body-parser
HTTP request body parsing middleware for Node.js. Parses JSON, URL-encoded form data (application/x-www-form-urlencoded), raw buffers, and plain text request bodies. Populates req.body with parsed data. Part of the expressjs GitHub organization. Note: Express.js 4.16+ includes body-parser functionality built-in via express.json() and express.urlencoded() — body-parser is only needed for older Express versions or non-Express frameworks.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Configure body size limits to prevent DoS via large payloads. Content-Type validation prevents unexpected data. Well-maintained by expressjs organization.
⚡ Reliability
Best When
You're using Express <4.16 or a non-Express Node.js framework that needs request body parsing middleware.
Avoid When
You're using Express 4.16+ — use the built-in express.json() and express.urlencoded() instead of installing body-parser separately.
Use Cases
- • Parse JSON request bodies in Express.js APIs (though express.json() is now preferred for Express 4.16+)
- • Parse HTML form submissions (application/x-www-form-urlencoded) in server-rendered Express applications
- • Use in non-Express Node.js HTTP servers or frameworks that don't include body parsing
- • Parse text/plain or application/octet-stream request bodies for specific content types
- • Configure body size limits to prevent large payload attacks in APIs
Not For
- • Express 4.16+ applications — use express.json() and express.urlencoded() built into Express instead
- • Multipart form data (file uploads) — use multer for multipart/form-data; body-parser doesn't handle file uploads
- • GraphQL request parsing — Apollo Server and GraphQL frameworks have their own body parsing
Interface
Authentication
No authentication — request parsing middleware.
Pricing
Fully free, MIT licensed.
Agent Metadata
Known Gotchas
- ⚠ Express 4.16+ includes body-parser built-in — app.use(express.json()) replaces app.use(bodyParser.json()); installing body-parser is unnecessary for modern Express
- ⚠ Default body size limit is 100KB — large JSON payloads (agent outputs, data blobs) need explicit limit: app.use(express.json({ limit: '10mb' }))
- ⚠ Content-Type header must match — bodyParser.json() only parses requests with Content-Type: application/json; wrong Content-Type header means req.body stays empty
- ⚠ bodyParser.urlencoded({ extended: false }) vs extended: true — extended: true uses qs library for rich types (arrays/objects); extended: false uses querystring for flat key-value only
- ⚠ Body parser must come before route handlers — app.use(bodyParser.json()) must appear before route definitions or req.body will be undefined
- ⚠ bodyParser.text() and bodyParser.raw() are rarely needed — most APIs use JSON or URL-encoded; use these only for specific content types like webhooks needing raw body
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for body-parser.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.