Security News
Supply Chain Attack Detected in Solana's web3.js Library
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
The co-body npm package is a body parser for node.js that supports parsing JSON, form, and text bodies. It is designed to work with generators and promises, making it suitable for use with Koa and other async frameworks.
Parse JSON body
This feature allows you to parse JSON bodies from incoming requests. The code sample demonstrates how to use co-body to parse a JSON body in a Koa application.
const coBody = require('co-body');
const Koa = require('koa');
const app = new Koa();
app.use(async (ctx) => {
if (ctx.method === 'POST' && ctx.is('application/json')) {
const body = await coBody.json(ctx.req);
ctx.body = body;
}
});
app.listen(3000);
Parse form-urlencoded body
This feature allows you to parse form-urlencoded bodies from incoming requests. The code sample demonstrates how to use co-body to parse a form-urlencoded body in a Koa application.
const coBody = require('co-body');
const Koa = require('koa');
const app = new Koa();
app.use(async (ctx) => {
if (ctx.method === 'POST' && ctx.is('application/x-www-form-urlencoded')) {
const body = await coBody.form(ctx.req);
ctx.body = body;
}
});
app.listen(3000);
Parse text body
This feature allows you to parse plain text bodies from incoming requests. The code sample demonstrates how to use co-body to parse a text body in a Koa application.
const coBody = require('co-body');
const Koa = require('koa');
const app = new Koa();
app.use(async (ctx) => {
if (ctx.method === 'POST' && ctx.is('text/plain')) {
const body = await coBody.text(ctx.req);
ctx.body = body;
}
});
app.listen(3000);
koa-bodyparser is a body parser middleware for Koa that supports parsing JSON, form, and text bodies. It is similar to co-body but is designed specifically as middleware for Koa, making it easier to integrate into Koa applications.
body-parser is a body parsing middleware for Express that supports parsing JSON, form, and text bodies. It is similar to co-body but is designed specifically for use with Express applications.
raw-body is a lower-level body parsing library that provides a way to read the raw request body. It is more flexible than co-body but requires more manual handling of different content types.
Parse request bodies with generators inspired by Raynos/body.
$ npm install co-body
limit
number or string representing the request size limit (1mb for json and 56kb for form-urlencoded)strict
when set to true
, JSON parser will only accept arrays and objects; when false
will accept anything JSON.parse
accepts. Defaults to true
. (also strict
mode will always return object).onProtoPoisoning
Defines what action the co-body
lib must take when parsing a JSON object with __proto__
. This functionality is provided by bourne.
See Prototype-Poisoning for more details about prototype poisoning attacks.
Possible values are 'error'
, 'remove'
and 'ignore'
.
Default to 'error'
, it will throw a SyntaxError
when Prototype-Poisoning
happen.queryString
an object of options when parsing query strings and form data. See qs for more information.returnRawBody
when set to true
, the return value of co-body
will be an object with two properties: { parsed: /* parsed value */, raw: /* raw body */}
.jsonTypes
is used to determine what media type co-body will parse as json, this option is passed directly to the type-is library.formTypes
is used to determine what media type co-body will parse as form, this option is passed directly to the type-is library.textTypes
is used to determine what media type co-body will parse as text, this option is passed directly to the type-is library.more options available via raw-body:
// application/json
var body = await parse.json(req);
// explicit limit
var body = await parse.json(req, { limit: '10kb' });
// application/x-www-form-urlencoded
var body = await parse.form(req);
// text/plain
var body = await parse.text(req);
// either
var body = await parse(req);
// custom type
var body = await parse(req, { textTypes: ['text', 'html'] });
This lib also supports ctx.req
in Koa (or other libraries),
so that you may simply use this
instead of this.req
.
// application/json
var body = await parse.json(this);
// application/x-www-form-urlencoded
var body = await parse.form(this);
// text/plain
var body = await parse.text(this);
// either
var body = await parse(this);
FAQs
request body parsing for co
The npm package co-body receives a total of 931,997 weekly downloads. As such, co-body popularity was classified as popular.
We found that co-body demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.