
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
High-performance streaming multipart/mixed parser for Node.js applications.
This is a private workspace package used internally by other packages in this monorepo.
import { parseMultipartStream, MultipartMessage } from "mixpart";
// Parse a multipart/mixed response
const response = await fetch("https://api.example.com/multipart-endpoint");
for await (const message of parseMultipartStream(response)) {
console.log("Headers:", Array.from(message.headers.entries()));
// Access specific headers
const contentType = message.headers.get("content-type");
const customHeader = message.headers.get("x-custom-header");
console.log("Content-Type:", contentType);
// Stream the payload - no buffering in memory
const reader = message.payload.getReader();
while (true) {
const { done, value } = await reader.read();
if (done) break;
console.log("Received chunk:", value.length, "bytes");
// Process each chunk immediately without buffering
}
}
The parser includes configurable safety limits to prevent unbounded memory growth:
import { parseMultipartStream, ParserOptions } from "mixpart";
const options: ParserOptions = {
maxHeaderSize: 128000, // 128KB header limit (default: 64KB)
maxBoundaryBuffer: 16384, // 16KB boundary buffer (default: 8KB)
};
for await (const message of parseMultipartStream(response, options)) {
// Process messages safely
}
Safety Limits:
For convenience when you need the complete payload:
import { parseMultipartStream } from "mixpart";
async function readStreamToText(
stream: ReadableStream<Uint8Array>,
): Promise<string> {
const reader = stream.getReader();
const chunks: Uint8Array[] = [];
while (true) {
const { done, value } = await reader.read();
if (done) break;
chunks.push(value);
}
const totalLength = chunks.reduce((sum, chunk) => sum + chunk.length, 0);
const result = new Uint8Array(totalLength);
let offset = 0;
for (const chunk of chunks) {
result.set(chunk, offset);
offset += chunk.length;
}
return new TextDecoder().decode(result);
}
for await (const message of parseMultipartStream(response)) {
if (message.headers.get("content-type") === "application/json") {
const jsonText = await readStreamToText(message.payload);
const data = JSON.parse(jsonText);
console.log("JSON data:", data);
}
}
The parser properly handles HTTP-compliant header encoding using ISO-8859-1, which is the standard encoding for HTTP headers.
Features:
Example:
import { parseMultipartStream } from "mixpart";
// ISO-8859-1 headers are automatically decoded
for await (const message of parseMultipartStream(response)) {
// Headers with accented characters work properly
const subject = message.headers.get("subject"); // "Hello World"
const name = message.headers.get("x-name"); // "José" or "Café"
console.log("Subject:", subject);
console.log("Name:", name);
}
Standards Compliance: Per RFC 7230, HTTP header values should use ISO-8859-1 encoding:
This ensures robust parsing of all HTTP-compliant multipart content.
Since this is a generic parser, applications can extract their own specific headers:
import { parseMultipartStream } from "mixpart";
const response = await fetch("https://api.example.com/messages", {
headers: {
Accept: "multipart/mixed",
Authorization: "Bearer TOKEN",
},
});
for await (const part of parseMultipartStream(response)) {
// Extract application-specific headers using Headers API
const messageId = part.headers.get("x-message-id");
const timestamp = part.headers.get("x-timestamp");
const contentType = part.headers.get("content-type");
if (messageId && timestamp) {
console.log("Message:", {
id: messageId,
timestamp: timestamp,
contentType: contentType,
});
// Stream process the payload without loading it all into memory
const reader = part.payload.getReader();
const chunks: Uint8Array[] = [];
while (true) {
const { done, value } = await reader.read();
if (done) break;
chunks.push(value);
}
// Only combine chunks when ready to process
const totalLength = chunks.reduce((sum, chunk) => sum + chunk.length, 0);
const fullPayload = new Uint8Array(totalLength);
let offset = 0;
for (const chunk of chunks) {
fullPayload.set(chunk, offset);
offset += chunk.length;
}
if (contentType === "application/json") {
const messageData = JSON.parse(new TextDecoder().decode(fullPayload));
console.log("JSON data:", messageData);
}
}
}
parseMultipartStream(response: Response, options?: ParserOptions)Returns an async generator that yields MultipartMessage objects as they are parsed from the stream.
Parameters:
response: A Response object with a multipart/mixed bodyoptions: Optional configuration for memory safety limitsReturns:
AsyncGenerator<MultipartMessage, void, unknown>ParserOptionsConfiguration interface for memory safety:
interface ParserOptions {
maxHeaderSize?: number; // Maximum header buffer size (default: 64KB)
maxBoundaryBuffer?: number; // Maximum boundary buffer size (default: 8KB)
}
MultipartMessageInterface representing a parsed multipart message:
interface MultipartMessage {
headers: Headers; // Proper Headers object with get(), has(), etc.
payload: ReadableStream<Uint8Array>; // Streaming payload - no buffering
}
Key Benefits:
extractBoundary(contentType: string)Utility function to extract the boundary parameter from a Content-Type header.
Parameters:
contentType: Content-Type header valueReturns:
string: The boundary stringMultipartParseErrorError class thrown when multipart parsing fails:
class MultipartParseError extends Error {
name: "MultipartParseError";
}
ReadableStream<Uint8Array> (zero buffering)maxHeaderSize)maxBoundaryBuffer)This design allows processing of arbitrarily large multipart responses without memory constraints.
MIT
FAQs
High-performance streaming multipart/mixed parser for Node.js
The npm package mixpart receives a total of 936,462 weekly downloads. As such, mixpart popularity was classified as popular.
We found that mixpart demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.