You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 7-8.RSVP
Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Get and validate the raw body of a readable stream.

Version published

Package description

What is raw-body?

The raw-body npm package is used to obtain the raw body of an incoming stream and supports decoding, parsing, and handling of different encodings. It is commonly used in the context of HTTP server handling, where it can be used to read and parse request bodies before they are processed by request handlers or middleware.

What are raw-body's main functionalities?

Getting raw body from a stream

This code creates an HTTP server that uses raw-body to read the request body as a string. It takes into account the content length and encoding specified in the request headers.

const http = require('http');
const getRawBody = require('raw-body');

http.createServer((req, res) => {
  getRawBody(req, {
    length: req.headers['content-length'],
    encoding: 'utf8'
  }, function (err, string) {
    if (err) return res.end('Error');
    res.end('Received: ' + string);

Handling different encodings

This code demonstrates how to use raw-body to handle different text encodings by specifying the encoding option. The promise interface is used for asynchronous handling.

const getRawBody = require('raw-body');

function handleRequest(req) {
  return getRawBody(req, {
    encoding: 'utf8'
  }).then(body => {
    // body is now a string in utf8 encoding
  }).catch(err => {
    // handle error

Limiting body size

This code shows how to limit the size of the request body using raw-body by setting a limit option, which can help prevent denial of service attacks or other resource exhaustion issues.

const getRawBody = require('raw-body');

function handleRequest(req) {
  return getRawBody(req, {
    limit: '1mb'
  }).then(body => {
    // body will not be larger than 1mb
  }).catch(err => {
    // handle error if body is too large

Other packages similar to raw-body




NPM Version NPM Downloads Node.js Version Build status Test coverage

Gets the entire buffer of a stream either as a Buffer or a string. Validates the stream's length against an expected length and maximum limit. Ideal for parsing request bodies.


This is a Node.js module available through the npm registry. Installation is done using the npm install command:

$ npm install raw-body


This module includes a TypeScript declaration file to enable auto complete in compatible editors and type information for TypeScript projects. This module depends on the Node.js types, so install @types/node:

$ npm install @types/node


var getRawBody = require('raw-body')

getRawBody(stream, [options], [callback])

Returns a promise if no callback specified and global Promise exists.


  • length - The length of the stream. If the contents of the stream do not add up to this length, an 400 error code is returned.
  • limit - The byte limit of the body. This is the number of bytes or any string format supported by bytes, for example 1000, '500kb' or '3mb'. If the body ends up being larger than this limit, a 413 error code is returned.
  • encoding - The encoding to use to decode the body into a string. By default, a Buffer instance will be returned when no encoding is specified. Most likely, you want utf-8, so setting encoding to true will decode as utf-8. You can use any type of encoding supported by iconv-lite.

You can also pass a string in place of options to just specify the encoding.

If an error occurs, the stream will be paused, everything unpiped, and you are responsible for correctly disposing the stream. For HTTP requests, you may need to finish consuming the stream if you want to keep the socket open for future requests. For streams that use file descriptors, you should stream.destroy() or stream.close() to prevent leaks.


This module creates errors depending on the error condition during reading. The error may be an error from the underlying Node.js implementation, but is otherwise an error created by this module, which has the following attributes:

  • limit - the limit in bytes
  • length and expected - the expected length of the stream
  • received - the received bytes
  • encoding - the invalid encoding
  • status and statusCode - the corresponding status code for the error
  • type - the error type


The errors from this module have a type property which allows for the programmatic determination of the type of error returned.


This error will occur when the encoding option is specified, but the value does not map to an encoding supported by the iconv-lite module.


This error will occur when the limit option is specified, but the stream has an entity that is larger.


This error will occur when the request stream is aborted by the client before reading the body has finished.


This error will occur when the length option is specified, but the stream has emitted more bytes.


This error will occur when the given stream has an encoding set on it, making it a decoded stream. The stream should not have an encoding set and is expected to emit Buffer objects.


This error will occur when the given stream is not readable.


Simple Express example

var contentType = require('content-type')
var express = require('express')
var getRawBody = require('raw-body')

var app = express()

app.use(function (req, res, next) {
  getRawBody(req, {
    length: req.headers['content-length'],
    limit: '1mb',
    encoding: contentType.parse(req).parameters.charset
  }, function (err, string) {
    if (err) return next(err)
    req.text = string

// now access req.text

Simple Koa example

var contentType = require('content-type')
var getRawBody = require('raw-body')
var koa = require('koa')

var app = koa()

app.use(function * (next) {
  this.text = yield getRawBody(this.req, {
    length: this.req.headers['content-length'],
    limit: '1mb',
    encoding: contentType.parse(this.req).parameters.charset
  yield next

// now access this.text

Using as a promise

To use this library as a promise, simply omit the callback and a promise is returned, provided that a global Promise is defined.

var getRawBody = require('raw-body')
var http = require('http')

var server = http.createServer(function (req, res) {
    .then(function (buf) {
      res.statusCode = 200
      res.end(buf.length + ' bytes submitted')
    .catch(function (err) {
      res.statusCode = 500


Using with TypeScript

import * as getRawBody from 'raw-body';
import * as http from 'http';

const server = http.createServer((req, res) => {
  .then((buf) => {
    res.statusCode = 200;
    res.end(buf.length + ' bytes submitted');
  .catch((err) => {
    res.statusCode = err.statusCode;





Package last updated on 21 Feb 2023

Did you know?


Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog


Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc