Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
express-uploader
Advanced tools
File uploader
Uploading files middleware for NodeJS, Express, TrinteJS, Connect.
Installation
Installation is done using the Node Package Manager (npm). If you don't have npm installed on your system you can download it from npmjs.org To install express-uploader:
$ npm install -g express-uploader
Usage overview
for TrinteJS
manual setup in project config/routes.js
var Uploader = require('express-uploader');
module.exports = function routes(map) {
...
map.all('/upload', function(req, res, next) {
var uploader = new Uploader({
debug: true,
validate: true,
thumbnails: true,
thumbToSubDir: true,
tmpDir: __dirname + '/tmp',
publicDir: __dirname + '/public',
uploadDir: __dirname + '/public/files',
uploadUrl: '/files/',
thumbSizes: [140, [100, 100]]
});
uploader.uploadFile(req, function(data) {
res.send(JSON.stringify(data), {'Content-Type': 'text/plain'}, 200);
});
});
};
for ExpressJS
var Uploader = require('express-uploader');
app.all('/upload', function(req, res, next) {
var uploader = new Uploader({
debug: true,
validate: true,
thumbnails: true,
thumbToSubDir: true,
tmpDir: __dirname + '/tmp',
publicDir: __dirname + '/public',
uploadDir: __dirname + '/public/files',
uploadUrl: '/files/',
thumbSizes: [140,[100, 100]]
});
uploader.uploadFile(req, function(data) {
res.send(JSON.stringify(data), {'Content-Type': 'text/plain'}, 200);
});
});
Options
| Name | Type | Default | Description |
|---|---|---|---|
| debug | boolean | false | |
| safeName | boolean | true | |
| validate | boolean | false | |
| quality | number | 80 | |
| thumbnails | boolean | false | |
| thumbToSubDir | boolean | false | |
| tmpDir | string | /tmp | |
| publicDir | string | /public | |
| uploadDir | string | /public/files | |
| uploadUrl | string | /files/ | |
| maxPostSize | integer | 11000000 | |
| minFileSize | integer | 1 | |
| maxFileSize | integer | 10000000 | |
| acceptFileTypes | regexp | /.+/i | |
| thumbSizes | array | [[100, 100]] | [width, neight] |
| imageTypes | regexp | `/.(gif | jpe?g |
| resize | boolean | false | if need resize image |
| newSize | mixed | [800, 600] | new size for image [width, height] |
| crop | boolean | false | if need crop image |
| coordinates | object | {width:800,height:600,x:0,y:0} | coordinates for crop image { width:1200, height:800, x:0, y:0 } |
In the Wild
The following projects use express-uploader.
If you are using express-uploader in a project, app, or module, get on the list below by getting in touch or submitting a pull request with changes to the README.
Recommend extensions
- Bootstrap Fancy File Plugin
- Bootstrap Ajax Typeahead Plugin
- TrinteJS - Javascrpt MVC Framework for Node.JS
- CaminteJS - Cross-db ORM for NodeJS
- MongoDB Session Storage for ExpressJS
- 2CO NodeJS adapter for 2checkout API payment gateway
Startups & Apps
Author
Aleksej Gordejev (aleksej@gordejev.lv).
License
(The MIT License)
Copyright (c) 2012 Aleksej Gordejev aleksej@gordejev.lv
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Resources
- Visit the author website.
- Follow @biggora on Twitter for updates.
- Report issues on the github issues page.
FAQs
File uploads with NodeJS
We found that express-uploader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 Jul 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025