From f48ee1cc1ef5ed4ae3ef3c098a39d8807ea60008 Mon Sep 17 00:00:00 2001
From: vedant <vedanthande2244@gmail.com>
Date: Sat, 13 Sep 2025 20:27:08 +0530
Subject: [PATCH 1/4] Fix: Add type validation for sendStatus to prevent BigInt
 serialization error (#6756)

- Add type checking in sendStatus() method to throw TypeError for non-number inputs
- Prevents uncaught 'Do not know how to serialize a BigInt' error
- Add test coverage for BigInt status code input
- Maintains backward compatibility with existing error patterns

Fixes #6756
---
 lib/response.js        |  3 +++
 test/res.sendStatus.js | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/lib/response.js b/lib/response.js
index 7a2f0ecce56..873cd7af178 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -326,6 +326,9 @@ res.jsonp = function jsonp(obj) {
  */
 
 res.sendStatus = function sendStatus(statusCode) {
+  if (typeof statusCode !== 'number') {
+    throw new TypeError('Invalid status code: ' + statusCode);
+  }
   var body = statuses.message[statusCode] || String(statusCode)
 
   this.status(statusCode);
diff --git a/test/res.sendStatus.js b/test/res.sendStatus.js
index b244cf9d173..10ee0c77c80 100644
--- a/test/res.sendStatus.js
+++ b/test/res.sendStatus.js
@@ -40,5 +40,17 @@ describe('res', function () {
         .get('/')
         .expect(500, /TypeError: Invalid status code/, done)
     })
+
+    it('should raise error for BigInt status code', function (done) {
+      var app = express()
+
+      app.use(function (req, res) {
+        res.sendStatus(200n)
+      })
+
+      request(app)
+        .get('/')
+        .expect(500, /TypeError.*Invalid status code/, done)
+    })
   })
 })

From 5338f2c9b003bd8f18001ae68eac1758410a6df3 Mon Sep 17 00:00:00 2001
From: vedant <vedanthande2244@gmail.com>
Date: Sat, 13 Dec 2025 15:53:23 +0530
Subject: [PATCH 2/4] fix: prevent BigInt crash and centralize validation in
 res.status

---
 lib/response.js        |  7 ++++---
 test/res.sendStatus.js | 12 ------------
 test/res.status.js     | 12 ++++++++++++
 3 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index 873cd7af178..a98806fbaee 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -62,6 +62,10 @@ module.exports = res
  */
 
 res.status = function status(code) {
+  // Prevent BigInt serialization error
+  if (typeof code !== 'number') {
+    throw new TypeError(`Invalid status code: ${code} (${typeof code}). Status code must be a number.`);
+  }
   // Check if the status code is not an integer
   if (!Number.isInteger(code)) {
     throw new TypeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be an integer.`);
@@ -326,9 +330,6 @@ res.jsonp = function jsonp(obj) {
  */
 
 res.sendStatus = function sendStatus(statusCode) {
-  if (typeof statusCode !== 'number') {
-    throw new TypeError('Invalid status code: ' + statusCode);
-  }
   var body = statuses.message[statusCode] || String(statusCode)
 
   this.status(statusCode);
diff --git a/test/res.sendStatus.js b/test/res.sendStatus.js
index 10ee0c77c80..b244cf9d173 100644
--- a/test/res.sendStatus.js
+++ b/test/res.sendStatus.js
@@ -40,17 +40,5 @@ describe('res', function () {
         .get('/')
         .expect(500, /TypeError: Invalid status code/, done)
     })
-
-    it('should raise error for BigInt status code', function (done) {
-      var app = express()
-
-      app.use(function (req, res) {
-        res.sendStatus(200n)
-      })
-
-      request(app)
-        .get('/')
-        .expect(500, /TypeError.*Invalid status code/, done)
-    })
   })
 })
diff --git a/test/res.status.js b/test/res.status.js
index 59c8a57e702..181f2df976a 100644
--- a/test/res.status.js
+++ b/test/res.status.js
@@ -200,6 +200,18 @@ describe('res', function () {
           .get('/')
           .expect(500, /Invalid status code/, done);
       });
+
+      it('should raise error for BigInt status code', function (done) {
+        var app = express()
+
+        app.use(function (req, res) {
+          res.status(200n).end()
+        })
+
+        request(app)
+          .get('/')
+          .expect(500, /Invalid status code/, done)
+      })
     });
   });
 });

From 49b30f27c7cd5a386ccce1cc1bf50251699196dc Mon Sep 17 00:00:00 2001
From: Sebastian Beltran <bjohansebas@gmail.com>
Date: Sat, 31 Jan 2026 20:17:51 -0500
Subject: [PATCH 3/4] Update lib/response.js

---
 lib/response.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/response.js b/lib/response.js
index a98806fbaee..94710964213 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -68,7 +68,7 @@ res.status = function status(code) {
   }
   // Check if the status code is not an integer
   if (!Number.isInteger(code)) {
-    throw new TypeError(`Invalid status code: ${JSON.stringify(code)}. Status code must be an integer.`);
+    throw new TypeError(`Invalid status code: ${typeof code === "bigint" ? code : JSON.stringify(code)}. Status code must be an integer.`);
   }
   // Check if the status code is outside of Node's valid range
   if (code < 100 || code > 999) {

From d39a87b246a3944c9ce364ffbdddaba26bc3b937 Mon Sep 17 00:00:00 2001
From: Sebastian Beltran <bjohansebas@gmail.com>
Date: Sat, 31 Jan 2026 20:18:28 -0500
Subject: [PATCH 4/4] Apply suggestion from @bjohansebas

---
 lib/response.js | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/lib/response.js b/lib/response.js
index 94710964213..ca2437fb8c4 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -62,10 +62,6 @@ module.exports = res
  */
 
 res.status = function status(code) {
-  // Prevent BigInt serialization error
-  if (typeof code !== 'number') {
-    throw new TypeError(`Invalid status code: ${code} (${typeof code}). Status code must be a number.`);
-  }
   // Check if the status code is not an integer
   if (!Number.isInteger(code)) {
     throw new TypeError(`Invalid status code: ${typeof code === "bigint" ? code : JSON.stringify(code)}. Status code must be an integer.`);