Gathering detailed insights and metrics for koa-xml-body
Gathering detailed insights and metrics for koa-xml-body
Installations
npm install koa-xml-bodyDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 14.0
Node Version
16.13.0
NPM Version
8.1.0
Score
73.5
Supply Chain
88
Quality
72.9
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
creeperyang
Download Statistics
Total Downloads
732,993
Last Day
34
Last Week
2,292
Last Month
8,290
Last Year
101,973
GitHub Statistics
MIT License
39 Stars
55 Commits
7 Forks
2 Watchers
4 Branches
3 Contributors
Updated on Dec 10, 2024
Bundle Size
365.62 kB
Minified
177.24 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
3.0.0
Package Id
koa-xml-body@3.0.0
Unpacked Size
17.00 kB
Size
4.92 kB
File Count
9
NPM Version
8.1.0
Node Version
16.13.0
Published on
Jun 15, 2023
Total Downloads
Cumulative downloads
Total Downloads
732,993
Last Day
-71.9%
34
Compared to previous day
Last Week
22.4%
2,292
Compared to previous week
Last Month
-6.9%
8,290
Compared to previous month
Last Year
-15.3%
101,973
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
koa-xml-body
Parse xml request body for Koa
Install
Usage
1const koa = require('koa') 2const xmlParser = require('koa-xml-body') 3 4const app = koa() 5app.use(xmlParser()) 6 7app.use(function(ctx, next) { 8 // the parsed body will store in this.request.body 9 // if nothing was parsed, body will be undefined 10 ctx.body = ctx.request.body 11 return next() 12})
koa-xml-body will carefully check and set context.request.body, so it can intergate well with other body parsers such as koa-bodyparser:
1// ... 2const bodyParser = require('koa-bodyparser') 3 4// ... 5app.use(xmlParser()) 6app.use(bodyParser())
Note:
- For
koa@2.x, use version2.xor3.x; - For
koa@1.x, usekoa-xml-body@1.x.
Options
- encoding: requested encoding. Default is
utf8. If not set, the lib will retrive it fromcontent-type(such ascontent-type:application/xml;charset=gb2312). - limit: limit of the body. If the body ends up being larger than this limit, a 413 error code is returned. Default is
1mb. - length: length of the body. When
content-lengthis found, it will be overwritten automatically. - onerror: error handler. Default is a
None. It means it will throws the error. You can config it to customize the response. - xmlOptions: options which will be used to parse xml. Default is
{}. Seexml2js Optionsfor details. - key: A chance to redefine what the property name to use instead of the default
body (ctx.request.body).
1app.use(xmlParser({
2 limit: 128,
3 encoding: 'utf8', // lib will detect it from `content-type`
4 xmlOptions: {
5 explicitArray: false
6 },
7 key: 'xmlBody', // lib will check ctx.request.xmlBody & set parsed data to it.
8 onerror: (err, ctx) => {
9 console.error(err);
10 ctx.throw(err.status, err.message);
11 }
12}))Licences
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 2/8 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/creeperyang/koa-xml-body/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/creeperyang/koa-xml-body/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:27
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:29
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Reason
10 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
2.7
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More