Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
express-body-parser-error-handler
Advanced tools
middleware to be set right after body parser in order to return 4xx error back to the client
middleware to be set right after body parser in order to handle all body parser errors and return 4xx responses to the client
99.9% of the time your going to use body parser on your express server application , even if your going to use express.json,raw,text or urlencoded under the hood it also uses body parser express source code
There’re multiple kinds of errors raised by body-parser. They involve sending bad headers or data that are not accepted by it, or canceling requests before all the data is read. Various 400 series error status codes will be sent as the response along with the corresponding error messages and stack trace the problem is when errors thrown from this middleware you need to handle them by yourself and all errors thrown from body parser are usually 4xx errors caused by client
for example:
Type | Code | description |
---|---|---|
encoding.unsupported | 415 | content encoding unsupported |
entity.parse.failed | 400 | |
entity.verify.failed | 403 | |
request.aborted | 400 | request is aborted by the client before reading the body has finished |
request.size.invalid | 400 | request size did not match content length |
stream.encoding.set | 500 | stream encoding should not be set |
parameters.too.many | 413 | |
charset.unsupported | 415 | unsupported charset “BOGUS” |
encoding.unsupported | 415 | unsupported content encoding “bogus” |
entity.too.large | 413 |
use this package if you don't want to handle them yourself :-)
$ npm i express-body-parser-error-handler
request(app)
.post('/')
.set('Content-Type', 'application/json')
.send('{ email: \'email\', password: \'password\'') // <==== missing "}" - invalid json
.expect(400, function (err, res) {
expect(JSON.parse(res.text).message).to.equal(
====> 'Body Parser failed to parse request --> Unexpected token e in JSON at position 2'
)
})
const bodyParserErrorHandler = require('express-body-parser-error-handler')
const { urlencoded, json } = require('body-parser')
const express = require('express')
const app = express();
router.route('/').get(function (req, res) {
return res.json({message:"🚀"});
});
// body parser initilization
app.use(urlencoded({extended: false, limit: '250kb'}));
app.use('/', json({limit: '250kb'}));
// body parser error handler
app.use(bodyParserErrorHandler());
app.use(router);
...
onError - function(err, req, res) => { }
Custom on error callback useful if you want to log the error message or send metrics
app.use(bodyParserErrorHandler({
onError = (err, req, res) => {
...
}
}))
errorMessage - function(err) => { }
default:
errorMessage = (err) => {
return `Body Parser failed to parse request --> ${err.message}`
}
app.use(bodyParserErrorHandler({
errorMessage = (err) => {
...
}
}))
if (this.repo.isAwesome || this.repo.isHelpful) {
Star(this.repo);
}
FAQs
middleware to be set right after body parser in order to return 4xx error back to the client
The npm package express-body-parser-error-handler receives a total of 2,275 weekly downloads. As such, express-body-parser-error-handler popularity was classified as popular.
We found that express-body-parser-error-handler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.