🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

body-parser

Package Overview
Dependencies
Maintainers
4
Versions
83
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

body-parser - npm Package Compare versions

Comparing version
2.2.2
 to
2.3.0
+4
-20
index.js

@@ -27,7 +27,3 @@ /*!

*/
Object.defineProperty(exports, 'json', {
configurable: true,
enumerable: true,
get: () => require('./lib/types/json')
})
exports.json = require('./lib/types/json')

@@ -38,7 +34,3 @@ /**

*/
Object.defineProperty(exports, 'raw', {
configurable: true,
enumerable: true,
get: () => require('./lib/types/raw')
})
exports.raw = require('./lib/types/raw')

@@ -49,7 +41,3 @@ /**

*/
Object.defineProperty(exports, 'text', {
configurable: true,
enumerable: true,
get: () => require('./lib/types/text')
})
exports.text = require('./lib/types/text')

@@ -60,7 +48,3 @@ /**

*/
Object.defineProperty(exports, 'urlencoded', {
configurable: true,
enumerable: true,
get: () => require('./lib/types/urlencoded')
})
exports.urlencoded = require('./lib/types/urlencoded')

@@ -67,0 +51,0 @@ /**

+17
-17
lib/read.js

@@ -14,9 +14,9 @@ /*!

var createError = require('http-errors')
var getBody = require('raw-body')
var iconv = require('iconv-lite')
var onFinished = require('on-finished')
var zlib = require('node:zlib')
var hasBody = require('type-is').hasBody
var { getCharset } = require('./utils')
const createError = require('http-errors')
const getBody = require('raw-body')
const iconv = require('iconv-lite')
const onFinished = require('on-finished')
const zlib = require('node:zlib')
const hasBody = require('type-is').hasBody
const { getCharset } = require('./utils')

@@ -67,3 +67,3 @@ /**

var encoding = null
let encoding = null
if (options?.skipCharset !== true) {

@@ -83,8 +83,8 @@ encoding = getCharset(req) || options.defaultCharset

var length
var opts = options
var stream
let length
const opts = options
let stream
// read options
var verify = opts.verify
const verify = opts.verify

@@ -118,3 +118,3 @@ try {

if (error) {
var _error
let _error

@@ -160,3 +160,3 @@ if (error.type === 'encoding.unsupported') {

// parse
var str = body
let str = body
try {

@@ -190,4 +190,4 @@ debug('parse body')

function contentstream (req, debug, inflate) {
var encoding = (req.headers['content-encoding'] || 'identity').toLowerCase()
var length = req.headers['content-length']
const encoding = (req.headers['content-encoding'] || 'identity').toLowerCase()
const length = req.headers['content-length']

@@ -208,3 +208,3 @@ debug('content-encoding "%s"', encoding)

var stream = createDecompressionStream(encoding, debug)
const stream = createDecompressionStream(encoding, debug)
req.pipe(stream)

@@ -211,0 +211,0 @@ return stream

+60
-32
lib/types/json.js

@@ -15,5 +15,5 @@ /*!

var debug = require('debug')('body-parser:json')
var read = require('../read')
var { normalizeOptions } = require('../utils')
const debug = require('debug')('body-parser:json')
const read = require('../read')
const { normalizeOptions } = require('../utils')

@@ -37,6 +37,6 @@ /**

*/
var FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
const FIRST_CHAR_REGEXP = /^[\x20\x09\x0a\x0d]*([^\x20\x09\x0a\x0d])/ // eslint-disable-line no-control-regex
var JSON_SYNTAX_CHAR = '#'
var JSON_SYNTAX_REGEXP = /#+/g
const JSON_SYNTAX_CHAR = '#'
const JSON_SYNTAX_REGEXP = /#+/g

@@ -53,15 +53,35 @@ /**

var reviver = options?.reviver
var strict = options?.strict !== false
const parse = createJsonParser(options)
function parse (body) {
if (body.length === 0) {
// special-case empty json body, as it's a common client-side mistake
// TODO: maybe make this configurable or part of "strict" option
return {}
}
const readOptions = {
...normalizedOptions,
// assert charset per RFC 7159 sec 8.1
isValidCharset: (charset) => charset.slice(0, 4) === 'utf-'
}
if (strict) {
var first = firstchar(body)
return function jsonParser (req, res, next) {
read(req, res, next, parse, debug, readOptions)
}
}
/**
* Create a JSON parse function
*
* @param {object} [options]
* @return {function}
* @private
*/
function createJsonParser (options) {
const reviver = options?.reviver
const strict = options?.strict !== false
if (strict) {
return function parse (body) {
if (body.length === 0) {
// special-case empty json body, as it's a common client-side mistake
// TODO: maybe make this configurable or part of "strict" option
return {}
}
const first = firstchar(body)
if (first !== '{' && first !== '[') {

@@ -71,4 +91,22 @@ debug('strict violation')

}
try {
debug('parse json')
return JSON.parse(body, reviver)
} catch (e) {
throw normalizeJsonSyntaxError(e, {
message: e.message,
stack: e.stack
})
}
}
}
return function parse (body) {
if (body.length === 0) {
// special-case empty json body, as it's a common client-side mistake
// TODO: maybe make this configurable or part of "strict" option
return {}
}
try {

@@ -84,12 +122,2 @@ debug('parse json')

}
const readOptions = {
...normalizedOptions,
// assert charset per RFC 7159 sec 8.1
isValidCharset: (charset) => charset.slice(0, 4) === 'utf-'
}
return function jsonParser (req, res, next) {
read(req, res, next, parse, debug, readOptions)
}
}

@@ -106,4 +134,4 @@

function createStrictSyntaxError (str, char) {
var index = str.indexOf(char)
var partial = ''
const index = str.indexOf(char)
let partial = ''

@@ -134,3 +162,3 @@ if (index !== -1) {

function firstchar (str) {
var match = FIRST_CHAR_REGEXP.exec(str)
const match = FIRST_CHAR_REGEXP.exec(str)

@@ -151,6 +179,6 @@ return match

function normalizeJsonSyntaxError (error, obj) {
var keys = Object.getOwnPropertyNames(error)
const keys = Object.getOwnPropertyNames(error)
for (var i = 0; i < keys.length; i++) {
var key = keys[i]
for (let i = 0; i < keys.length; i++) {
const key = keys[i]
if (key !== 'stack' && key !== 'message') {

@@ -157,0 +185,0 @@ delete error[key]

+3
-3
lib/types/raw.js

@@ -13,5 +13,5 @@ /*!

var debug = require('debug')('body-parser:raw')
var read = require('../read')
var { normalizeOptions, passthrough } = require('../utils')
const debug = require('debug')('body-parser:raw')
const read = require('../read')
const { normalizeOptions, passthrough } = require('../utils')

@@ -18,0 +18,0 @@ /**

+3
-3
lib/types/text.js

@@ -13,5 +13,5 @@ /*!

var debug = require('debug')('body-parser:text')
var read = require('../read')
var { normalizeOptions, passthrough } = require('../utils')
const debug = require('debug')('body-parser:text')
const read = require('../read')
const { normalizeOptions, passthrough } = require('../utils')

@@ -18,0 +18,0 @@ /**

+16
-20
lib/types/urlencoded.js

@@ -15,7 +15,7 @@ /*!

var createError = require('http-errors')
var debug = require('debug')('body-parser:urlencoded')
var read = require('../read')
var qs = require('qs')
var { normalizeOptions } = require('../utils')
const createError = require('http-errors')
const debug = require('debug')('body-parser:urlencoded')
const read = require('../read')
const qs = require('qs')
const { normalizeOptions } = require('../utils')

@@ -43,10 +43,4 @@ /**

// create the appropriate query parser
var queryparse = createQueryParser(options)
const parse = createQueryParser(options)
function parse (body, encoding) {
return body.length
? queryparse(body, encoding)
: {}
}
const readOptions = {

@@ -71,9 +65,9 @@ ...normalizedOptions,

function createQueryParser (options) {
var extended = Boolean(options?.extended)
var parameterLimit = options?.parameterLimit !== undefined
const extended = Boolean(options?.extended)
let parameterLimit = options?.parameterLimit !== undefined
? options?.parameterLimit
: 1000
var charsetSentinel = options?.charsetSentinel
var interpretNumericEntities = options?.interpretNumericEntities
var depth = extended ? (options?.depth !== undefined ? options?.depth : 32) : 0
const charsetSentinel = options?.charsetSentinel
const interpretNumericEntities = options?.interpretNumericEntities
const depth = extended ? (options?.depth !== undefined ? options?.depth : 32) : 0

@@ -92,5 +86,7 @@ if (isNaN(parameterLimit) || parameterLimit < 1) {

return function queryparse (body, encoding) {
var paramCount = parameterCount(body, parameterLimit)
return function parse (body, encoding) {
if (!body.length) return {}
const paramCount = parameterCount(body, parameterLimit)
if (paramCount === undefined) {

@@ -103,3 +99,3 @@ debug('too many parameters')

var arrayLimit = extended ? Math.max(100, paramCount) : paramCount
const arrayLimit = extended ? Math.max(100, paramCount) : paramCount

@@ -106,0 +102,0 @@ debug('parse ' + (extended ? 'extended ' : '') + 'urlencoding')

+18
-16
lib/utils.js

@@ -7,5 +7,5 @@ 'use strict'

var bytes = require('bytes')
var contentType = require('content-type')
var typeis = require('type-is')
const bytes = require('bytes')
const contentType = require('content-type')
const typeis = require('type-is')

@@ -29,7 +29,5 @@ /**

function getCharset (req) {
try {
return (contentType.parse(req).parameters.charset || '').toLowerCase()
} catch {
return undefined
}
const header = req.headers['content-type']
if (!header) return undefined
return contentType.parse(header).parameters.charset?.toLowerCase()
}

@@ -64,10 +62,14 @@

var inflate = options?.inflate !== false
var limit = typeof options?.limit !== 'number'
? bytes.parse(options?.limit || '100kb')
: options?.limit
var type = options?.type || defaultType
var verify = options?.verify || false
var defaultCharset = options?.defaultCharset || 'utf-8'
const inflate = options?.inflate !== false
const limit = typeof options?.limit === 'undefined' || options?.limit === null
? 102400 // 100kb default
: bytes.parse(options.limit)
const type = options?.type || defaultType
const verify = options?.verify || false
const defaultCharset = options?.defaultCharset || 'utf-8'
if (limit === null) {
throw new TypeError(`option limit "${String(options.limit)}" is invalid`)
}
if (verify !== false && typeof verify !== 'function') {

@@ -78,3 +80,3 @@ throw new TypeError('option verify must be function')

// create the appropriate type checking function
var shouldParse = typeof type !== 'function'
const shouldParse = typeof type !== 'function'
? typeChecker(type)

@@ -81,0 +83,0 @@ : type

+23
-10
package.json
{
"name": "body-parser",
"description": "Node.js body parsing middleware",
"version": "2.2.2",
"version": "2.3.0",
"contributors": [

@@ -15,12 +15,25 @@ "Douglas Christopher Wilson <doug@somethingdoug.com>",

},
"type": "commonjs",
"exports": {
".": "./index.js",
"./package.json": "./package.json",
"./json": "./lib/types/json.js",
"./raw": "./lib/types/raw.js",
"./text": "./lib/types/text.js",
"./urlencoded": "./lib/types/urlencoded.js",
"./lib/*": "./lib/*.js",
"./lib/*.js": "./lib/*.js",
"./lib/types/*": "./lib/types/*.js",
"./lib/types/*.js": "./lib/types/*.js"
},
"dependencies": {
"bytes": "^3.1.2",
"content-type": "^1.0.5",
"content-type": "^2.0.0",
"debug": "^4.4.3",
"http-errors": "^2.0.0",
"iconv-lite": "^0.7.0",
"http-errors": "^2.0.1",
"iconv-lite": "^0.7.2",
"on-finished": "^2.4.1",
"qs": "^6.14.1",
"raw-body": "^3.0.1",
"type-is": "^2.0.1"
"qs": "^6.15.2",
"raw-body": "^3.0.2",
"type-is": "^2.1.0"
},

@@ -30,3 +43,3 @@ "devDependencies": {

"eslint-config-standard": "^14.1.1",
"eslint-plugin-import": "^2.31.0",
"eslint-plugin-import": "^2.32.0",
"eslint-plugin-markdown": "^3.0.1",

@@ -36,5 +49,5 @@ "eslint-plugin-node": "^11.1.0",

"eslint-plugin-standard": "^4.1.0",
"mocha": "^11.1.0",
"mocha": "^11.7.6",
"nyc": "^17.1.0",
"supertest": "^7.0.0"
"supertest": "^7.2.2"
},

@@ -41,0 +54,0 @@ "files": [

+16
-1
README.md

@@ -54,3 +54,10 @@ # body-parser

```js
// Import all parsers
const bodyParser = require('body-parser')
// Or import individual parsers directly
const json = require('body-parser/json')
const urlencoded = require('body-parser/urlencoded')
const raw = require('body-parser/raw')
const text = require('body-parser/text')
```

@@ -97,2 +104,4 @@

> It’s recommended not to configure a very high limit and to use the default value whenever possible. Allowing larger payloads increases memory usage because of the resources required for decoding and transformations, and it can also lead to longer response times as more data is processed. By ‘very high’, we mean values above the default, for example payloads of 5 MB or more can already start to introduce these risks. With the default limits, these issues do not occur.
##### reviver

@@ -102,3 +111,3 @@

argument. You can find more information on this argument
[in the MDN documentation about JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse#Example.3A_Using_the_reviver_parameter).
[in the MDN documentation about JSON.parse](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse#the_reviver_parameter).

@@ -155,2 +164,4 @@ ##### strict

> It’s recommended not to configure a very high limit and to use the default value whenever possible. Allowing larger payloads increases memory usage because of the resources required for decoding and transformations, and it can also lead to longer response times as more data is processed. By ‘very high’, we mean values above the default, for example payloads of 5 MB or more can already start to introduce these risks. With the default limits, these issues do not occur.
##### type

@@ -207,2 +218,4 @@

> It’s recommended not to configure a very high limit and to use the default value whenever possible. Allowing larger payloads increases memory usage because of the resources required for decoding and transformations, and it can also lead to longer response times as more data is processed. By ‘very high’, we mean values above the default, for example payloads of 5 MB or more can already start to introduce these risks. With the default limits, these issues do not occur.
##### type

@@ -263,2 +276,4 @@

> It’s recommended not to configure a very high limit and to use the default value whenever possible. Allowing larger payloads increases memory usage because of the resources required for decoding and transformations, and it can also lead to longer response times as more data is processed. By ‘very high’, we mean values above the default, for example payloads of 5 MB or more can already start to introduce these risks. With the default limits, these issues do not occur.
##### parameterLimit

@@ -265,0 +280,0 @@