multer
Advanced tools
Package description
Multer is a node.js middleware for handling multipart/form-data, which is primarily used for uploading files. It is written on top of busboy for maximum efficiency.
File Uploads
This feature allows you to upload files to your server. The code sample demonstrates how to handle a single file upload with Multer.
const multer = require('multer');
const upload = multer({ dest: 'uploads/' });
app.post('/upload', upload.single('file'), function (req, res) {
// req.file is the `file` file
res.send('File uploaded!');
});Multiple Files Upload
Multer also supports uploading multiple files at once. The code sample shows how to handle multiple file uploads, limiting to 12 files in this case.
const multer = require('multer');
const upload = multer({ dest: 'uploads/' });
app.post('/upload', upload.array('files', 12), function (req, res) {
// req.files is array of `files` files
res.send('Multiple files uploaded!');
});Disk Storage
Multer allows you to customize the storage of files. This code sample demonstrates how to use disk storage to control the storage location and file naming.
const multer = require('multer');
const storage = multer.diskStorage({
destination: function (req, file, cb) {
cb(null, 'uploads/')
},
filename: function (req, file, cb) {
cb(null, file.fieldname + '-' + Date.now())
}
});
const upload = multer({ storage: storage });Memory Storage
For temporary storage or when you want to process the file without saving it to disk, you can use memory storage. The code sample shows how to store a file in memory.
const multer = require('multer');
const upload = multer({ storage: multer.memoryStorage() });
app.post('/upload', upload.single('file'), function (req, res) {
// req.file is the `file` file stored in memory
res.send('File uploaded and stored in memory!');
});File Filtering
Multer provides a way to filter out files based on conditions you set. This code sample demonstrates file filtering to only allow JPEG images.
const multer = require('multer');
const upload = multer({
fileFilter: function (req, file, cb) {
if (file.mimetype !== 'image/jpeg') {
return cb(new Error('Only JPEG files are allowed!'), false);
}
cb(null, true);
}
});Formidable is an alternative to Multer for parsing form data, especially file uploads. It is less middleware-oriented and more flexible in terms of handling various form parsing tasks.
Busboy is a low-level Node.js module for parsing incoming HTML form data. Multer is built on top of Busboy, but provides a more convenient middleware API for integrating with Express.js applications.
Multiparty is another module for handling multipart/form-data requests, which is the type of requests that file uploads usually come in. It is similar to Multer but has a different API and is used in a slightly different way.
Readme
Multer is a node.js middleware for handling multipart/form-data.
It is written on top of busboy for maximum efficiency.
$ npm install multer
var express = require('express')
var multer = require('multer')
var app = express()
app.use(multer({ dest: './uploads/'}))
You can access the fields and files in the request object:
console.log(req.body)
console.log(req.files)
IMPORTANT: Multer will not process any form which is not multipart/form-data.
A multer file object is a JSON object with the following properties.
fieldname - Field name specified in the formoriginalname - Name of the file on the user's computername - Renamed file nameencoding - Encoding type of the filemimetype - Mime type of the filepath - Location of the uploaded fileextension - Extension of the filesize - Size of the file in bytestruncated - If the file was truncated due to size limitationbuffer - Raw data (is null unless the inMemory option is true)Multer accepts an options object, the most basic of which is the dest property, which tells Multer where to upload the files. In case you omit the options object, the file will be renamed and uploaded to the temporary directory of the system. If the inMemory option is true, no data is written to disk but data is kept in a buffer accessible in the file object.
By the default, Multer will rename the files so as to avoid name conflicts. The renaming function can be customized according to your needs.
The following are the options that can be passed to Multer.
destlimitsincludeEmptyFieldsinMemoryrename(fieldname, filename, req, res)changeDest(dest, req, res)onFileUploadStart(file, req, res)onFileUploadData(file, data, req, res)onFileUploadComplete(file, req, res)onParseStart()onParseEnd(req, next)onError()onFileSizeLimit(file)onFilesLimit()onFieldsLimit()onPartsLimit()Apart from these, Multer also supports more advanced busboy options like highWaterMark, fileHwm, and defCharset.
In an average web app, only dest and rename might be required, and configured as shown in the example.
app.use(multer({
dest: './uploads/',
rename: function (fieldname, filename) {
return filename.replace(/\W+/g, '-').toLowerCase() + Date.now()
}
}))
The details of the properties of the options object is explained in the following sections.
The destination directory for the uploaded files.
dest: './uploads/'
An object specifying the size limits of the following optional properties. This object is passed to busboy directly, and the details of properties can be found on busboy's page
fieldNameSize - integer - Max field name size (Default: 100 bytes)fieldSize - integer - Max field value size (Default: 1MB)fields - integer - Max number of non-file fields (Default: Infinity)fileSize - integer - For multipart forms, the max file size (in bytes) (Default: Infinity)files - integer - For multipart forms, the max number of file fields (Default: Infinity)parts - integer - For multipart forms, the max number of parts (fields + files) (Default: Infinity)headerPairs - integer - For multipart forms, the max number of header key=>value pairs to parse Default: 2000 (same as node's http).limits: {
fieldNameSize: 100,
files: 2,
fields: 5
}
Specifying the limits can help protect your site against denial of service (DoS) attacks.
A Boolean value to specify whether empty submitted values should be processed and applied to req.body; defaults to false;
includeEmptyFields: true
NOTE In the next major version, putSingleFilesInArray will go away and all req.files key-value pairs will point to an array of file objects. Begin migrating your code to use putSingleFilesInArray: true. This will become the default in the next version. An explanation follows.
In the current version putSingleFilesInArray is false. Activate it by setting the property to true.
putSingleFilesInArray: true
Some applications or libraries, such as Object Modelers, expect req.files key-value pairs to always point to arrays. If putSingleFilesInArray is true, multer will ensure all values point to an array.
// the value points to a single file object
req.files['file1'] = [fileObject1]
// the value points to an array of file objects
req.files['file1'] = [fileObject1, fileObject2]
Contrast this with Multer's default behavior, where putSingleFilesInArray is false. If the value for any key in req.files is a single file, then the value will equal a single file object. And if the value points to multiple files, then the value will equal an array of file objects.
// the value points to a single file object
req.files['file1'] = fileObject1
// the value points to an array of file objects
req.files['file1'] = [fileObject1, fileObject2]
If this Boolean value is true, the file.buffer property holds the data in-memory that Multer would have written to disk. The dest option is still populated and the path property contains the proposed path to save the file. Defaults to false.
inMemory: true
WARNING: Uploading very large files, or relatively small files in large numbers very quickly, can cause your application to run out of memory when inMemory is set to true.
Function to rename the uploaded files. Whatever the function returns will become the new name of the uploaded file (extension is not included). The fieldname and filename of the file will be available in this function, use them if you need to.
rename: function (fieldname, filename, req, res) {
return fieldname + filename + Date.now()
}
Note that req.body Warnings applies to this function.
Function to rename the directory in which to place uploaded files. The dest parameter is the default value originally assigned or passed into multer. The req and res parameters are also passed into the function because they may contain information (eg session data) needed to create the path (eg get userid from the session).
changeDest: function(dest, req, res) {
return dest + '/user1';
}
You might want to check that the subdirectory has been created. Here is a synchronous way to do it. The mkdirp module can be used to automatically create nested child directories.
changeDest: function(dest, req, res) {
dest += '/user1';
if (!fs.existsSync(dest)) fs.mkdirSync(dest);
return dest;
}
Note that req.body Warnings applies to this function.
Event handler triggered when a file starts to be uploaded. A file object, with the following properties, is available to this function: fieldname, originalname, name, encoding, mimetype, path, and extension.
onFileUploadStart: function (file, req, res) {
console.log(file.fieldname + ' is starting ...')
}
You can even stop a file from being uploaded - just return false from the event handler. The file won't be processed or reach the file system.
onFileUploadStart: function (file, req, res) {
if (file.originalname == 'virus.exe') return false;
}
Note that req.body Warnings applies to this function.
Event handler triggered when a chunk of buffer is received. A buffer object along with a file object is available to the function.
onFileUploadData: function (file, data, req, res) {
console.log(data.length + ' of ' + file.fieldname + ' arrived')
}
Note that req.body Warnings applies to this function.
Event handler trigger when a file is completely uploaded. A file object is available to the function.
onFileUploadComplete: function (file, req, res) {
console.log(file.fieldname + ' uploaded to ' + file.path)
}
Note that req.body Warnings applies to this function.
Event handler triggered when the form parsing starts.
onParseStart: function () {
console.log('Form parsing started at: ', new Date())
}
Event handler triggered when the form parsing completes. The request object and the next objects are are passed to the function.
onParseEnd: function (req, next) {
console.log('Form parsing completed at: ', new Date());
// usage example: custom body parse
req.body = require('qs').parse(req.body);
// call the next middleware
next();
}
Note: If you have created a onParseEnd event listener, you must manually call the next() function, else the request will be left hanging.
Event handler for any errors encountering while processing the form. The error object and the next object is available to the function. If you are handling errors yourself, make sure to terminate the request or call the next() function, else the request will be left hanging.
onError: function (error, next) {
console.log(error)
next(error)
}
Event handler triggered when a file size exceeds the specification in the limit object. No more files will be parsed after the limit is reached.
onFileSizeLimit: function (file) {
console.log('Failed: ', file.originalname)
fs.unlink('./' + file.path) // delete the partially written file
}
Event handler triggered when the number of files exceed the specification in the limit object. No more files will be parsed after the limit is reached.
onFilesLimit: function () {
console.log('Crossed file limit!')
}
Event handler triggered when the number of fields exceed the specification in the limit object. No more fields will be parsed after the limit is reached.
onFieldsLimit: function () {
console.log('Crossed fields limit!')
}
Event handler triggered when the number of parts exceed the specification in the limit object. No more files or fields will be parsed after the limit is reached.
onPartsLimit: function () {
console.log('Crossed parts limit!')
}
WARNING: req.body is fully parsed after file uploads have finished. Accessing req.body prematurely may cause errors. The req and res parameters are added to some functions to allow the developer to access properties other than req.body, such as session variables or socket.io objects. You have been forwarned! :)
FAQs
Middleware for handling `multipart/form-data`.
The npm package multer receives a total of 3,826,455 weekly downloads. As such, multer popularity was classified as popular.
We found that multer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A hospital in Mobile, Alabama, agreed to a settlement in a landmark ransomware death lawsuit, but is now reportedly reconsidering the agreement and refusing to pay.
Security News
A new report explores how advancements in LLMs are enhancing cyber threats, including polymorphic malware, personalized spearphishing, and the risk of hijacking customer service bots.
Security News
ESLint has approved an RFC that adds support for TypeScript configuration files, which is aimed at improving the developer experience and recognizing changes in the evolving JavaScript ecosystem.