Security News
Combatting Alert Fatigue by Prioritizing Malicious Intent
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
The busboy npm package is a Node.js module for parsing incoming HTML form data, particularly file uploads. It is a stream-based parser that can handle multipart/form-data, which is primarily used for uploading files via HTTP.
File Upload Parsing
This code sample demonstrates how to use busboy to parse file uploads from an HTML form. When a file is received, it logs the file details and the amount of data received.
const Busboy = require('busboy');
const http = require('http');
http.createServer((req, res) => {
if (req.method === 'POST') {
const busboy = new Busboy({ headers: req.headers });
busboy.on('file', (fieldname, file, filename, encoding, mimetype) => {
console.log(`File [${fieldname}]: filename: ${filename}, encoding: ${encoding}, mimetype: ${mimetype}`);
file.on('data', (data) => {
console.log(`File [${fieldname}] got ${data.length} bytes`);
}).on('end', () => {
console.log(`File [${fieldname}] Finished`);
});
});
busboy.on('finish', () => {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else {
res.writeHead(404);
res.end();
}
}).listen(8000, () => {
console.log('Server listening on port 8000');
});
Field Parsing
This code sample shows how to use busboy to parse non-file fields from an HTML form. It logs the name and value of each field received.
const Busboy = require('busboy');
const http = require('http');
http.createServer((req, res) => {
if (req.method === 'POST') {
const busboy = new Busboy({ headers: req.headers });
busboy.on('field', (fieldname, val, fieldnameTruncated, valTruncated, encoding, mimetype) => {
console.log(`Field [${fieldname}]: value: ${val}`);
});
busboy.on('finish', () => {
res.end('Done parsing form!');
});
req.pipe(busboy);
} else {
res.writeHead(404);
res.end();
}
}).listen(8000, () => {
console.log('Server listening on port 8000');
});
Formidable is an npm package similar to busboy that is used for parsing form data, especially file uploads. It is also stream-based and can handle multipart/form-data. Compared to busboy, Formidable provides a higher-level abstraction and can also handle file uploads to disk, but it might be less efficient for large file uploads due to its buffering approach.
Multiparty is another npm package for parsing multipart/form-data. Like busboy, it is stream-based and suitable for handling large file uploads. However, multiparty differs in its API and the way it handles parts of the form data, which may make it more suitable for certain use cases.
Multer is a middleware for Express.js that handles multipart/form-data, which is primarily used for uploading files. It is built on top of busboy for maximum efficiency. Unlike busboy, which is a general-purpose stream parser, multer provides a set of convenient features specifically designed for Express applications.
A node.js module for parsing incoming HTML form data.
If you've found this module to be useful and wish to support it, you may do so by visiting this pledgie campaign:
npm install busboy
var http = require('http'),
inspect = require('util').inspect;
var Busboy = require('busboy');
http.createServer(function(req, res) {
if (req.method === 'POST') {
var busboy = new Busboy({ headers: req.headers });
busboy.on('file', function(fieldname, file, filename, encoding, mimetype) {
console.log('File [' + fieldname + ']: filename: ' + filename + ', encoding: ' + encoding + ', mimetype: ' + mimetype);
file.on('data', function(data) {
console.log('File [' + fieldname + '] got ' + data.length + ' bytes');
});
file.on('end', function() {
console.log('File [' + fieldname + '] Finished');
});
});
busboy.on('field', function(fieldname, val, fieldnameTruncated, valTruncated, encoding, mimetype) {
console.log('Field [' + fieldname + ']: value: ' + inspect(val));
});
busboy.on('finish', function() {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else if (req.method === 'GET') {
res.writeHead(200, { Connection: 'close' });
res.end('<html><head></head><body>\
<form method="POST" enctype="multipart/form-data">\
<input type="text" name="textfield"><br />\
<input type="file" name="filefield"><br />\
<input type="submit">\
</form>\
</body></html>');
}
}).listen(8000, function() {
console.log('Listening for requests');
});
// Example output, using http://nodejs.org/images/ryan-speaker.jpg as the file:
//
// Listening for requests
// File [filefield]: filename: ryan-speaker.jpg, encoding: binary
// File [filefield] got 11971 bytes
// Field [textfield]: value: 'testing! :-)'
// File [filefield] Finished
// Done parsing form!
var http = require('http'),
path = require('path'),
os = require('os'),
fs = require('fs');
var Busboy = require('busboy');
http.createServer(function(req, res) {
if (req.method === 'POST') {
var busboy = new Busboy({ headers: req.headers });
busboy.on('file', function(fieldname, file, filename, encoding, mimetype) {
var saveTo = path.join(os.tmpDir(), path.basename(fieldname));
file.pipe(fs.createWriteStream(saveTo));
});
busboy.on('finish', function() {
res.writeHead(200, { 'Connection': 'close' });
res.end("That's all folks!");
});
return req.pipe(busboy);
}
res.writeHead(404);
res.end();
}).listen(8000, function() {
console.log('Listening for requests');
});
var http = require('http'),
inspect = require('util').inspect;
var Busboy = require('busboy');
http.createServer(function(req, res) {
if (req.method === 'POST') {
var busboy = new Busboy({ headers: req.headers });
busboy.on('file', function(fieldname, file, filename, encoding, mimetype) {
console.log('File [' + fieldname + ']: filename: ' + filename);
file.on('data', function(data) {
console.log('File [' + fieldname + '] got ' + data.length + ' bytes');
});
file.on('end', function() {
console.log('File [' + fieldname + '] Finished');
});
});
busboy.on('field', function(fieldname, val, fieldnameTruncated, valTruncated) {
console.log('Field [' + fieldname + ']: value: ' + inspect(val));
});
busboy.on('finish', function() {
console.log('Done parsing form!');
res.writeHead(303, { Connection: 'close', Location: '/' });
res.end();
});
req.pipe(busboy);
} else if (req.method === 'GET') {
res.writeHead(200, { Connection: 'close' });
res.end('<html><head></head><body>\
<form method="POST">\
<input type="text" name="textfield"><br />\
<select name="selectfield">\
<option value="1">1</option>\
<option value="10">10</option>\
<option value="100">100</option>\
<option value="9001">9001</option>\
</select><br />\
<input type="checkbox" name="checkfield">Node.js rules!<br />\
<input type="submit">\
</form>\
</body></html>');
}
}).listen(8000, function() {
console.log('Listening for requests');
});
// Example output:
//
// Listening for requests
// Field [textfield]: value: 'testing! :-)'
// Field [selectfield]: value: '9001'
// Field [checkfield]: value: 'on'
// Done parsing form!
Busboy is a Writable stream
file(< string >fieldname, < ReadableStream >stream, < string >filename, < string >transferEncoding, < string >mimeType) - Emitted for each new file form field found. transferEncoding
contains the 'Content-Transfer-Encoding' value for the file stream. mimeType
contains the 'Content-Type' value for the file stream.
stream
no matter if you care about the file contents or not (e.g. you can simply just do stream.resume();
if you want to discard the contents), otherwise the 'finish' event will never fire on the Busboy instance. However, if you don't care about any incoming files, you can simply not listen for the 'file' event at all and any/all files will be automatically and safely discarded (these discarded files do still count towards files
and parts
limits).stream
will both have a boolean property truncated
(best checked at the end of the stream) and emit a 'limit' event to notify you when this happens.field(< string >fieldname, < string >value, < boolean >fieldnameTruncated, < boolean >valueTruncated, < string >transferEncoding, < string >mimeType) - Emitted for each new non-file field found.
partsLimit() - Emitted when specified parts
limit has been reached. No more 'file' or 'field' events will be emitted.
filesLimit() - Emitted when specified files
limit has been reached. No more 'file' events will be emitted.
fieldsLimit() - Emitted when specified fields
limit has been reached. No more 'field' events will be emitted.
(constructor)(< object >config) - Creates and returns a new Busboy instance.
The constructor takes the following valid config
settings:
headers - object - These are the HTTP headers of the incoming request, which are used by individual parsers.
highWaterMark - integer - highWaterMark to use for this Busboy instance (Default: WritableStream default).
fileHwm - integer - highWaterMark to use for file streams (Default: ReadableStream default).
defCharset - string - Default character set to use when one isn't defined (Default: 'utf8').
preservePath - boolean - If paths in the multipart 'filename' field shall be preserved. (Default: false).
limits - object - Various limits on incoming data. Valid properties are:
fieldNameSize - integer - Max field name size (in bytes) (Default: 100 bytes).
fieldSize - integer - Max field value size (in bytes) (Default: 1MB).
fields - integer - Max number of non-file fields (Default: Infinity).
fileSize - integer - For multipart forms, the max file size (in bytes) (Default: Infinity).
files - integer - For multipart forms, the max number of file fields (Default: Infinity).
parts - integer - For multipart forms, the max number of parts (fields + files) (Default: Infinity).
headerPairs - integer - For multipart forms, the max number of header key=>value pairs to parse Default: 2000 (same as node's http).
The constructor can throw errors:
Unsupported content type: $type - The Content-Type
isn't one Busboy can parse.
Missing Content-Type - The provided headers don't include Content-Type
at all.
FAQs
A streaming parser for HTML form data for node.js
The npm package busboy receives a total of 11,863,064 weekly downloads. As such, busboy popularity was classified as popular.
We found that busboy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In 2023, data breaches surged 78% from zero-day and supply chain attacks, but developers are still buried under alerts that are unable to prevent these threats.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.