Installations

npm install busboy

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=10.16.0

Node Version

10.22.1

NPM Version

6.14.6 Score

99.6

Supply Chain

99.6

Quality

76

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

14

Total

82

Closed

59

Merged

9

Issues

Open

22

Total

288

Closed

266

Releases

Unable to fetch releases

Contributors

16

Unable to fetch Contributors

View All 16 Contributors

Languages

1

JavaScript

JavaScript (100%)

validate.email 🚀

Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.

Developer

mscdex

Download Statistics

Total Downloads

1,924,684,418

Last Day

3,077,825

Last Week

16,122,235

Last Month

69,023,875

Last Year

653,388,058

GitHub Statistics

MIT License

2,904 Stars

201 Commits

213 Forks

44 Watchers

1 Branches

16 Contributors

Updated on Mar 09, 2025

Bundle Size

22.93 kB

Minified

5.16 kB

Minified + Gzipped

Bundlephobia

Maintainers

1

Package Meta Information

Latest Version

1.6.0

Package Id

busboy@1.6.0

Unpacked Size

121.48 kB

Size

19.67 kB

File Count

29

NPM Version

6.14.6

Node Version

10.22.1

Total Downloads

Cumulative downloads

Total Downloads

1,924,684,418

Last Day

5.7%

3,077,825

Compared to previous day

Last Week

1.6%

16,122,235

Compared to previous week

Last Month

12.2%

69,023,875

Compared to previous month

Last Year

29.7%

653,388,058

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

1

streamsearch

Dev Dependencies

2

@mscdex/eslint-config eslint

Description

A node.js module for parsing incoming HTML form data.

Changes (breaking or otherwise) in v1.0.0 can be found here.

Requirements

node.js -- v10.16.0 or newer

Install

npm install busboy

Examples

Parsing (multipart) with default options:

1const http = require('http');
2
3const busboy = require('busboy');
4
5http.createServer((req, res) => {
6  if (req.method === 'POST') {
7    console.log('POST request');
8    const bb = busboy({ headers: req.headers });
9    bb.on('file', (name, file, info) => {
10      const { filename, encoding, mimeType } = info;
11      console.log(
12        `File [${name}]: filename: %j, encoding: %j, mimeType: %j`,
13        filename,
14        encoding,
15        mimeType
16      );
17      file.on('data', (data) => {
18        console.log(`File [${name}] got ${data.length} bytes`);
19      }).on('close', () => {
20        console.log(`File [${name}] done`);
21      });
22    });
23    bb.on('field', (name, val, info) => {
24      console.log(`Field [${name}]: value: %j`, val);
25    });
26    bb.on('close', () => {
27      console.log('Done parsing form!');
28      res.writeHead(303, { Connection: 'close', Location: '/' });
29      res.end();
30    });
31    req.pipe(bb);
32  } else if (req.method === 'GET') {
33    res.writeHead(200, { Connection: 'close' });
34    res.end(`
35      <html>
36        <head></head>
37        <body>
38          <form method="POST" enctype="multipart/form-data">
39            <input type="file" name="filefield"><br />
40            <input type="text" name="textfield"><br />
41            <input type="submit">
42          </form>
43        </body>
44      </html>
45    `);
46  }
47}).listen(8000, () => {
48  console.log('Listening for requests');
49});
50
51// Example output:
52//
53// Listening for requests
54//   < ... form submitted ... >
55// POST request
56// File [filefield]: filename: "logo.jpg", encoding: "binary", mime: "image/jpeg"
57// File [filefield] got 11912 bytes
58// Field [textfield]: value: "testing! :-)"
59// File [filefield] done
60// Done parsing form!

Save all incoming files to disk:

1const { randomFillSync } = require('crypto');
2const fs = require('fs');
3const http = require('http');
4const os = require('os');
5const path = require('path');
6
7const busboy = require('busboy');
8
9const random = (() => {
10  const buf = Buffer.alloc(16);
11  return () => randomFillSync(buf).toString('hex');
12})();
13
14http.createServer((req, res) => {
15  if (req.method === 'POST') {
16    const bb = busboy({ headers: req.headers });
17    bb.on('file', (name, file, info) => {
18      const saveTo = path.join(os.tmpdir(), `busboy-upload-${random()}`);
19      file.pipe(fs.createWriteStream(saveTo));
20    });
21    bb.on('close', () => {
22      res.writeHead(200, { 'Connection': 'close' });
23      res.end(`That's all folks!`);
24    });
25    req.pipe(bb);
26    return;
27  }
28  res.writeHead(404);
29  res.end();
30}).listen(8000, () => {
31  console.log('Listening for requests');
32});

API

Exports

busboy exports a single function:

( function )(< object >config) - Creates and returns a new Writable form parser stream.

Valid config properties:
- headers - object - These are the HTTP headers of the incoming request, which are used by individual parsers.
- highWaterMark - integer - highWaterMark to use for the parser stream. Default: node's stream.Writable default.
- fileHwm - integer - highWaterMark to use for individual file streams. Default: node's stream.Readable default.
- defCharset - string - Default character set to use when one isn't defined. Default: 'utf8'.
- defParamCharset - string - For multipart forms, the default character set to use for values of part header parameters (e.g. filename) that are not extended parameters (that contain an explicit charset). Default: 'latin1'.
- preservePath - boolean - If paths in filenames from file parts in a 'multipart/form-data' request shall be preserved. Default: false.
- limits - object - Various limits on incoming data. Valid properties are:
  - fieldNameSize - integer - Max field name size (in bytes). Default: 100.
  - fieldSize - integer - Max field value size (in bytes). Default: 1048576 (1MB).
  - fields - integer - Max number of non-file fields. Default: Infinity.
  - fileSize - integer - For multipart forms, the max file size (in bytes). Default: Infinity.
  - files - integer - For multipart forms, the max number of file fields. Default: Infinity.
  - parts - integer - For multipart forms, the max number of parts (fields + files). Default: Infinity.
  - headerPairs - integer - For multipart forms, the max number of header key-value pairs to parse. Default: 2000 (same as node's http module).

This function can throw exceptions if there is something wrong with the values in config. For example, if the Content-Type in headers is missing entirely, is not a supported type, or is missing the boundary for 'multipart/form-data' requests.

(Special) Parser stream events

file(< string >name, < Readable >stream, < object >info) - Emitted for each new file found. name contains the form field name. stream is a Readable stream containing the file's data. No transformations/conversions (e.g. base64 to raw binary) are done on the file's data. info contains the following properties:
- filename - string - If supplied, this contains the file's filename. WARNING: You should almost never use this value as-is (especially if you are using preservePath: true in your config) as it could contain malicious input. You are better off generating your own (safe) filenames, or at the very least using a hash of the filename.
- encoding - string - The file's 'Content-Transfer-Encoding' value.
- mimeType - string - The file's 'Content-Type' value.
Note: If you listen for this event, you should always consume the stream whether you care about its contents or not (you can simply do stream.resume(); if you want to discard/skip the contents), otherwise the 'finish'/'close' event will never fire on the busboy parser stream. However, if you aren't accepting files, you can either simply not listen for the 'file' event at all or set limits.files to 0, and any/all files will be automatically skipped (these skipped files will still count towards any configured limits.files and limits.parts limits though).

Note: If a configured limits.fileSize limit was reached for a file, stream will both have a boolean property truncated set to true (best checked at the end of the stream) and emit a 'limit' event to notify you when this happens.
field(< string >name, < string >value, < object >info) - Emitted for each new non-file field found. name contains the form field name. value contains the string value of the field. info contains the following properties:
- nameTruncated - boolean - Whether name was truncated or not (due to a configured limits.fieldNameSize limit)
- valueTruncated - boolean - Whether value was truncated or not (due to a configured limits.fieldSize limit)
- encoding - string - The field's 'Content-Transfer-Encoding' value.
- mimeType - string - The field's 'Content-Type' value.
partsLimit() - Emitted when the configured limits.parts limit has been reached. No more 'file' or 'field' events will be emitted.
filesLimit() - Emitted when the configured limits.files limit has been reached. No more 'file' events will be emitted.
fieldsLimit() - Emitted when the configured limits.fields limit has been reached. No more 'field' events will be emitted.

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

1

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

SAST

Determines if the project uses static code analysis.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

Score

3.5

/10

Last Scanned on 2025-03-03

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to busboy

busboy

Installations

Developer Guide

No

CommonJS

>=10.16.0

10.22.1

6.14.6

Score

Pull Requests

14

82

59

9

Issues

22

288

266

Releases

Unable to fetch releases

Contributors

Unable to fetch Contributors

Languages

validate.email 🚀

Developer

mscdex

Download Statistics

GitHub Statistics

Bundle Size

22.93 kB

5.16 kB

Maintainers

Package Meta Information

Total Downloads

1,924,684,418

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

Dev Dependencies

Description

Requirements

Install

Examples

API

Exports

(Special) Parser stream events

10

10

10

10

1

0

0

0

0

0

0

0

0

3.5

/10