{"id":17812,"library":"mixpart","title":"mixpart","description":"The `mixpart` library is a high-performance streaming parser for `multipart/mixed` messages in Node.js, designed for optimal memory efficiency and robust error handling. It currently ships as version `0.0.5` and is primarily intended as a private workspace package within a monorepo, implying a stable but internally-focused release cadence rather than frequent public updates. Its key differentiators include true streaming processing where each message payload is exposed as a `ReadableStream`, preventing full buffering of entire parts, and zero memory buffering for message payloads. It also features built-in memory safety configurations to guard against unbounded memory growth from malformed data, optimized search algorithms using Node.js `Buffer.indexOf` for fast boundary detection, and proper ISO-8859-1 header decoding per HTTP standards. The package also provides comprehensive TypeScript support.","status":"maintenance","version":"0.0.5","language":"javascript","source_language":"en","source_url":null,"tags":["javascript","multipart","mixed","parser","streaming","node","typescript","performance"],"install":[{"cmd":"npm install mixpart","lang":"bash","label":"npm"},{"cmd":"yarn add mixpart","lang":"bash","label":"yarn"},{"cmd":"pnpm add mixpart","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"mixpart is an ESM-first library; CommonJS require() is not supported for v0.0.5 and later. It is the primary async generator function for parsing.","wrong":"const { parseMultipartStream } = require('mixpart')","symbol":"parseMultipartStream","correct":"import { parseMultipartStream } from 'mixpart'"},{"note":"This is a named export for the interface describing a parsed multipart message, including its headers and payload stream.","wrong":"import MultipartMessage from 'mixpart'","symbol":"MultipartMessage","correct":"import { MultipartMessage } from 'mixpart'"},{"note":"This is a named export for the type definition of configuration options for the parser, used to set safety limits.","wrong":"type ParserOptions = any; // incorrect import","symbol":"ParserOptions","correct":"import { ParserOptions } from 'mixpart'"}],"quickstart":{"code":"import { parseMultipartStream, MultipartMessage } from \"mixpart\";\n\n// Simulate a fetch call to a multipart/mixed endpoint\nasync function simulateMultipartFetch() {\n  // In a real application, replace this with an actual fetch call\n  // For demonstration, we'll create a dummy ReadableStream\n  const dummyStream = new ReadableStream({\n    start(controller) {\n      controller.enqueue(new TextEncoder().encode(\n        '--BOUNDARY\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        'Content-Type: text/plain\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        'X-Custom-Header: hello\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        '\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        'This is part one.\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        '--BOUNDARY\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        'Content-Type: application/json\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        '\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        '{\"key\": \"value\", \"number\": 123}\\r\\n'\n      ));\n      controller.enqueue(new TextEncoder().encode(\n        '--BOUNDARY--\\r\\n'\n      ));\n      controller.close();\n    }\n  });\n\n  // A mock Response object with a 'body' property\n  const mockResponse = { \n    body: dummyStream,\n    headers: new Headers({'content-type': 'multipart/mixed; boundary=BOUNDARY'})\n  };\n\n  for await (const message of parseMultipartStream(mockResponse as Response)) {\n    console.log(\"\\n--- New Message ---\");\n    console.log(\"Headers:\");\n    for (const [key, value] of message.headers.entries()) {\n      console.log(`  ${key}: ${value}`);\n    }\n\n    const contentType = message.headers.get(\"content-type\");\n    const customHeader = message.headers.get(\"x-custom-header\");\n\n    console.log(\"Content-Type:\", contentType);\n\n    let payloadContent = '';\n    const reader = message.payload.getReader();\n    while (true) {\n      const { done, value } = await reader.read();\n      if (done) break;\n      payloadContent += new TextDecoder().decode(value);\n    }\n    console.log(\"Payload (full):\");\n    console.log(payloadContent.trim()); // Trim to remove potential trailing newlines from stream simulation\n  }\n}\n\nsimulateMultipartFetch().catch(console.error);","lang":"typescript","description":"Demonstrates how to parse a multipart/mixed stream, access headers, and stream the payload of each part. It includes a simulated multipart response for a runnable example."},"warnings":[{"fix":"Avoid direct installation or use unless explicitly instructed by the package maintainers; seek alternative public libraries for general multipart parsing needs.","message":"This package is explicitly noted as a 'private workspace package' and is 'used internally by other packages in this monorepo.' It is not intended for public installation or direct external use and may not follow standard npm release practices or support cycles for external consumers.","severity":"gotcha","affected_versions":">=0.0.5"},{"fix":"Always configure `ParserOptions` with appropriate `maxHeaderSize` and `maxBoundaryBuffer` values based on expected input and security requirements when calling `parseMultipartStream`.","message":"The parser includes configurable memory safety limits (e.g., `maxHeaderSize`, `maxBoundaryBuffer`). Without proper configuration or with insufficient limits, especially when processing untrusted or malformed input, the parser could still be vulnerable to unbounded memory growth or denial-of-service attacks.","severity":"gotcha","affected_versions":">=0.0.5"},{"fix":"Be aware that header values from `message.headers.get()` are ISO-8859-1 decoded. If specific header fields are known to use different encodings (e.g., RFC 2047 encoded-word syntax), additional decoding logic may be required by the application.","message":"Headers are strictly decoded using ISO-8859-1 to comply with HTTP standards. Developers expecting UTF-8 for all string content, particularly for header values that might contain non-ASCII characters outside of specific encodings like RFC 2047, may encounter unexpected character representations.","severity":"gotcha","affected_versions":">=0.0.5"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Increase the `maxHeaderSize` option in `ParserOptions` if larger headers are legitimately expected, or investigate the source of the multipart data for potential malicious input. Default is 64KB.","cause":"The cumulative size of headers for a single multipart part exceeded the configured `maxHeaderSize` limit, often due to extremely long header lines or an excessive number of headers in malformed input.","error":"MixpartError: Header size limit exceeded."},{"fix":"Increase the `maxBoundaryBuffer` option in `ParserOptions` if very long or complex boundary patterns are legitimately expected, or, more commonly, inspect the incoming data stream for signs of corruption or malicious attempts to exhaust memory.","cause":"The internal buffer used for detecting multipart boundaries grew beyond `maxBoundaryBuffer` without finding a complete boundary, typically indicating malformed input attempting to create a fake partial boundary.","error":"MixpartError: Boundary buffer limit exceeded."}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}