant repo.
- We aim to acknowledge within 7 days.
- We agree on a fix window with the reporter, ship a patch on every supported version, then publish the advisory.
Support the Project
ExpressoTS is MIT-licensed open source. See the support guide to contribute.