Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
fastify-raw-body
Advanced tools
Adds the raw body to the Fastify request object.
npm i fastify-raw-body
Plugin version | Fastify version |
---|---|
^2.0.0 | ^2.0.0 |
^3.0.0 | ^3.0.0 |
^4.0.0 | ^4.0.0 |
^4.2.1 | ^4.19.0 |
This plugin will add the request.rawBody
.
It will get the data using the preParsing
hook.
import Fastify from 'fastify'
const app = Fastify()
await app.register(import('fastify-raw-body'), {
field: 'rawBody', // change the default request.rawBody property name
global: false, // add the rawBody to every request. **Default true**
encoding: 'utf8', // set it to false to set rawBody as a Buffer **Default utf8**
runFirst: true, // get the body before any preParsing hook change/uncompress it. **Default false**
routes: [] // array of routes, **`global`** will be ignored, wildcard routes not supported
})
app.post('/', {
config: {
// add the rawBody to this route. if false, rawBody will be disabled when global is true
rawBody: true
},
handler (req, reply) {
// req.rawBody the string raw body
reply.send(req.rawBody)
}
})
Note
You need toawait
the plugin registration to make sure the plugin is ready to use. All the routes defined before the plugin registration will be ignored. This change has been introduced in Fastify v4.
Warning
Settingglobal: false
and then the route configuration{ config: { rawBody: true } }
will save memory of your server since therawBody
is a copy of thebody
and it will double the memory usage.
So use it only for the routes that you need to.
It is important to know that setting encoding: false
will run addContentTypeParser
to add a content type parser for application/json
.
This is needed since the default content type parser will set the encoding of the request stream to { parseAs: 'string' }
.
If you haven't customized this component, it will be secure as the original one since secure-json-parse
is used under the hood.
Copyright Manuel Spigolon, Licensed under MIT.
FAQs
Request raw body
The npm package fastify-raw-body receives a total of 43,919 weekly downloads. As such, fastify-raw-body popularity was classified as popular.
We found that fastify-raw-body demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.