{"id":10378,"library":"body-parser","title":"body-parser: Node.js Body Parsing Middleware","description":"body-parser is a Node.js middleware for parsing incoming request bodies, making them available under the `req.body` property in web frameworks like Express. It supports JSON, URL-encoded forms, raw buffers, and plain text, but explicitly does not handle multipart form data. The current stable version is 2.2.2, with active development and maintenance occurring across both the v1.x and v2.x major release lines.","status":"active","version":"2.2.2","language":"javascript","source_language":"en","source_url":"https://github.com/expressjs/body-parser","tags":["javascript"],"install":[{"cmd":"npm install body-parser","lang":"bash","label":"npm"},{"cmd":"yarn add body-parser","lang":"bash","label":"yarn"},{"cmd":"pnpm add body-parser","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"symbol":"bodyParser","correct":"const bodyParser = require('body-parser')"}],"quickstart":{"code":"import express from 'express';\nimport bodyParser from 'body-parser';\n\nconst app = express();\nconst port = process.env.PORT ?? 3000;\n\n// Middleware to parse JSON bodies\napp.use(bodyParser.json());\n\n// Middleware to parse URL-encoded bodies (e.g., from HTML forms)\n// 'extended: true' allows parsing of rich objects and arrays from URL-encoded data\napp.use(bodyParser.urlencoded({ extended: true }));\n\n// Example POST endpoint to receive data\napp.post('/api/data', (req, res) => {\n  console.log('Received body:', req.body);\n  // req.body contains the parsed data based on Content-Type\n  res.json({ message: 'Data received successfully!', data: req.body });\n});\n\n// Start the server\napp.listen(port, () => {\n  console.log(`Server listening on port ${port}`);\n});\n","lang":"typescript","description":"Demonstrates how to integrate `body-parser` into an Express application to parse incoming JSON and URL-encoded request bodies, making the parsed data available on `req.body`."},"warnings":[{"fix":"Ensure your Node.js environment is version 18 or higher, or continue using `body-parser` v1.x if you require older Node.js support.","message":"Version 2.0.0 elevated the minimum supported Node.js version to 18.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Replace `app.use(bodyParser())` with individual middleware calls for each desired body type, e.g., `app.use(bodyParser.json())` and `app.use(bodyParser.urlencoded({ extended: true }))`.","message":"The combined `bodyParser()` middleware was removed in v2.x. You must now explicitly use specific parsers like `bodyParser.json()` or `bodyParser.urlencoded()`.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"If deeply nested URL-encoded data is required, explicitly configure the `urlencoded` parser with a higher `depth` option: `bodyParser.urlencoded({ extended: true, depth: /* new_depth */ })`.","message":"The default `depth` for URL-encoded parsing was changed from `Infinity` to `32` in v1.20.3 (and carried into v2.x), limiting nested object/array depth.","severity":"breaking","affected_versions":">=1.20.3"},{"fix":"Always sanitize and validate `req.body` properties and their types, for instance, by using schema validation libraries like Joi or Zod.","message":"`req.body` contains user-controlled input and its properties should always be validated before use to prevent security vulnerabilities (e.g., prototype pollution) or runtime errors.","severity":"gotcha","affected_versions":"*"},{"fix":"For `multipart/form-data` requests, use dedicated middleware such as `multer`, `busboy`, or `formidable`.","message":"`body-parser` does not handle `multipart/form-data` request bodies, which are commonly used for file uploads.","severity":"gotcha","affected_versions":"*"}],"env_vars":null,"last_verified":"2026-04-18T00:00:00.000Z","next_check":"2026-07-17T00:00:00.000Z","problems":[{"fix":"Ensure `app.use()` calls for `bodyParser.json()`, `bodyParser.urlencoded()`, etc., are correctly placed before your routes, and verify the client sends the correct `Content-Type` header (e.g., `application/json`).","cause":"The appropriate `body-parser` middleware was not used for the request's `Content-Type`, or the header was missing/incorrect.","error":"TypeError: Cannot read properties of undefined (reading 'body')"},{"fix":"Increase the `limit` option for the relevant parser. For example, to allow up to 5MB JSON: `app.use(bodyParser.json({ limit: '5mb' }))`.","cause":"The incoming request body exceeded the configured `limit` option for the active body parser.","error":"PayloadTooLargeError: request entity too large"},{"fix":"Verify that the client is sending well-formed JSON data. If the client is sending HTML or another format, adjust the `Content-Type` header or use the appropriate `body-parser` middleware (e.g., `bodyParser.text()`).","cause":"The request body sent with `Content-Type: application/json` was not valid JSON, or the content type was mismatched.","error":"SyntaxError: Unexpected token < in JSON at position 0"},{"fix":"If deeply nested URL-encoded data is expected, increase the `depth` option: `app.use(bodyParser.urlencoded({ extended: true, depth: 64 }))`.","cause":"A URL-encoded request body contained deeply nested data that exceeded the `depth` option (defaulting to 32) of the `urlencoded` parser.","error":"RangeError: Maximum call stack size exceeded"},{"fix":"Ensure `body-parser` is correctly imported/required (e.g., `const bodyParser = require('body-parser')` or `import bodyParser from 'body-parser';`) and that parser methods are called on the `bodyParser` object, like `bodyParser.json()`.","cause":"This usually indicates `body-parser` was imported or required incorrectly, or an attempt was made to call a parser method on an undefined `body-parser` object.","error":"TypeError: body-parser.json is not a function"}],"ecosystem":"npm"}