From d3f75149ffaedd24791a4f6afe038da6ccff3499 Mon Sep 17 00:00:00 2001
From: Dhairya3391 <dhairyaadroja3391@gmail.com>
Date: Sun, 12 Oct 2025 10:09:16 +0530
Subject: [PATCH 1/2] fix(sendStatus): prevent BigInt status codes

---
 lib/response.js        |  5 +++++
 test/res.sendStatus.js | 13 +++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/lib/response.js b/lib/response.js
index 7a2f0ecce56..e28928df695 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -326,6 +326,11 @@ res.jsonp = function jsonp(obj) {
  */
 
 res.sendStatus = function sendStatus(statusCode) {
+  // Prevent BigInt status codes from causing obscure errors
+  if (typeof statusCode === 'bigint') {
+    throw new TypeError('Status code must be an integer');
+  }
+
   var body = statuses.message[statusCode] || String(statusCode)
 
   this.status(statusCode);
diff --git a/test/res.sendStatus.js b/test/res.sendStatus.js
index b244cf9d173..7010fb6b2f2 100644
--- a/test/res.sendStatus.js
+++ b/test/res.sendStatus.js
@@ -40,5 +40,18 @@ describe('res', function () {
         .get('/')
         .expect(500, /TypeError: Invalid status code/, done)
     })
+
+    it('should raise error for BigInt(200) status code', function (done) {
+      var app = express();
+
+      app.use(function (req, res) {
+        res.sendStatus(BigInt(200));
+      });
+
+      request(app)
+        .get('/')
+        .expect(500)
+        .expect(/Status code must be an integer/, done);
+    });
   })
 })

From d715914dce914024330dadc16a98602dd9ee2c7c Mon Sep 17 00:00:00 2001
From: Dhairya3391 <dhairyaadroja3391@gmail.com>
Date: Fri, 17 Oct 2025 00:42:25 +0530
Subject: [PATCH 2/2] fix(sendStatus): prevent invalid numeric status codes

Ensure status codes in sendStatus() are valid integers between 100-999, addressing PR feedback about oversized numeric values passing validation.
---
 lib/response.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/response.js b/lib/response.js
index e28928df695..e8e6e01c0ff 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -328,7 +328,14 @@ res.jsonp = function jsonp(obj) {
 res.sendStatus = function sendStatus(statusCode) {
   // Prevent BigInt status codes from causing obscure errors
   if (typeof statusCode === 'bigint') {
-    throw new TypeError('Status code must be an integer');
+    throw new TypeError('Status code must be an integer number');
+  }
+  if (typeof statusCode !== 'number' || !Number.isInteger(statusCode) || statusCode < 100 || statusCode > 999) {
+    if (!Number.isInteger(statusCode)) {
+      throw new TypeError(`Invalid status code: ${JSON.stringify(statusCode)}. Status code must be an integer.`);
+    } else {
+      throw new RangeError(`Invalid status code: ${JSON.stringify(statusCode)}. Must be between 100 and 999.`);
+    }
   }
 
   var body = statuses.message[statusCode] || String(statusCode)