Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@actions/http-client
Advanced tools
The @actions/http-client npm package is designed to provide a simple and efficient way to make HTTP requests from Node.js, particularly within the context of GitHub Actions. It supports features like making GET, POST, and other HTTP requests, handling streams, and processing responses.
Making GET requests
This feature allows you to make GET requests to retrieve data from a specified endpoint. The code sample demonstrates how to create an instance of HttpClient, make a GET request, and read the response body.
const { HttpClient } = require('@actions/http-client');
const httpClient = new HttpClient('my-user-agent');
async function getExample() {
const response = await httpClient.get('https://api.example.com/data');
const body = await response.readBody();
console.log(body);
}
getExample();
Making POST requests
This feature allows you to make POST requests to send data to a specified endpoint. The code sample shows how to send a JSON payload with the appropriate headers and process the response.
const { HttpClient } = require('@actions/http-client');
const httpClient = new HttpClient('my-user-agent');
async function postExample() {
const data = JSON.stringify({ key: 'value' });
const headers = { 'Content-Type': 'application/json' };
const response = await httpClient.post('https://api.example.com/submit', data, headers);
const body = await response.readBody();
console.log(body);
}
postExample();
Handling streams
This feature is useful for handling large amounts of data by streaming it directly to a file or another destination. The code sample demonstrates how to pipe the response from a GET request into a writable stream.
const { HttpClient } = require('@actions/http-client');
const fs = require('fs');
const httpClient = new HttpClient('my-user-agent');
async function streamExample() {
const response = await httpClient.get('https://api.example.com/data');
const stream = fs.createWriteStream('./data.txt');
response.message.pipe(stream);
}
streamExample();
Axios is a popular HTTP client for the browser and Node.js. It provides a promise-based API and has a similar feature set to @actions/http-client, including the ability to make various HTTP requests, intercept requests and responses, and transform request and response data. Axios is often preferred for its simplicity and wide adoption.
node-fetch is a light-weight module that brings the Fetch API to Node.js. It is similar to @actions/http-client in that it allows you to make HTTP requests, but it is designed to closely mimic the browser fetch API, which some developers may find more familiar.
Got is a human-friendly and powerful HTTP request library for Node.js. It offers features like stream support, retries, and request cancellation, which are similar to @actions/http-client. Got is known for its advanced features and comprehensive options for customizing requests.
Superagent is a small progressive client-side HTTP request library, and Node.js module with the same API, sporting many high-level HTTP client features. It compares to @actions/http-client with its fluent API and ability to handle both callback and promise-based workflows.
@actions/http-client
A lightweight HTTP client optimized for building actions.
Features and releases here
npm install @actions/http-client --save
See the tests for detailed examples.
The HTTP client does not throw unless truly exceptional.
See the tests for detailed examples.
To enable detailed console logging of all HTTP requests and responses, set the NODE_DEBUG environment varible:
export NODE_DEBUG=http
The http-client is built using the latest LTS version of Node 12. It may work on previous node LTS versions but it's tested and officially supported on Node12+.
We follow semver and will hold compatibility between major versions and increment the minor version with new features and capabilities (while holding compat).
We welcome PRs. Please create an issue and if applicable, a design before proceeding with code.
once:
npm install
To build:
npm run build
To run all tests:
npm test
FAQs
Actions Http Client
The npm package @actions/http-client receives a total of 3,321,026 weekly downloads. As such, @actions/http-client popularity was classified as popular.
We found that @actions/http-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.