Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
The busboy npm package is a Node.js module for parsing incoming HTML form data, particularly file uploads. It is a stream-based parser that can handle multipart/form-data, which is primarily used for uploading files via HTTP.
File Upload Parsing
This code sample demonstrates how to use busboy to parse file uploads from an HTML form. When a file is received, it logs the file details and the amount of data received.
const Busboy = require('busboy');
const http = require('http');
http.createServer((req, res) => {
if (req.method === 'POST') {
const busboy = new Busboy({ headers: req.headers });
busboy.on('file', (fieldname, file, filename, encoding, mimetype) => {
console.log(`File [${fieldname}]: filename: ${filename}, encoding: ${encoding}, mimetype: ${mimetype}`);
file.on('data', (data) => {
console.log(`File [${fieldname}] got ${data.length} bytes`);
}).on('end', () => {
console.log(`File [${fieldname}] Finished`);
});
});
busboy.on('finish', () => {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else {
res.writeHead(404);
res.end();
}
}).listen(8000, () => {
console.log('Server listening on port 8000');
});
Field Parsing
This code sample shows how to use busboy to parse non-file fields from an HTML form. It logs the name and value of each field received.
const Busboy = require('busboy');
const http = require('http');
http.createServer((req, res) => {
if (req.method === 'POST') {
const busboy = new Busboy({ headers: req.headers });
busboy.on('field', (fieldname, val, fieldnameTruncated, valTruncated, encoding, mimetype) => {
console.log(`Field [${fieldname}]: value: ${val}`);
});
busboy.on('finish', () => {
res.end('Done parsing form!');
});
req.pipe(busboy);
} else {
res.writeHead(404);
res.end();
}
}).listen(8000, () => {
console.log('Server listening on port 8000');
});
Formidable is an npm package similar to busboy that is used for parsing form data, especially file uploads. It is also stream-based and can handle multipart/form-data. Compared to busboy, Formidable provides a higher-level abstraction and can also handle file uploads to disk, but it might be less efficient for large file uploads due to its buffering approach.
Multiparty is another npm package for parsing multipart/form-data. Like busboy, it is stream-based and suitable for handling large file uploads. However, multiparty differs in its API and the way it handles parts of the form data, which may make it more suitable for certain use cases.
Multer is a middleware for Express.js that handles multipart/form-data, which is primarily used for uploading files. It is built on top of busboy for maximum efficiency. Unlike busboy, which is a general-purpose stream parser, multer provides a set of convenient features specifically designed for Express applications.
A node.js module for parsing incoming HTML form data.
npm install busboy
var http = require('http'),
inspect = require('util').inspect;
var Busboy = require('busboy');
http.createServer(function(req, res) {
if (req.method === 'POST') {
var busboy = new Busboy({ headers: req.headers });
busboy.on('file', function(fieldname, file, filename) {
console.log('File [' + fieldname +']: filename: ' + filename);
file.on('data', function(data) {
console.log('File [' + fieldname +'] got ' + data.length + ' bytes');
});
file.once('end', function() {
console.log('File [' + fieldname +'] Finished');
});
});
busboy.on('field', function(fieldname, val, valTruncated, keyTruncated) {
console.log('Field [' + fieldname + ']: value: ' + inspect(val));
});
busboy.once('end', function() {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else if (req.method === 'GET') {
res.writeHead(200, { Connection: 'close' });
res.end('<html><head></head><body>\
<form method="POST" enctype="multipart/form-data">\
<input type="text" name="textfield"><br />\
<input type="file" name="filefield"><br />\
<input type="submit">\
</form>\
</body>');
}
}).listen(8000, function() {
console.log('Listening for requests');
});
// Example output, using http://nodejs.org/images/ryan-speaker.jpg as the file:
//
// Listening for requests
// File [filefield]: filename: ryan-speaker.jpg
// File [filefield] got 11971 bytes
// Field [textfield]: value: 'testing! :-)'
// File [filefield] Finished
// Done parsing form!
var http = require('http'),
inspect = require('util').inspect;
var Busboy = require('busboy');
http.createServer(function(req, res) {
if (req.method === 'POST') {
var busboy = new Busboy({ headers: req.headers });
busboy.on('file', function(fieldname, file, filename) {
console.log('File [' + fieldname +']: filename: ' + filename);
file.on('data', function(data) {
console.log('File [' + fieldname +'] got ' + data.length + ' bytes');
});
file.once('end', function() {
console.log('File [' + fieldname +'] Finished');
});
});
busboy.on('field', function(fieldname, val, valTruncated, keyTruncated) {
console.log('Field [' + fieldname + ']: value: ' + inspect(val));
});
busboy.once('end', function() {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else if (req.method === 'GET') {
res.writeHead(200, { Connection: 'close' });
res.end('<html><head></head><body>\
<form method="POST">\
<input type="text" name="textfield"><br />\
<select name="selectfield">\
<option value="1">1</option>\
<option value="10">10</option>\
<option value="100">100</option>\
<option value="9001">9001</option>\
</select><br />\
<input type="checkbox" name="checkfield">Node.js rules!<br />\
<input type="submit">\
</form>\
</body>');
}
}).listen(8000, function() {
console.log('Listening for requests');
});
// Example output:
//
// Listening for requests
// Field [textfield]: value: 'testing! :-)'
// Field [selectfield]: value: '9001'
// Field [checkfield]: value: 'on'
// Done parsing form!
Busboy is a WritableStream
file(< string >fieldname, < ReadableStream >stream, < string >filename) - Emitted for each new file form field found.
field(< string >fieldname, < string >value, < boolean >valueTruncated, < boolean >fieldnameTruncated) - Emitted for each new non-file field found.
Note: The stream
passed in on the 'file' event will also emit a 'limit' event (no arguments) if the fileSize
limit is reached. If this happens, no more data will be available on the stream.
(constructor)(< object >config) - Creates and returns a new Busboy instance with the following valid config
settings:
headers - object - These are the HTTP headers of the incoming request, which are used by individual parsers.
highWaterMark - integer - highWaterMark from WritableStream (Default: WritableStream default).
limits - object - Various limits on incoming data. Valid properties are:
fieldNameSize - integer - Max field name size (Default: 100 bytes).
fieldSize - integer - Max field value size (Default: 1MB).
fields - integer - Max number of non-file fields (Default: Infinity).
fileSize - integer - For multipart forms, the max file size (Default: Infinity).
files - integer - For multipart forms, the max number of file fields (Default: Infinity).
parts - integer - For multipart forms, the max number of parts (fields + files) (Default: Infinity).
FAQs
A streaming parser for HTML form data for node.js
We found that busboy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.