multiparty
Advanced tools
The multiparty npm package is a node.js module for parsing multipart/form-data, which is primarily used for handling file uploads. It can parse incoming request bodies in a middleware-like fashion, making it easier to handle file uploads and form data in web applications.
Parsing Form Data
This feature allows you to parse form data from a POST request. The code sample demonstrates how to create an HTTP server that listens for POST requests, parses the form data using multiparty, and responds with the parsed fields and files in JSON format.
const multiparty = require('multiparty');
const http = require('http');
http.createServer((req, res) => {
if (req.method === 'POST') {
const form = new multiparty.Form();
form.parse(req, (err, fields, files) => {
if (err) {
res.writeHead(500, { 'Content-Type': 'text/plain' });
res.end('Error parsing form data');
return;
}
res.writeHead(200, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ fields, files }));
});
} else {
res.writeHead(405, { 'Content-Type': 'text/plain' });
res.end('Method Not Allowed');
}
}).listen(8080);Handling File Uploads
This feature allows you to handle file uploads. The code sample demonstrates how to create an HTTP server that listens for POST requests, parses the uploaded file using multiparty, and saves it to a specified directory.
const multiparty = require('multiparty');
const http = require('http');
const fs = require('fs');
http.createServer((req, res) => {
if (req.method === 'POST') {
const form = new multiparty.Form();
form.parse(req, (err, fields, files) => {
if (err) {
res.writeHead(500, { 'Content-Type': 'text/plain' });
res.end('Error parsing form data');
return;
}
const file = files.upload[0];
const tempPath = file.path;
const targetPath = './uploads/' + file.originalFilename;
fs.rename(tempPath, targetPath, (err) => {
if (err) {
res.writeHead(500, { 'Content-Type': 'text/plain' });
res.end('Error saving file');
return;
}
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('File uploaded successfully');
});
});
} else {
res.writeHead(405, { 'Content-Type': 'text/plain' });
res.end('Method Not Allowed');
}
}).listen(8080);Formidable is another Node.js module for parsing form data, especially file uploads. It is similar to multiparty in functionality but is known for its performance and simplicity. Formidable provides a more straightforward API for handling file uploads and form data parsing.
Busboy is a Node.js module for parsing incoming HTML form data. It is built on streams and is highly efficient for handling large file uploads. Compared to multiparty, Busboy is more performant and is often preferred for high-performance applications.
Multer is a middleware for handling multipart/form-data, which is primarily used for uploading files. It is built on top of Busboy and provides an easy-to-use API for handling file uploads in Express applications. Multer is more feature-rich and integrates seamlessly with Express, making it a popular choice for Express-based applications.
Parse http requests with content-type multipart/form-data, also known as file uploads.
See also busboy - a faster alternative which may be worth looking into.
This is a Node.js module available through the
npm registry. Installation is done using the
npm install command:
npm install multiparty
Parse an incoming multipart/form-data request.
var multiparty = require('multiparty');
var http = require('http');
var util = require('util');
http.createServer(function(req, res) {
if (req.url === '/upload' && req.method === 'POST') {
// parse a file upload
var form = new multiparty.Form();
form.parse(req, function(err, fields, files) {
res.writeHead(200, { 'content-type': 'text/plain' });
res.write('received upload:\n\n');
res.end(util.inspect({ fields: fields, files: files }));
});
return;
}
// show a file upload form
res.writeHead(200, { 'content-type': 'text/html' });
res.end(
'<form action="/upload" enctype="multipart/form-data" method="post">'+
'<input type="text" name="title"><br>'+
'<input type="file" name="upload" multiple="multiple"><br>'+
'<input type="submit" value="Upload">'+
'</form>'
);
}).listen(8080);
var form = new multiparty.Form(options)
Creates a new form. Options:
encoding - sets encoding for the incoming form fields. Defaults to utf8.maxFieldsSize - Limits the amount of memory all fields (not files) can
allocate in bytes. If this value is exceeded, an error event is emitted.
The default size is 2MB.maxFields - Limits the number of fields that will be parsed before
emitting an error event. A file counts as a field in this case.
Defaults to 1000.maxFilesSize - Only relevant when autoFiles is true. Limits the
total bytes accepted for all files combined. If this value is exceeded,
an error event is emitted. The default is Infinity.autoFields - Enables field events and disables part events for fields.
This is automatically set to true if you add a field listener.autoFiles - Enables file events and disables part events for files.
This is automatically set to true if you add a file listener.uploadDir - Only relevant when autoFiles is true. The directory for
placing file uploads in. You can move them later using fs.rename().
Defaults to os.tmpdir().Parses an incoming node.js request containing form data.This will cause
form to emit events based off the incoming request.
var count = 0;
var form = new multiparty.Form();
// Errors may be emitted
// Note that if you are listening to 'part' events, the same error may be
// emitted from the `form` and the `part`.
form.on('error', function(err) {
console.log('Error parsing form: ' + err.stack);
});
// Parts are emitted when parsing the form
form.on('part', function(part) {
// You *must* act on the part by reading it
// NOTE: if you want to ignore it, just call "part.resume()"
if (part.filename === undefined) {
// filename is not defined when this is a field and not a file
console.log('got field named ' + part.name);
// ignore field's content
part.resume();
}
if (part.filename !== undefined) {
// filename is defined when this is a file
count++;
console.log('got file named ' + part.name);
// ignore file's content here
part.resume();
}
part.on('error', function(err) {
// decide what to do
});
});
// Close emitted after form parsed
form.on('close', function() {
console.log('Upload completed!');
res.setHeader('text/plain');
res.end('Received ' + count + ' files');
});
// Parse req
form.parse(req);
If cb is provided, autoFields and autoFiles are set to true and all
fields and files are collected and passed to the callback, removing the need to
listen to any events on form. This is for convenience when you want to read
everything, but be sure to write cleanup code, as this will write all uploaded
files to the disk, even ones you may not be interested in.
form.parse(req, function(err, fields, files) {
Object.keys(fields).forEach(function(name) {
console.log('got field named ' + name);
});
Object.keys(files).forEach(function(name) {
console.log('got file named ' + name);
});
console.log('Upload completed!');
res.setHeader('text/plain');
res.end('Received ' + files.length + ' files');
});
fields is an object where the property names are field names and the values
are arrays of field values.
files is an object where the property names are field names and the values
are arrays of file objects.
The amount of bytes received for this form so far.
The expected number of bytes in this form.
Unless you supply a callback to form.parse, you definitely want to handle
this event. Otherwise your server will crash when users submit bogus
multipart requests!
Only one 'error' event can ever be emitted, and if an 'error' event is emitted, then 'close' will not be emitted.
If the error would correspond to a certain HTTP response code, the err object
will have a statusCode property with the value of the suggested HTTP response
code to send back.
Note that an 'error' event will be emitted both from the form and from the
current part.
Emitted when a part is encountered in the request. part is a
ReadableStream. It also has the following properties:
headers - the headers for this part. For example, you may be interested
in content-type.name - the field name for this partfilename - only if the part is an incoming filebyteOffset - the byte offset of this part in the request bodybyteCount - assuming that this is the last part in the request,
this is the size of this part in bytes. You could use this, for
example, to set the Content-Length header if uploading to S3.
If the part had a Content-Length header then that value is used
here instead.Parts for fields are not emitted when autoFields is on, and likewise parts
for files are not emitted when autoFiles is on.
part emits 'error' events! Make sure you handle them.
Emitted when the request is aborted. This event will be followed shortly
by an error event. In practice you do not need to handle this event.
Emitted when a chunk of data is received for the form. The bytesReceived
argument contains the total count of bytes received for this form so far. The
bytesExpected argument contains the total expected bytes if known, otherwise
null.
Emitted after all parts have been parsed and emitted. Not emitted if an error
event is emitted.
If you have autoFiles on, this is not fired until all the data has been
flushed to disk and the file handles have been closed.
This is typically when you would send your response.
By default multiparty will not touch your hard drive. But if you add this
listener, multiparty automatically sets form.autoFiles to true and will
stream uploads to disk for you.
The max bytes accepted per request can be specified with maxFilesSize.
name - the field name for this filefile - an object with these properties:
fieldName - same as name - the field name for this fileoriginalFilename - the filename that the user reports for the filepath - the absolute path of the uploaded file on diskheaders - the HTTP headers that were sent along with this filesize - size of the file in bytesname - field namevalue - string field valueFAQs
multipart/form-data parser which supports streaming
The npm package multiparty receives a total of 349,040 weekly downloads. As such, multiparty popularity was classified as popular.
We found that multiparty demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.