🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

body-parser

Package Overview
Dependencies
Maintainers
3
Versions
83
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

body-parser - npm Package Compare versions

Comparing version
2.1.0
 to
2.2.0
+83
lib/utils.js
'use strict'
/**
* Module dependencies.
*/
var bytes = require('bytes')
var contentType = require('content-type')
var typeis = require('type-is')
/**
* Module exports.
*/
module.exports = {
getCharset,
normalizeOptions
}
/**
* Get the charset of a request.
*
* @param {object} req
* @api private
*/
function getCharset (req) {
try {
return (contentType.parse(req).parameters.charset || '').toLowerCase()
} catch {
return undefined
}
}
/**
* Get the simple type checker.
*
* @param {string | string[]} type
* @return {function}
*/
function typeChecker (type) {
return function checkType (req) {
return Boolean(typeis(req, type))
}
}
/**
* Normalizes the common options for all parsers.
*
* @param {object} options options to normalize
* @param {string | string[] | function} defaultType default content type(s) or a function to determine it
* @returns {object}
*/
function normalizeOptions (options, defaultType) {
if (!defaultType) {
// Parsers must define a default content type
throw new TypeError('defaultType must be provided')
}
var inflate = options?.inflate !== false
var limit = typeof options?.limit !== 'number'
? bytes.parse(options?.limit || '100kb')
: options?.limit
var type = options?.type || defaultType
var verify = options?.verify || false
if (verify !== false && typeof verify !== 'function') {
throw new TypeError('option verify must be function')
}
// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
? typeChecker(type)
: type
return {
inflate,
limit,
verify,
shouldParse
}
}
+7
-0
HISTORY.md

@@ -0,1 +1,8 @@

2.2.0 / 2025-03-27
=========================
* refactor: normalize common options for all parsers
* deps:
* iconv-lite@^0.6.3
2.1.0 / 2025-02-10

@@ -2,0 +9,0 @@ =========================

+7
-51
lib/types/json.js

@@ -15,4 +15,2 @@ /*!

var bytes = require('bytes')
var contentType = require('content-type')
var createError = require('http-errors')

@@ -23,2 +21,3 @@ var debug = require('debug')('body-parser:json')

var typeis = require('type-is')
var { getCharset, normalizeOptions } = require('../utils')

@@ -57,22 +56,7 @@ /**

function json (options) {
var opts = options || {}
var { inflate, limit, verify, shouldParse } = normalizeOptions(options, 'application/json')
var limit = typeof opts.limit !== 'number'
? bytes.parse(opts.limit || '100kb')
: opts.limit
var inflate = opts.inflate !== false
var reviver = opts.reviver
var strict = opts.strict !== false
var type = opts.type || 'application/json'
var verify = opts.verify || false
var reviver = options?.reviver
var strict = options?.strict !== false
if (verify !== false && typeof verify !== 'function') {
throw new TypeError('option verify must be function')
}
// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
? typeChecker(type)
: type
function parse (body) {

@@ -146,5 +130,5 @@ if (body.length === 0) {

encoding: charset,
inflate: inflate,
limit: limit,
verify: verify
inflate,
limit,
verify
})

@@ -204,17 +188,2 @@ }

/**
* Get the charset of a request.
*
* @param {object} req
* @api private
*/
function getCharset (req) {
try {
return (contentType.parse(req).parameters.charset || '').toLowerCase()
} catch (e) {
return undefined
}
}
/**
* Normalize a SyntaxError for JSON.parse.

@@ -243,14 +212,1 @@ *

}
/**
* Get the simple type checker.
*
* @param {string} type
* @return {function}
*/
function typeChecker (type) {
return function checkType (req) {
return Boolean(typeis(req, type))
}
}
+5
-34
lib/types/raw.js

@@ -13,3 +13,2 @@ /*!

var bytes = require('bytes')
var debug = require('debug')('body-parser:raw')

@@ -19,2 +18,3 @@ var isFinished = require('on-finished').isFinished

var typeis = require('type-is')
var { normalizeOptions } = require('../utils')

@@ -36,20 +36,4 @@ /**

function raw (options) {
var opts = options || {}
var { inflate, limit, verify, shouldParse } = normalizeOptions(options, 'application/octet-stream')
var inflate = opts.inflate !== false
var limit = typeof opts.limit !== 'number'
? bytes.parse(opts.limit || '100kb')
: opts.limit
var type = opts.type || 'application/octet-stream'
var verify = opts.verify || false
if (verify !== false && typeof verify !== 'function') {
throw new TypeError('option verify must be function')
}
// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
? typeChecker(type)
: type
function parse (buf) {

@@ -89,20 +73,7 @@ return buf

encoding: null,
inflate: inflate,
limit: limit,
verify: verify
inflate,
limit,
verify
})
}
}
/**
* Get the simple type checker.
*
* @param {string} type
* @return {function}
*/
function typeChecker (type) {
return function checkType (req) {
return Boolean(typeis(req, type))
}
}
+6
-50
lib/types/text.js

@@ -13,4 +13,2 @@ /*!

var bytes = require('bytes')
var contentType = require('content-type')
var debug = require('debug')('body-parser:text')

@@ -20,2 +18,3 @@ var isFinished = require('on-finished').isFinished

var typeis = require('type-is')
var { getCharset, normalizeOptions } = require('../utils')

@@ -37,21 +36,6 @@ /**

function text (options) {
var opts = options || {}
var { inflate, limit, verify, shouldParse } = normalizeOptions(options, 'text/plain')
var defaultCharset = opts.defaultCharset || 'utf-8'
var inflate = opts.inflate !== false
var limit = typeof opts.limit !== 'number'
? bytes.parse(opts.limit || '100kb')
: opts.limit
var type = opts.type || 'text/plain'
var verify = opts.verify || false
var defaultCharset = options?.defaultCharset || 'utf-8'
if (verify !== false && typeof verify !== 'function') {
throw new TypeError('option verify must be function')
}
// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
? typeChecker(type)
: type
function parse (buf) {

@@ -94,35 +78,7 @@ return buf

encoding: charset,
inflate: inflate,
limit: limit,
verify: verify
inflate,
limit,
verify
})
}
}
/**
* Get the charset of a request.
*
* @param {object} req
* @api private
*/
function getCharset (req) {
try {
return (contentType.parse(req).parameters.charset || '').toLowerCase()
} catch (e) {
return undefined
}
}
/**
* Get the simple type checker.
*
* @param {string} type
* @return {function}
*/
function typeChecker (type) {
return function checkType (req) {
return Boolean(typeis(req, type))
}
}
+16
-76
lib/types/urlencoded.js

@@ -15,4 +15,2 @@ /*!

var bytes = require('bytes')
var contentType = require('content-type')
var createError = require('http-errors')

@@ -24,2 +22,3 @@ var debug = require('debug')('body-parser:urlencoded')

var qs = require('qs')
var { getCharset, normalizeOptions } = require('../utils')

@@ -41,19 +40,5 @@ /**

function urlencoded (options) {
var opts = options || {}
var { inflate, limit, verify, shouldParse } = normalizeOptions(options, 'application/x-www-form-urlencoded')
var extended = Boolean(opts.extended)
var inflate = opts.inflate !== false
var limit = typeof opts.limit !== 'number'
? bytes.parse(opts.limit || '100kb')
: opts.limit
var type = opts.type || 'application/x-www-form-urlencoded'
var verify = opts.verify || false
var charsetSentinel = opts.charsetSentinel
var interpretNumericEntities = opts.interpretNumericEntities
if (verify !== false && typeof verify !== 'function') {
throw new TypeError('option verify must be function')
}
var defaultCharset = opts.defaultCharset || 'utf-8'
var defaultCharset = options?.defaultCharset || 'utf-8'
if (defaultCharset !== 'utf-8' && defaultCharset !== 'iso-8859-1') {

@@ -64,9 +49,4 @@ throw new TypeError('option defaultCharset must be either utf-8 or iso-8859-1')

// create the appropriate query parser
var queryparse = createQueryParser(opts, extended)
var queryparse = createQueryParser(options)
// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
? typeChecker(type)
: type
function parse (body, encoding) {

@@ -118,9 +98,6 @@ return body.length

read(req, res, next, parse, debug, {
debug: debug,
encoding: charset,
inflate: inflate,
limit: limit,
verify: verify,
charsetSentinel: charsetSentinel,
interpretNumericEntities: interpretNumericEntities
inflate,
limit,
verify
})

@@ -136,9 +113,10 @@ }

function createQueryParser (options, extended) {
var parameterLimit = options.parameterLimit !== undefined
? options.parameterLimit
function createQueryParser (options) {
var extended = Boolean(options?.extended)
var parameterLimit = options?.parameterLimit !== undefined
? options?.parameterLimit
: 1000
var charsetSentinel = options.charsetSentinel
var interpretNumericEntities = options.interpretNumericEntities
var depth = extended ? (options.depth !== undefined ? options.depth : 32) : 0
var charsetSentinel = options?.charsetSentinel
var interpretNumericEntities = options?.interpretNumericEntities
var depth = extended ? (options?.depth !== undefined ? options?.depth : 32) : 0

@@ -194,17 +172,2 @@ if (isNaN(parameterLimit) || parameterLimit < 1) {

/**
* Get the charset of a request.
*
* @param {object} req
* @api private
*/
function getCharset (req) {
try {
return (contentType.parse(req).parameters.charset || '').toLowerCase()
} catch (e) {
return undefined
}
}
/**
* Count the number of parameters, stopping once limit reached

@@ -218,28 +181,5 @@ *

function parameterCount (body, limit) {
var count = 0
var index = 0
var len = body.split('&').length
while ((index = body.indexOf('&', index)) !== -1) {
count++
index++
if (count === limit) {
return undefined
}
}
return count
return len > limit ? undefined : len - 1
}
/**
* Get the simple type checker.
*
* @param {string} type
* @return {function}
*/
function typeChecker (type) {
return function checkType (req) {
return Boolean(typeis(req, type))
}
}
+7
-8
package.json
{
"name": "body-parser",
"description": "Node.js body parsing middleware",
"version": "2.1.0",
"version": "2.2.0",
"contributors": [

@@ -16,3 +16,3 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>",

"http-errors": "^2.0.0",
"iconv-lite": "^0.5.2",
"iconv-lite": "^0.6.3",
"on-finished": "^2.4.1",

@@ -31,5 +31,5 @@ "qs": "^6.14.0",

"eslint-plugin-standard": "4.1.0",
"mocha": "10.2.0",
"nyc": "15.1.0",
"supertest": "6.3.3"
"mocha": "^11.1.0",
"nyc": "^17.1.0",
"supertest": "^7.0.0"
},

@@ -40,3 +40,2 @@ "files": [

"HISTORY.md",
"SECURITY.md",
"index.js"

@@ -49,6 +48,6 @@ ],

"lint": "eslint .",
"test": "mocha --reporter spec --check-leaks --bail test/",
"test-ci": "nyc --reporter=lcov --reporter=text npm test",
"test": "mocha --reporter spec --check-leaks test/",
"test-ci": "nyc --reporter=lcovonly --reporter=text npm test",
"test-cov": "nyc --reporter=html --reporter=text npm test"
}
}
+12
-12
README.md

@@ -54,3 +54,3 @@ # body-parser

```js
var bodyParser = require('body-parser')
const bodyParser = require('body-parser')
```

@@ -408,6 +408,6 @@

```js
var express = require('express')
var bodyParser = require('body-parser')
const express = require('express')
const bodyParser = require('body-parser')
var app = express()
const app = express()

@@ -434,12 +434,12 @@ // parse application/x-www-form-urlencoded

```js
var express = require('express')
var bodyParser = require('body-parser')
const express = require('express')
const bodyParser = require('body-parser')
var app = express()
const app = express()
// create application/json parser
var jsonParser = bodyParser.json()
const jsonParser = bodyParser.json()
// create application/x-www-form-urlencoded parser
var urlencodedParser = bodyParser.urlencoded()
const urlencodedParser = bodyParser.urlencoded()

@@ -465,6 +465,6 @@ // POST /login gets urlencoded bodies

```js
var express = require('express')
var bodyParser = require('body-parser')
const express = require('express')
const bodyParser = require('body-parser')
var app = express()
const app = express()

@@ -471,0 +471,0 @@ // parse various different custom JSON types as JSON

-25
SECURITY.md
# Security Policies and Procedures
## Reporting a Bug
The Express team and community take all security bugs seriously. Thank you
for improving the security of Express. We appreciate your efforts and
responsible disclosure and will make every effort to acknowledge your
contributions.
Report security bugs by emailing the current owner(s) of `body-parser`. This
information can be found in the npm registry using the command
`npm owner ls body-parser`.
If unsure or unable to get the information from the above, open an issue
in the [project issue tracker](https://github.com/expressjs/body-parser/issues)
asking for the current contact information.
To ensure the timely response to your report, please ensure that the entirety
of the report is contained within the email body and not solely behind a web
link or an attachment.
At least one owner will acknowledge your email within 48 hours, and will send a
more detailed response within 48 hours indicating the next steps in handling
your report. After the initial reply to your report, the owners will
endeavor to keep you informed of the progress towards a fix and full
announcement, and may ask for additional information or guidance.