formidable

Node.js library for parsing form data and file uploads. Handles multipart/form-data and application/x-www-form-urlencoded request bodies, writing uploaded files to disk or keeping in memory. Supports progress events, file size limits, file type validation, and streaming. The standard solution for file upload handling in Express.js applications alongside multer.

Evaluated Mar 06, 2026 (0d ago) v3.x
Homepage ↗ Repo ↗ Developer Tools file-upload multipart form-data node express stream upload
⚙ Agent Friendliness
62
/ 100
Can an agent use this?
🔒 Security
86
/ 100
Is it safe for agents?
⚡ Reliability
82
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
--
Documentation
78
Error Messages
75
Auth Simplicity
100
Rate Limits
82

🔒 Security

TLS Enforcement
88
Auth Strength
85
Scope Granularity
85
Dep. Hygiene
82
Secret Handling
88

File upload handling is security-critical. Always validate file types and sizes. Temp files must be managed. MIT licensed. HTTPS required for production file uploads. Sanitize original filenames before storing.

⚡ Reliability

Uptime/SLA
92
Version Stability
80
Breaking Changes
78
Error Recovery
80
AF Security Reliability

Best When

You need flexible file upload handling with streaming, progress events, and configuration options for an Express.js application.

Avoid When

You only need simple single-file uploads with minimal configuration — multer provides a simpler API with less configuration.

Use Cases

  • Handle file uploads in Express.js agent API endpoints with configurable upload directory and size limits
  • Parse multipart form submissions with both text fields and file attachments in agent web services
  • Stream large file uploads to cloud storage without holding entire file in memory
  • Implement file type validation and size restriction for secure agent document upload APIs
  • Process multi-file uploads in batch document processing agent workflows

Not For

  • Simple JSON body parsing — use express.json() middleware for JSON API request bodies
  • GraphQL file uploads — use graphql-upload which wraps multer for GraphQL multipart spec
  • High-concurrency file uploads with streaming to S3 — busboy (used by multer) may be more performant for pure streaming scenarios

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
No

Authentication

Methods: none
OAuth: No Scopes: No

Local library — no authentication required. MIT licensed.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed. Zero cost.

Agent Metadata

Pagination
none
Idempotent
Partial
Retry Guidance
Not documented

Known Gotchas

  • Must set maxFileSize option to prevent DoS from large uploads: new formidable.IncomingForm({ maxFileSize: 10 * 1024 * 1024 }) — default is 200MB which is dangerously large
  • Uploaded files are temporary by default — written to OS temp directory and must be moved or read before response ends; temp files are automatically cleaned up
  • v3 has breaking API changes from v2 — form.parse() now returns a Promise; v2-style callbacks may need migration
  • File type validation is NOT built-in — validate file.mimetype and file.originalFilename in your handler; formidable accepts any file type by default
  • Multiple files with same field name: use fields and files destructuring: const [fields, files] = await form.parse(req) — files[fieldname] is an array
  • For large files, implement the 'progress' event to track upload progress: form.on('progress', (bytesReceived, bytesExpected) => {})

Alternatives

multer-api busboy-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for formidable.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5208
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered