Skip to content

Commit 193dcdf

Browse files
authored
Merge pull request #1317 from expressjs/master-v2-merge-fix
2 parents 62cfea2 + c517954 commit 193dcdf

File tree

14 files changed

+1208
-81
lines changed

14 files changed

+1208
-81
lines changed

.github/workflows/codeql.yml

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,66 @@
1+
# For most projects, this workflow file will not need changing; you simply need
2+
# to commit it to your repository.
3+
#
4+
# You may wish to alter this file to override the set of languages analyzed,
5+
# or to provide custom queries or build logic.
6+
#
7+
# ******** NOTE ********
8+
# We have attempted to detect the languages in your repository. Please check
9+
# the `language` matrix defined below to confirm you have the correct set of
10+
# supported CodeQL languages.
11+
#
12+
name: "CodeQL"
13+
14+
on:
15+
push:
16+
branches: ["master"]
17+
pull_request:
18+
# The branches below must be a subset of the branches above
19+
branches: ["master"]
20+
schedule:
21+
- cron: "0 0 * * 1"
22+
23+
permissions:
24+
contents: read
25+
26+
jobs:
27+
analyze:
28+
name: Analyze
29+
runs-on: ubuntu-latest
30+
permissions:
31+
actions: read
32+
contents: read
33+
security-events: write
34+
35+
steps:
36+
- name: Checkout repository
37+
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
38+
39+
# Initializes the CodeQL tools for scanning.
40+
- name: Initialize CodeQL
41+
uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
42+
with:
43+
languages: javascript
44+
# If you wish to specify custom queries, you can do so here or in a config file.
45+
# By default, queries listed here will override any specified in a config file.
46+
# Prefix the list here with "+" to use these queries and those in the config file.
47+
48+
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
49+
# If this step fails, then you should remove it and run the build manually (see below)
50+
# - name: Autobuild
51+
# uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
52+
53+
# ℹ️ Command-line programs to run using the OS shell.
54+
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
55+
56+
# If the Autobuild fails above, remove it and uncomment the following three lines.
57+
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
58+
59+
# - run: |
60+
# echo "Run, Build Application using script"
61+
# ./location_of_script_within_repo/buildscript.sh
62+
63+
- name: Perform CodeQL Analysis
64+
uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7
65+
with:
66+
category: "/language:javascript"

.github/workflows/scorecard.yml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
# This workflow uses actions that are not certified by GitHub. They are provided
2+
# by a third-party and are governed by separate terms of service, privacy
3+
# policy, and support documentation.
4+
5+
name: Scorecard supply-chain security
6+
7+
on:
8+
# For Branch-Protection check. Only the default branch is supported. See
9+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
10+
branch_protection_rule:
11+
# To guarantee Maintained check is occasionally updated. See
12+
# https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
13+
schedule:
14+
- cron: '16 21 * * 1'
15+
push:
16+
branches: [ "master" ]
17+
18+
# Declare default permissions as read only.
19+
permissions: read-all
20+
21+
jobs:
22+
analysis:
23+
name: Scorecard analysis
24+
runs-on: ubuntu-latest
25+
permissions:
26+
# Needed to upload the results to code-scanning dashboard.
27+
security-events: write
28+
# Needed to publish results and get a badge (see publish_results below).
29+
id-token: write
30+
# Uncomment the permissions below if installing in a private repository.
31+
# contents: read
32+
# actions: read
33+
34+
steps:
35+
- name: "Checkout code"
36+
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
37+
with:
38+
persist-credentials: false
39+
40+
- name: "Run analysis"
41+
uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
42+
with:
43+
results_file: results.sarif
44+
results_format: sarif
45+
# (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
46+
# - you want to enable the Branch-Protection check on a *public* repository, or
47+
# - you are installing Scorecard on a *private* repository
48+
# To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
49+
# repo_token: ${{ secrets.SCORECARD_TOKEN }}
50+
51+
# Public repositories:
52+
# - Publish results to OpenSSF REST API for easy access by consumers
53+
# - Allows the repository to include the Scorecard badge.
54+
# - See https://github.com/ossf/scorecard-action#publishing-results.
55+
# For private repositories:
56+
# - `publish_results` will always be set to `false`, regardless
57+
# of the value entered here.
58+
publish_results: true
59+
60+
# Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
61+
# format to the repository Actions tab.
62+
- name: "Upload artifact"
63+
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
64+
with:
65+
name: SARIF file
66+
path: results.sarif
67+
retention-days: 5
68+
69+
# Upload the results to GitHub's code scanning dashboard.
70+
- name: "Upload to code-scanning"
71+
uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
72+
with:
73+
sarif_file: results.sarif
74+

.travis.yml

Lines changed: 0 additions & 9 deletions
This file was deleted.

README.md

Lines changed: 23 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,23 @@
1-
# Multer [![Build Status](https://badgen.net/github/checks/expressjs/multer/master?label=ci)](https://github.com/expressjs/multer/actions/workflows/ci.yml) [![Test Coverage](https://badgen.net/coveralls/c/github/expressjs/multer/master)](https://coveralls.io/r/expressjs/multer?branch=master) [![NPM version](https://badge.fury.io/js/multer.svg)](https://badge.fury.io/js/multer) [![js-standard-style](https://img.shields.io/badge/code%20style-standard-brightgreen.svg?style=flat)](https://github.com/feross/standard)
1+
# Multer [![NPM Version][npm-version-image]][npm-url] [![NPM Downloads][npm-downloads-image]][npm-url] [![Build Status][ci-image]][ci-url] [![Test Coverage][test-image]][test-url] [![OpenSSF Scorecard Badge][ossf-scorecard-badge]][ossf-scorecard-visualizer]
22

33
Multer is a node.js middleware for handling `multipart/form-data`, which is primarily used for uploading files. It is written
44
on top of [busboy](https://github.com/mscdex/busboy) for maximum efficiency.
55

66
**NOTE**: Multer will not process any form which is not multipart (`multipart/form-data`).
77

8-
## Translations
8+
## Translations
99

1010
This README is also available in other languages:
1111

12+
- [العربية](https://github.com/expressjs/multer/blob/master/doc/README-ar.md) (Arabic)
1213
- [Español](https://github.com/expressjs/multer/blob/master/doc/README-es.md) (Spanish)
1314
- [简体中文](https://github.com/expressjs/multer/blob/master/doc/README-zh-cn.md) (Chinese)
1415
- [한국어](https://github.com/expressjs/multer/blob/master/doc/README-ko.md) (Korean)
1516
- [Русский язык](https://github.com/expressjs/multer/blob/master/doc/README-ru.md) (Russian)
1617
- [Việt Nam](https://github.com/expressjs/multer/blob/master/doc/README-vi.md) (Vietnam)
1718
- [Português](https://github.com/expressjs/multer/blob/master/doc/README-pt-br.md) (Portuguese Brazil)
19+
- [Français](https://github.com/expressjs/multer/blob/master/doc/README-fr.md) (French)
20+
- [O'zbek tili](https://github.com/expressjs/multer/blob/master/doc/README-uz.md) (Uzbek)
1821

1922
## Installation
2023

@@ -53,8 +56,8 @@ app.post('/photos/upload', upload.array('photos', 12), function (req, res, next)
5356
// req.body will contain the text fields, if there were any
5457
})
5558

56-
const cpUpload = upload.fields([{ name: 'avatar', maxCount: 1 }, { name: 'gallery', maxCount: 8 }])
57-
app.post('/cool-profile', cpUpload, function (req, res, next) {
59+
const uploadMiddleware = upload.fields([{ name: 'avatar', maxCount: 1 }, { name: 'gallery', maxCount: 8 }])
60+
app.post('/cool-profile', uploadMiddleware, function (req, res, next) {
5861
// req.files is an object (String -> Array) where fieldname is the key, and the value is array of files
5962
//
6063
// e.g.
@@ -78,14 +81,14 @@ app.post('/profile', upload.none(), function (req, res, next) {
7881
})
7982
```
8083

81-
Here's an example on how multer is used an HTML form. Take special note of the `enctype="multipart/form-data"` and `name="uploaded_file"` fields:
84+
Here's an example on how multer is used in a HTML form. Take special note of the `enctype="multipart/form-data"` and `name="uploaded_file"` fields:
8285

8386
```html
8487
<form action="/stats" enctype="multipart/form-data" method="post">
8588
<div class="form-group">
8689
<input type="file" class="form-control-file" name="uploaded_file">
8790
<input type="text" class="form-control" placeholder="Number of speakers" name="nspeakers">
88-
<input type="submit" value="Get me the stats!" class="btn btn-default">
91+
<input type="submit" value="Get me the stats!" class="btn btn-default">
8992
</div>
9093
</form>
9194
```
@@ -96,9 +99,9 @@ Then in your javascript file you would add these lines to access both the file a
9699
const multer = require('multer')
97100
const upload = multer({ dest: './public/data/uploads/' })
98101
app.post('/stats', upload.single('uploaded_file'), function (req, res) {
99-
// req.file is the name of your file in the form above, here 'uploaded_file'
100-
// req.body will hold the text fields, if there were any
101-
console.log(req.file, req.body)
102+
// req.file is the name of your file in the form above, here 'uploaded_file'
103+
// req.body will hold the text fields, if there were any
104+
console.log(req.file, req.body)
102105
});
103106
```
104107

@@ -239,7 +242,7 @@ order that the client transmits fields and files to the server.
239242

240243
For understanding the calling convention used in the callback (needing to pass
241244
null as the first param), refer to
242-
[Node.js error handling](https://www.joyent.com/node-js/production/design/errors)
245+
[Node.js error handling](https://web.archive.org/web/20220417042018/https://www.joyent.com/node-js/production/design/errors)
243246

244247
#### `MemoryStorage`
245248

@@ -331,3 +334,13 @@ For information on how to build your own storage engine, see [Multer Storage Eng
331334
## License
332335

333336
[MIT](LICENSE)
337+
338+
[ci-image]: https://badgen.net/github/checks/expressjs/multer/master?label=ci
339+
[ci-url]: https://github.com/expressjs/multer/actions/workflows/ci.yml
340+
[test-url]: https://coveralls.io/r/expressjs/multer?branch=master
341+
[test-image]: https://badgen.net/coveralls/c/github/expressjs/multer/master
342+
[npm-downloads-image]: https://badgen.net/npm/dm/multer
343+
[npm-url]: https://npmjs.org/package/multer
344+
[npm-version-image]: https://badgen.net/npm/v/multer
345+
[ossf-scorecard-badge]: https://api.scorecard.dev/projects/github.com/expressjs/multer/badge
346+
[ossf-scorecard-visualizer]: https://ossf.github.io/scorecard-visualizer/#/projects/github.com/expressjs/multer

0 commit comments

Comments
 (0)