form-data - npm Package Compare versions

Comparing version

4.0.5

4.0.6

+29

-2

CHANGELOG.md

		@@ -8,2 +8,11 @@ # Changelog

		## [v4.0.6](https://github.com/form-data/form-data/compare/v4.0.5...v4.0.6) - 2026-06-12

		### Commits

		- [Fix] escape CR, LF, and `"` in field names and filenames [`8dff42c`](https://github.com/form-data/form-data/commit/8dff42c6da654ed4e7ad4acb7f8ccd3831217c99)
		- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `tape` [`f31d21e`](https://github.com/form-data/form-data/commit/f31d21ef10bf46e46344c3ee4f99acbef6be43e1)
		- [Deps] update `hasown`, `mime-types` [`92ae0eb`](https://github.com/form-data/form-data/commit/92ae0eb5da94d6f01925d5f4fcffb2a1e50ed7cd)
		- [Dev Deps] update `js-randomness-predictor` [`67b0f65`](https://github.com/form-data/form-data/commit/67b0f65c2e0b065a511d42227d35e4d367644e97)

		## [v4.0.5](https://github.com/form-data/form-data/compare/v4.0.4...v4.0.5) - 2025-11-17
		@@ -98,3 +107,3 @@

		## [v4.0.0](https://github.com/form-data/form-data/compare/v3.0.4...v4.0.0) - 2021-02-15
		## [v4.0.0](https://github.com/form-data/form-data/compare/v3.0.5...v4.0.0) - 2021-02-15

		@@ -110,2 +119,10 @@ ### Merged

		## [v3.0.5](https://github.com/form-data/form-data/compare/v3.0.4...v3.0.5) - 2026-06-12

		### Commits

		- [Fix] escape CR, LF, and `"` in field names and filenames [`8777e67`](https://github.com/form-data/form-data/commit/8777e67fbd0282d3dcba81f974fbdd91062c5b23)
		- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `eslint`, `tape` [`27c61a5`](https://github.com/form-data/form-data/commit/27c61a5deed84798be105c96605cb8bd00502dcd)
		- [Deps] update `hasown` [`6a8a1c6`](https://github.com/form-data/form-data/commit/6a8a1c6d04da36e15c80b16ecc4c0265082b3213)

		## [v3.0.4](https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4) - 2025-07-16
		@@ -172,3 +189,3 @@

		## [v3.0.0](https://github.com/form-data/form-data/compare/v2.5.5...v3.0.0) - 2019-11-05
		## [v3.0.0](https://github.com/form-data/form-data/compare/v2.5.6...v3.0.0) - 2019-11-05

		@@ -197,2 +214,12 @@ ### Merged

		## [v2.5.6](https://github.com/form-data/form-data/compare/v2.5.5...v2.5.6) - 2026-06-12

		### Commits

		- [Fix] escape CR, LF, and `"` in field names and filenames [`b620316`](https://github.com/form-data/form-data/commit/b62031603c2d7c329b2a369b49466790f0ba6314)
		- [Dev Deps] update `@ljharb/eslint-config`, `auto-changelog`, `eslint`, `tape` [`12be578`](https://github.com/form-data/form-data/commit/12be578e936fd77eee75e2e656955f5343c4b80f)
		- [Dev Deps] update `js-randomness-predictor` [`46cfd23`](https://github.com/form-data/form-data/commit/46cfd23bd40be14cfa0391e1c5357c4d74098f23)
		- [Tests] use `safe-buffer` so the header-injection test runs on node < 4 [`633044a`](https://github.com/form-data/form-data/commit/633044a57a7b19f41cec2271ffd24afa2f6280af)
		- [Deps] update `hasown` [`e3b96ee`](https://github.com/form-data/form-data/commit/e3b96eef1661bca8ea4297de057b78bf2734e900)

		## [v2.5.5](https://github.com/form-data/form-data/compare/v2.5.4...v2.5.5) - 2025-07-18
		@@ -199,0 +226,0 @@

+14

-2

lib/form_data.js

		@@ -19,2 +19,14 @@ 'use strict';
		/**
		* Escape CR, LF, and `"` in a multipart `name`/`filename` parameter, so a field
		* name or filename can not break out of its header line to inject headers or
		* smuggle additional parts. Matches the WHATWG HTML multipart/form-data encoding.
		*
		* @param {string} str - the parameter value to escape
		* @returns {string} the escaped value
		*/
		function escapeHeaderParam(str) {
		return String(str).replace(/\r/g, '%0D').replace(/\n/g, '%0A').replace(/"/g, '%22');
		}

		/**
		* Create readable "multipart/form-data" streams.
		@@ -184,3 +196,3 @@ * Can be used to submit forms
		// add custom disposition as third element or keep it two elements if not
		'Content-Disposition': ['form-data', 'name="' + field + '"'].concat(contentDisposition \|\| []),
		'Content-Disposition': ['form-data', 'name="' + escapeHeaderParam(field) + '"'].concat(contentDisposition \|\| []),
		// if no content type. allow it to be empty array
		@@ -239,3 +251,3 @@ 'Content-Type': [].concat(contentType \|\| [])
		if (filename) {
		return 'filename="' + filename + '"';
		return 'filename="' + escapeHeaderParam(filename) + '"';
		}
		@@ -242,0 +254,0 @@ };

+7

-7

package.json

		@@ -5,3 +5,3 @@ {
		"description": "A library to create readable \"multipart/form-data\" streams. Can be used to submit forms and file uploads to other web applications.",
		"version": "4.0.5",
		"version": "4.0.6",
		"repository": {
		@@ -47,8 +47,8 @@ "type": "git",
		"es-set-tostringtag": "^2.1.0",
		"hasown": "^2.0.2",
		"mime-types": "^2.1.12"
		"hasown": "^2.0.4",
		"mime-types": "^2.1.35"
		},
		"devDependencies": {
		"@ljharb/eslint-config": "^21.4.0",
		"auto-changelog": "^2.5.0",
		"@ljharb/eslint-config": "^22.2.3",
		"auto-changelog": "^2.6.0",
		"browserify": "^13.3.0",
		@@ -65,3 +65,3 @@ "browserify-istanbul": "^2.0.0",
		"istanbul": "^0.4.5",
		"js-randomness-predictor": "^1.5.5",
		"js-randomness-predictor": "^3.6.0",
		"obake": "^0.1.2",
		@@ -74,3 +74,3 @@ "pkgfiles": "^2.3.2",
		"semver": "^6.3.1",
		"tape": "^5.9.0"
		"tape": "^5.10.1"
		},
		@@ -77,0 +77,0 @@ "license": "MIT",

+4

-4

README.md

		@@ -9,7 +9,7 @@ # Form-Data [![NPM Module](https://img.shields.io/npm/v/form-data.svg)](https://www.npmjs.com/package/form-data) [![Join the chat at https://gitter.im/form-data/form-data](http://form-data.github.io/images/gitterbadge.svg)](https://gitter.im/form-data/form-data)

		[![Linux Build](https://img.shields.io/travis/form-data/form-data/v4.0.5.svg?label=linux:6.x-12.x)](https://travis-ci.org/form-data/form-data)
		[![MacOS Build](https://img.shields.io/travis/form-data/form-data/v4.0.5.svg?label=macos:6.x-12.x)](https://travis-ci.org/form-data/form-data)
		[![Windows Build](https://img.shields.io/travis/form-data/form-data/v4.0.5.svg?label=windows:6.x-12.x)](https://travis-ci.org/form-data/form-data)
		[![Linux Build](https://img.shields.io/travis/form-data/form-data/v4.0.6.svg?label=linux:6.x-12.x)](https://travis-ci.org/form-data/form-data)
		[![MacOS Build](https://img.shields.io/travis/form-data/form-data/v4.0.6.svg?label=macos:6.x-12.x)](https://travis-ci.org/form-data/form-data)
		[![Windows Build](https://img.shields.io/travis/form-data/form-data/v4.0.6.svg?label=windows:6.x-12.x)](https://travis-ci.org/form-data/form-data)

		[![Coverage Status](https://img.shields.io/coveralls/form-data/form-data/v4.0.5.svg?label=code+coverage)](https://coveralls.io/github/form-data/form-data?branch=master)
		[![Coverage Status](https://img.shields.io/coveralls/form-data/form-data/v4.0.6.svg?label=code+coverage)](https://coveralls.io/github/form-data/form-data?branch=master)
		[![Dependency Status](https://img.shields.io/david/form-data/form-data.svg)](https://david-dm.org/form-data/form-data)
		@@ -16,0 +16,0 @@

form-data - npm Package Compare versions

Improved metrics

Dependency changes