npm - milliparsec - Versions diffs - 4.0.0 → 5.0.0 - Mend

milliparsec 4.0.0 → 5.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -3,7 +3,6 @@
 <img src="logo.png" width="400px" />
 <br /><br />
-![Vulnerabilities][vulns-badge-url]
 [![Version][v-badge-url]][npm-url] [![Coverage][cov-img]][cov-url] [![Github actions][gh-actions-img]][github-actions] [![Downloads][dl-badge-url]][npm-url]
 </div>
@@ -15,8 +14,7 @@ Check out [deno-libs/parsec](https://github.com/deno-libs/parsec) for Deno port.
 ## Features
-- ⏩ built with `async` / `await`
-- 🛠 JSON / raw / urlencoded data support
+- 🛠 JSON / raw / urlencoded / multipart support
 - 📦 tiny package size (8KB dist size)
 - 🔥 no dependencies
 - ✨ [tinyhttp](https://github.com/tinyhttp/tinyhttp) and Express support
@@ -43,7 +41,7 @@ import { createServer } from 'node:http'
 import { json } from 'milliparsec'
 const server = createServer(async (req: ReqWithBody, res) => {
-  await json()(req, res, (err) => void err && console.log(err))
+  await json()(req, res, (err) => void err && res.end(err))
   res.setHeader('Content-Type', 'application/json')
@@ -51,67 +49,10 @@ const server = createServer(async (req: ReqWithBody, res) => {
 })
 ```
-### Web frameworks integration
-#### tinyhttp
-```ts
-import { App } from '@tinyhttp/app'
-import { urlencoded } from 'milliparsec'
-new App()
-  .use(urlencoded())
-  .post('/', (req, res) => void res.send(req.body))
-  .listen(3000, () => console.log(`Started on http://localhost:3000`))
-```
-## API
-### `raw(req, res, cb)`
-Minimal body parsing without any formatting.
-### `text(req, res, cb)`
-Converts request body to string.
-### `urlencoded(req, res, cb)`
-Parses request body using `new URLSearchParams`.
-### `json(req, res, cb)`
-Parses request body using `JSON.parse`.
-### `multipart(req, res, cb)`
-Parses request body using `multipart/form-data` content type and boundary. Supports files as well.
-```js
-// curl -F "textfield=textfield" -F "someother=textfield with text" localhost:3000
-await multipart()(req, res, (err) => void err && console.log(err))
-res.end(req.body) // { textfield: "textfield", someother: "textfield with text" }
-```
-### `custom(fn)(req, res, cb)`
-Custom function for `parsec`.
-```js
-// curl -d "this text must be uppercased" localhost:3000
-await custom(
-  req,
-  (d) => d.toUpperCase(),
-  (err) => {}
-)
-res.end(req.body) // "THIS TEXT MUST BE UPPERCASED"
-```
 ### What is "parsec"?
 The parsec is a unit of length used to measure large distances to astronomical objects outside the Solar System.
-[vulns-badge-url]: https://img.shields.io/snyk/vulnerabilities/npm/milliparsec.svg?style=for-the-badge&color=25608B&label=vulns
 [v-badge-url]: https://img.shields.io/npm/v/milliparsec.svg?style=for-the-badge&color=25608B&logo=npm&label=
 [npm-url]: https://www.npmjs.com/package/milliparsec
 [dl-badge-url]: https://img.shields.io/npm/dt/milliparsec?style=for-the-badge&color=25608B

package/dist/index.d.ts CHANGED Viewed

@@ -1,15 +1,71 @@
-import type { EventEmitter } from 'node:events';
+import { Buffer } from 'node:buffer';
 import type { IncomingMessage, ServerResponse as Response } from 'node:http';
 type NextFunction = (err?: any) => void;
+/**
+ * Request extension with a body
+ */
 export type ReqWithBody<T = any> = IncomingMessage & {
     body?: T;
-} & EventEmitter;
+};
 export declare const hasBody: (method: string) => boolean;
-export declare const p: <T = any>(fn: (body: any) => any) => (req: ReqWithBody<T>, _res: Response, next: (err?: any) => void) => Promise<any>;
-declare const custom: <T = any>(fn: (body: any) => any) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const json: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
-declare const raw: () => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const text: () => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
-declare const urlencoded: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
-declare const multipart: () => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
+export type LimitErrorFn = (limit: number) => Error;
+export type ParserOptions = Partial<{
+    /**
+     * Limit payload size (in bytes)
+     * @default '100KB'
+     */
+    payloadLimit: number;
+    /**
+     * Custom error function for payload limit
+     */
+    payloadLimitErrorFn: LimitErrorFn;
+}>;
+export declare const p: <T = any>(fn: (body: Buffer) => void, payloadLimit?: number, payloadLimitErrorFn?: LimitErrorFn) => (req: ReqWithBody<T>, _res: Response, next: (err?: any) => void) => Promise<void>;
+/**
+ * Parse payload with a custom function
+ * @param fn
+ */
+declare const custom: <T = any>(fn: (body: Buffer) => any) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Parse JSON payload
+ * @param options
+ */
+declare const json: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Parse raw payload
+ * @param options
+ */
+declare const raw: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Stringify request payload
+ * @param param0
+ * @returns
+ */
+declare const text: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
+/**
+ * Parse urlencoded payload
+ * @param options
+ */
+declare const urlencoded: ({ payloadLimit, payloadLimitErrorFn }?: ParserOptions) => (req: ReqWithBody, _res: Response, next: NextFunction) => Promise<void>;
+type MultipartOptions = Partial<{
+    /**
+     * Limit number of files
+     */
+    fileCountLimit: number;
+    /**
+     * Limit file size (in bytes)
+     */
+    fileSizeLimit: number;
+    /**
+     * Custom error function for file size limit
+     */
+    fileSizeLimitErrorFn: LimitErrorFn;
+}>;
+/**
+ * Parse multipart form data (supports files as well)
+ *
+ * Does not restrict total payload size by default.
+ * @param options
+ */
+declare const multipart: ({ payloadLimit, payloadLimitErrorFn, ...opts }?: MultipartOptions & ParserOptions) => (req: ReqWithBody, res: Response, next: NextFunction) => Promise<void>;
 export { custom, json, raw, text, urlencoded, multipart };

package/dist/index.js CHANGED Viewed

@@ -1,50 +1,77 @@
+import { Buffer } from 'node:buffer';
 export const hasBody = (method) => ['POST', 'PUT', 'PATCH', 'DELETE'].includes(method);
-export const p = (fn) => async (req, _res, next) => {
+const defaultPayloadLimit = 102400; // 100KB
+const defaultErrorFn = (payloadLimit) => new Error(`Payload too large. Limit: ${payloadLimit} bytes`);
+// Main function
+export const p = (fn, payloadLimit = defaultPayloadLimit, payloadLimitErrorFn = defaultErrorFn) => async (req, _res, next) => {
     try {
-        let body = '';
-        for await (const chunk of req)
-            body += chunk;
-        return fn(body);
+        const body = [];
+        for await (const chunk of req) {
+            const totalSize = body.reduce((total, buffer) => total + buffer.byteLength, 0);
+            if (totalSize > payloadLimit)
+                throw payloadLimitErrorFn(payloadLimit);
+            body.push(chunk);
+        }
+        return fn(Buffer.concat(body));
     }
     catch (e) {
         next(e);
     }
 };
+/**
+ * Parse payload with a custom function
+ * @param fn
+ */
 const custom = (fn) => async (req, _res, next) => {
-    req.body = await p(fn)(req, _res, next);
+    if (hasBody(req.method))
+        req.body = await p(fn)(req, _res, next);
     next();
 };
-const json = () => async (req, res, next) => {
+/**
+ * Parse JSON payload
+ * @param options
+ */
+const json = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => (x ? JSON.parse(x.toString()) : {}))(req, res, next);
-        next();
+        req.body = await p((x) => {
+            const str = td.decode(x);
+            return str ? JSON.parse(str) : {};
+        }, payloadLimit, payloadLimitErrorFn)(req, res, next);
     }
     else
         next();
 };
-const raw = () => async (req, _res, next) => {
+/**
+ * Parse raw payload
+ * @param options
+ */
+const raw = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => x)(req, _res, next);
-        next();
+        req.body = await p((x) => x, payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
     else
         next();
 };
-const text = () => async (req, _res, next) => {
+const td = new TextDecoder();
+/**
+ * Stringify request payload
+ * @param param0
+ * @returns
+ */
+const text = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => x.toString())(req, _res, next);
-        next();
+        req.body = await p((x) => td.decode(x), payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
     else
         next();
 };
-const urlencoded = () => async (req, res, next) => {
+/**
+ * Parse urlencoded payload
+ * @param options
+ */
+const urlencoded = ({ payloadLimit, payloadLimitErrorFn } = {}) => async (req, _res, next) => {
     if (hasBody(req.method)) {
-        req.body = await p((x) => {
-            const urlSearchParam = new URLSearchParams(x.toString());
-            return Object.fromEntries(urlSearchParam.entries());
-        })(req, res, next);
-        next();
+        req.body = await p((x) => Object.fromEntries(new URLSearchParams(x.toString()).entries()), payloadLimit, payloadLimitErrorFn)(req, _res, next);
     }
     else
         next();
@@ -53,33 +80,48 @@ const getBoundary = (contentType) => {
     const match = /boundary=(.+);?/.exec(contentType);
     return match ? `--${match[1]}` : null;
 };
-const parseMultipart = (body, boundary) => {
+const defaultFileSizeLimitErrorFn = (limit) => new Error(`File too large. Limit: ${limit} bytes`);
+const defaultFileSizeLimit = 200 * 1024 * 1024;
+const parseMultipart = (body, boundary, { fileCountLimit, fileSizeLimit = defaultFileSizeLimit, fileSizeLimitErrorFn = defaultFileSizeLimitErrorFn }) => {
     const parts = body.split(new RegExp(`${boundary}(--)?`)).filter((part) => !!part && /content-disposition/i.test(part));
     const parsedBody = {};
-    parts.map((part) => {
+    if (fileCountLimit && parts.length > fileCountLimit)
+        throw new Error(`Too many files. Limit: ${fileCountLimit}`);
+    // biome-ignore lint/complexity/noForEach: for...of fails
+    parts.forEach((part) => {
         const [headers, ...lines] = part.split('\r\n').filter((part) => !!part);
         const data = lines.join('\r\n').trim();
+        if (data.length > fileSizeLimit)
+            throw fileSizeLimitErrorFn(fileSizeLimit);
+        // Extract the name and filename from the headers
         const name = /name="(.+?)"/.exec(headers)[1];
         const filename = /filename="(.+?)"/.exec(headers);
         if (filename) {
             const contentTypeMatch = /Content-Type: (.+)/i.exec(data);
             const fileContent = data.slice(contentTypeMatch[0].length + 2);
-            return Object.assign(parsedBody, {
-                [name]: new File([fileContent], filename[1], { type: contentTypeMatch[1] })
-            });
+            const file = new File([fileContent], filename[1], { type: contentTypeMatch[1] });
+            parsedBody[name] = parsedBody[name] ? [...parsedBody[name], file] : [file];
+            return;
         }
-        return Object.assign(parsedBody, { [name]: data });
+        parsedBody[name] = parsedBody[name] ? [...parsedBody[name], data] : [data];
+        return;
     });
     return parsedBody;
 };
-const multipart = () => async (req, res, next) => {
+/**
+ * Parse multipart form data (supports files as well)
+ *
+ * Does not restrict total payload size by default.
+ * @param options
+ */
+const multipart = ({ payloadLimit = Number.POSITIVE_INFINITY, payloadLimitErrorFn, ...opts } = {}) => async (req, res, next) => {
     if (hasBody(req.method)) {
         req.body = await p((x) => {
             const boundary = getBoundary(req.headers['content-type']);
             if (boundary)
-                return parseMultipart(x, boundary);
-        })(req, res, next);
-        next();
+                return parseMultipart(td.decode(x), boundary, opts);
+            return {};
+        }, payloadLimit, payloadLimitErrorFn)(req, res, next);
     }
     else
         next();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "milliparsec",
-  "version": "4.0.0",
+  "version": "5.0.0",
   "description": "tiniest body parser in the universe",
   "repository": {
     "type": "git",
@@ -21,13 +21,12 @@
   },
   "exports": "./dist/index.js",
   "devDependencies": {
-    "@biomejs/biome": "1.8.3",
-    "@types/node": "^20.14.9",
+    "@biomejs/biome": "1.9.3",
+    "@types/node": "^22.7.4",
     "c8": "10.1.2",
     "supertest-fetch": "^2.0.0",
-    "tsm": "^2.3.0",
-    "typescript": "^5.5.3",
-    "uvu": "^0.5.6"
+    "tsx": "^4.19.1",
+    "typescript": "^5.6.2"
   },
   "files": [
     "dist"
@@ -36,7 +35,7 @@
     "provenance": true
   },
   "scripts": {
-    "test": "uvu -r tsm",
+    "test": "tsx --test test.ts",
     "test:coverage": "c8 --include=src pnpm test",
     "test:report": "c8 report --reporter=text-lcov > coverage.lcov",
     "build": "tsc -p tsconfig.build.json"