Express app.locals Property
What you’ll learn
- How to store global template variables with
app.locals. - How
app.localsdiffers from request-scopedres.locals. - How to use shared values in EJS and other view engines.
- How to avoid unsafe or confusing global-local usage patterns.
Overview
app.locals provides application-wide values available to all rendered views, making shared UI data easy to reuse.
Global template data
Useful for values like site name, brand text, or footer metadata.
View engine friendly
Works with EJS, Pug, and other renderers through res.render().
Shared state caution
Updates affect all requests, so avoid storing request-specific data.
Syntax
javascript
app.locals.key = value
app.locals['key'] = value- Assign properties directly on
app.locals. - Values become available in every rendered template.
- Use
res.localsfor request-specific values instead.
1
Basic app.locals setup
javascript
const express = require('express');
const app = express();
app.locals.siteName = 'CodeToFun';
app.locals.year = new Date().getFullYear();
app.get('/', function (req, res) {
res.render('home'); // home.ejs can use siteName and year
});2
app.locals vs res.locals
javascript
app.locals.brand = 'CodeToFun';
app.get('/profile', function (req, res) {
res.locals.username = 'Asha'; // request-only
res.render('profile');
});📋 app.locals vs configuration constants
| Option | Best for | Scope |
|---|---|---|
app.locals | Shared template values | All rendered views |
| Module constants/env | Backend logic and secrets | Server code only |
🧪 Testing checklist
- Set a value in
app.localsand verify it appears in multiple templates. - Set a value in
res.localsand verify it appears only for that request. - Update a global local value and verify subsequent renders reflect the change.
- Ensure sensitive backend values are not exposed in views.
Pitfalls to avoid
Using for request data
Cross-request leakage risk
Keep per-request user data in res.locals, not app.locals.
Storing secrets
Accidental exposure
Never expose private keys or credentials via template locals.
Uncontrolled mutations
Inconsistent UI output
Treat global locals as shared state and update them intentionally.
❓ FAQ
app.locals is an object for storing application-wide local variables that are available in all rendered views.
app.locals is global for the app lifecycle, while res.locals is request-specific and only available for a single response cycle.
Yes. You can change values at runtime, but changes affect all subsequent requests and rendered views.
No. Avoid placing secrets or private tokens in view-accessible locals.
Use it for shared UI metadata such as site name, footer text, or global helper values needed in templates.
Summary
- Purpose:
app.localsstores app-wide values for rendered templates. - Scope: values persist across requests, unlike
res.locals. - Practice: use for shared UI metadata, not per-user or sensitive data.
Did you know?
app.locals stores values available to all rendered views for the lifetime of the app process.
4 people found this page helpful
