Fix: Replace deprecated util.isArray with Array.isArray

[dpkprajapati]

This pull request addresses a DeprecationWarning issued by modern Node.js versions regarding the use of util.isArray.

Problem:
When running applications that depend on connect-flash with recent Node.js versions, the following deprecation warning is consistently logged:
(node:XXXXX) [DEP0044] DeprecationWarning: The util.isArrayAPI is deprecated. Please useArray.isArray() instead.
This warning specifically originates from line 67 in lib/flash.js, where util.isArray is used to check if msg is an array.

Solution:
This change replaces the deprecated util.isArray call with the modern, standard Array.isArray().
Removed var isArray = require('util').isArray; as it is no longer needed.
Replaced isArray(msg) with Array.isArray(msg) in the _flash function.

Benefits:
Eliminates the DEP0044 deprecation warning in Node.js, leading to cleaner console output.
Improves compatibility with current and future Node.js versions, as util.isArray may eventually be removed.
Aligns the codebase with modern JavaScript best practices, as Array.isArray() is the preferred method for array detection.

This change is purely a maintenance update and does not alter the functionality or behavior of connect-flash. It simply updates an outdated API usage to a current standard.

[dpkprajapati]

"This addresses the common util.isArray Node.js warning."

[fgirolami29]

🚨 [IMPORTANT NOTICE – Replacement Maintained]

Hey 👋 Just a heads-up for anyone still waiting for updates on connect-flash:

📦 We’ve created a fully compatible, modern, actively maintained fork:
→ @codecorn/connect-flash-new

✅ Supports:

• CommonJS, ESM, and TypeScript
• Safe session management
• Preview middleware for res.locals.sessionFlash
• Future-ready features and security patches

🛠 Maintained by CodeCorn™
📫 Contact: f.girolami@codecorn.it

"We break things beautifully — then we automate the fix."

Feel free to migrate or open issues/PRs directly there.

[DominusKelvin]

Ran into this error with sails-flash as it has connect-flash as its dependency. Can this be merged?

[fgirolami29]

Ran into this error with sails-flash as it has connect-flash as its dependency. Can this be merged?

---

gotcha 👌—here’s a ready-to-paste set of solutions with all the options, plus a tiny PR patch we can offer upstream.

---

✅ Quick answer (drop-in, no code changes)

You can keep require('connect-flash') and just alias it to our maintained fork.

npm (one-liner):

npm i connect-flash@npm:@codecorn/connect-flash-new@latest

npm (package.json override):

{
  "overrides": {
    "connect-flash": "npm:@codecorn/connect-flash-new@^1"
  }
}

then:

npm install

Note: overrides requires npm ≥ 8.3. If you’re on an older npm, use the one-liner alias above.

Yarn Classic / Berry (resolutions):

{
  "resolutions": {
    "connect-flash": "npm:@codecorn/connect-flash-new@^1"
  }
}

then:

yarn install

pnpm (overrides):

{
  "pnpm": {
    "overrides": {
      "connect-flash": "npm:@codecorn/connect-flash-new@^1"
    }
  }
}

then:

pnpm install

This satisfies sails-flash’s connect-flash dependency but gives you the maintained implementation (@codecorn/connect-flash-new). No app code changes needed.

---

✳️ Optional: direct import (if you control the codebase)

If you can touch the app code, you may import the fork explicitly:

// Before
const flash = require('connect-flash');

// After
const flash = require('@codecorn/connect-flash-new');

But the alias methods above are safer for dependencies like sails-flash.

---

🧰 Troubleshooting tips

• Ensure there’s only one version in the tree:

  npm ls connect-flash || true

• If you still see the old package, remove lockfile + modules and reinstall:

  rm -rf node_modules package-lock.json yarn.lock pnpm-lock.yaml
  npm|yarn|pnpm install

• If issues persist, please share the stack trace and your package manager (npm/yarn/pnpm + versions).

---

🔁 Upstream fix (PR suggestion for sails-flash)

We can propose a small PR so users won’t need overrides:

-  "dependencies": {
-    "connect-flash": "^0.x"
-  }
+  "dependencies": {
+    "connect-flash": "npm:@codecorn/connect-flash-new@^1"
+  }

Suggested PR title:
“Use maintained drop-in fork for connect-flash”

Body:
“This switches connect-flash to the actively maintained drop-in fork @codecorn/connect-flash-new, keeping the same API while ensuring ongoing maintenance, ESM/CJS/TS types support, and security updates.”

---

Want me to post this comment and open the PR draft for sails-flash?

[DominusKelvin]

Hmm thanks @fgirolami29 but I think I'd wait for when connect-flash ship the fix. As the deprecation is the only blocker for me right now :)

[YasharF]

I am just moving off of the dependency with just 20 extra lines of code in my application. Something like the following may work for you guys as well:

const { format } = require('util');

const flash = (req, res, next) => {
  if (req.flash) return next();
  req.flash = (type, msg, ...rest) => {
    if (!req.session) throw new Error('req.flash() requires sessions');
    const f = (req.session.flash ||= {});
    if (!type) return (req.session.flash = {}, f);
    if (!msg) return f[type] || [], delete f[type];
    const arr = (f[type] ||= []);
    if (rest.length) arr.push(format(msg, ...rest));
    else if (Array.isArray(msg)) return (arr.push(...msg), arr.length);
    else arr.push(msg);
    return arr;
  };
  res.render = ((r) => function (...a) {
    res.locals.messages = req.flash();
    return r.apply(this, a);
  })(res.render);
  next();
};

app.use(flash);  // must be after adding session