🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

body-parser

Package Overview
Dependencies
Maintainers
1
Versions
78
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

body-parser - npm Package Compare versions

Comparing version

1.19.2
to
1.20.0

SECURITY.md

18

HISTORY.md

@@ -0,1 +1,19 @@

1.20.0 / 2022-04-02
===================
* Fix error message for json parse whitespace in `strict`
* Fix internal error when inflated body exceeds limit
* Prevent loss of async hooks context
* Prevent hanging when request already read
* deps: depd@2.0.0
- Replace internal `eval` usage with `Function` constructor
- Use instance methods on `process` to check for listeners
* deps: http-errors@2.0.0
- deps: depd@2.0.0
- deps: statuses@2.0.1
* deps: on-finished@2.4.1
* deps: qs@6.10.3
* deps: raw-body@2.5.1
- deps: http-errors@2.0.0
1.19.2 / 2022-02-15

@@ -2,0 +20,0 @@ ===================

28

lib/read.js

@@ -15,5 +15,7 @@ /*!

var createError = require('http-errors')
var destroy = require('destroy')
var getBody = require('raw-body')
var iconv = require('iconv-lite')
var onFinished = require('on-finished')
var unpipe = require('unpipe')
var zlib = require('zlib')

@@ -93,5 +95,10 @@

// unpipe from stream and destroy
if (stream !== req) {
unpipe(req)
destroy(stream, true)
}
// read off entire request
stream.resume()
onFinished(req, function onfinished () {
dump(req, function onfinished () {
next(createError(400, _error))

@@ -184,1 +191,18 @@ })

}
/**
* Dump the contents of a request.
*
* @param {object} req
* @param {function} callback
* @api private
*/
function dump (req, callback) {
if (onFinished.isFinished(req)) {
callback(null)
} else {
onFinished(req, callback)
req.resume()
}
}

14

lib/types/json.js

@@ -40,3 +40,3 @@ /*!

var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*(.)/ // eslint-disable-line no-control-regex
var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex

@@ -126,3 +126,3 @@ /**

var charset = getCharset(req) || 'utf-8'
if (charset.substr(0, 4) !== 'utf-') {
if (charset.slice(0, 4) !== 'utf-') {
debug('invalid charset')

@@ -157,3 +157,5 @@ next(createError(415, 'unsupported charset "' + charset.toUpperCase() + '"', {

var index = str.indexOf(char)
var partial = str.substring(0, index) + '#'
var partial = index !== -1
? str.substring(0, index) + '#'
: ''

@@ -179,3 +181,7 @@ try {

function firstchar (str) {
return FIRST_CHAR_REGEXP.exec(str)[1]
var match = FIRST_CHAR_REGEXP.exec(str)
return match
? match[1]
: undefined
}

@@ -182,0 +188,0 @@

22

package.json
{
"name": "body-parser",
"description": "Node.js body parsing middleware",
"version": "1.19.2",
"version": "1.20.0",
"contributors": [

@@ -15,9 +15,11 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>",

"debug": "2.6.9",
"depd": "~1.1.2",
"http-errors": "1.8.1",
"depd": "2.0.0",
"destroy": "1.2.0",
"http-errors": "2.0.0",
"iconv-lite": "0.4.24",
"on-finished": "~2.3.0",
"qs": "6.9.7",
"raw-body": "2.4.3",
"type-is": "~1.6.18"
"on-finished": "2.4.1",
"qs": "6.10.3",
"raw-body": "2.5.1",
"type-is": "~1.6.18",
"unpipe": "1.0.0"
},

@@ -33,3 +35,3 @@ "devDependencies": {

"methods": "1.1.2",
"mocha": "9.2.0",
"mocha": "9.2.2",
"nyc": "15.1.0",

@@ -43,6 +45,8 @@ "safe-buffer": "5.2.1",

"HISTORY.md",
"SECURITY.md",
"index.js"
],
"engines": {
"node": ">= 0.8"
"node": ">= 0.8",
"npm": "1.2.8000 || >= 1.4.16"
},

@@ -49,0 +53,0 @@ "scripts": {

10

README.md

@@ -345,2 +345,10 @@ # body-parser

### stream is not readable
This error will occur when the request is no longer readable when this middleware
attempts to read it. This typically means something other than a middleware from
this module read the reqest body already and the middleware was also configured to
read the same request. The `status` property is set to `500` and the `type`
property is set to `'stream.not.readable'`.
### too many parameters

@@ -457,2 +465,2 @@

[github-actions-ci-image]: https://img.shields.io/github/workflow/status/expressjs/body-parser/ci/master?label=ci
[github-actions-ci-url]: https://github.com/expressjs/body-parser?query=workflow%3Aci
[github-actions-ci-url]: https://github.com/expressjs/body-parser/actions/workflows/ci.yml