Gathering detailed insights and metrics for express-xml-bodyparser
Gathering detailed insights and metrics for express-xml-bodyparser
Installations
npm install express-xml-bodyparserDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=0.10
Node Version
5.6.0
NPM Version
3.6.0
Score
99.4
Supply Chain
98.9
Quality
75.5
Maintenance
50
Vulnerability
99.6
License
Releases
5
Languages
1
JavaScript
JavaScript (100%)
Developer
macedigital
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
69 Stars
83 Commits
30 Forks
3 Watchers
2 Branches
6 Contributors
Updated on Jul 05, 2025
Maintainers
1
Package Meta Information
Latest Version
0.3.0
Package Id
express-xml-bodyparser@0.3.0
Size
4.91 kB
NPM Version
3.6.0
Node Version
5.6.0
Published on
Feb 15, 2016
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
express-xml-bodyparser
For those rare cases when you have to parse incoming raw xml-body requests. This middleware works with any connect- or express-based nodejs application.
Description
Admittedly, having to deal with XML data has become less common in recent years. Still, there are services and APIs using this format. The middleware is based on the connect-json middleware as a blueprint.
There is a similar xml bodyparser module available, but you might appreciate some notable differences:
- Custom configuration options how to deal with XML data.
- Attempt to parse data only once, even if middleware is called multiple times.
- Skip data parsing immediately if no req-body has been sent.
- Accept any XML-based content-type, e.g.
application/rss+xml - No dependency on coffeescript keeping dependencies to a minimum.
Installation
Utilize npm by typing npm install express-xml-bodyparser --save in your projects root folder and your good to go.
Configuration
You can pass configuration options into the XML parser middleware. They're exactly the same options you would use for xml2js, which this middleware relies on. For further details look at all available configuration options.
IMPORTANT: Currently, it is not advisable to operate xml2js in async=true mode. Unless you can absolutely trust input data (which you should not), certain types of invalid XML will throw uncaught exceptions.
See https://github.com/Leonidas-from-XIV/node-xml2js/issues/232 for progress on this issue. Until then, the default option is set to async=false.
Without specifying custom options, the middleware applies some opionated defaults meant to normalize the resulting json object properties. All whitespace in text nodes will be trimmed, property and tag names will be lowercased. The parser will always return node lists explicitly cast to Array.
NOTE: Custom options will be merged with aforementioned opionated defaults, so in case you want to use xml2js defaults, you will have to specify the following:
1var xml2jsDefaults = { 2 explicitArray: false, 3 normalize: false, 4 normalizeTags: false, 5 trim: true 6}
This change appeared in v0.1.0, older versions would merge options against xml2js's default options.
Usage
You can either use express-xml-bodyparser at application level, or for specific routes only.
Here is an example of an express application with default settings:
1var express = require('express'), 2 app = express(), 3 http = require('http'), 4 server = http.createServer(app), 5 xmlparser = require('express-xml-bodyparser'); 6 7// .. other middleware ... 8app.use(express.json()); 9app.use(express.urlencoded()); 10app.use(xmlparser()); 11// ... other middleware ... 12 13app.post('/receive-xml', function(req, res, next) { 14 15 // req.body contains the parsed xml 16 17}); 18 19server.listen(1337); 20
If you wanted to use express-xml-bodyparser for specific routes only, you would do something like this:
1app.post('/receive-xml', xmlparser({trim: false, explicitArray: false}), function(req, res, next) { 2 // check req.body 3});
Above example demonstrates how to pass custom options to the XML parser.
Customize mime-type detection
If you want to customize the regular expression that checks whether the xmlparser should do its work or not,
you can provide your own by overloading the xmlparser.regexp property, like so:
1var xmlparser = require('express-xml-bodyparser'); 2xmlparser.regexp = /^text\/xml$/i;
Doing so, will allow you to restrict XML parsing to custom mime-types only. Thanks to @ophentis for the suggestion. Just make sure your regular expression actually matches mime-types you're interested in. The feature is available since version v0.0.5.
IMPORTANT In versions v0.2.x custom regular expressions were ignored in mime-type parsing. The issue has been fixed in v0.3.0. If you need/rely on this feature, please upgrade to a newer version. Many thanks to @dirksen who discovered this issue.
Roadmap to v1.0.0
Lets start a discussion how to get to there (stable API).
Here are some thoughts:
- 100% align with body-parser's error and success handling when dealing with
req.bodyandreq.rawBody. - Possibly dropping support for connect altogether at one point?
- Deprecate mutating the
xmlparsermiddleware's mime-type regexp in favor of passing customizations into the options parameters (perfect if using route-middlewares). - Refactor to use node's StreamAPIv2 (in effect requiring nodejs >= v0.10.x).
- Require raw-body with added benefits of limiting request body size and setting charset-encoding based on request data.
Provide functional tests incorporating (any~~ version of) express.~~
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
8 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 7
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/macedigital/express-xml-bodyparser/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/macedigital/express-xml-bodyparser/node.js.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 3/28 approved changesets -- score normalized to 1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 5 are checked with a SAST tool
Score
4.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More