[mydigitalself]

Yes, node node node! :)

Um, thanks for pointing this out, will take a look at it, we may have blown through the rate limit.

[babby]

Isnt echoing errors like that a security issue? Im not implying it necessarly is, because it's obviously conveniently useful for debugging.

[elisee]

Yup, they should log / e-mail themselves the error messages when in production rather than displaying them, sensitive info might leak plus stacktrace aren't very friendly.

Looks like they might have left the connect.errorHandler() dev middleware (http://www.senchalabs.org/connect/errorHandler.html) plugged into their app.

[monokrome]

It's only a security issue if it provides exploitable information. It's more commonly avoided as an issue regarding user confusion, not security.

[mydigitalself]

We normally don't do this, we put this little preview app together quite quickly using a slightly different infrastructure to our regular stuff.

We normally log these and just display a friendly error message to the end user.