Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@akiyamka/extended-fetch
Advanced tools
Tiny window.fetch JavaScript implementation over XMLHttpRequest with additional features
This library allows you to cath Timeout Error without enforcing a time restriction
🧹 No dependencies
🤏 Tiny size
🧩 Does not patching existing fetch
🔀 In most cases can be used as drop in replacement for fetch
⚠️ It's not a fetch polyfill. It uses
Request
andResponse
objects from fetch implementation
npm install @akiyamka/extended-fetch
Have fetch like api, but with few additional features:
Fetch does not allow the user to know if his request was failed due to a 504 error.
Instead it throws common TypeError: Failed to fetch
But extended-fetch
throw 'Timeout Error' error for that case
import { extendedFetch, isTimeoutError } from '@akiyamka/extended-fetch'
extendedFetch('/users', {
method: 'POST',
body: JSON.stringify({ foo: 'bar' }),
}).catch((error) => {
// Allow identify timeout error
console.assert(error.message, 'Timeout Error')
console.assert(isTimeoutError(error), true)
})
import { extendedFetch } from 'extended-fetch'
extendedFetch(
'/users',
// Fetch configuration
{
method: 'POST',
body: JSON.stringify({ foo: 'bar' }),
},
// Additional settings
{
onUploadProgress: (event) => {
console.log(`Uploaded: ${event.progress}% (${event.bytes} bytes)`)
},
onDownloadProgress: (event) => {
console.log(`Downloaded: ${event.progress}% (${event.bytes} bytes)`)
},
}
)
The library has a typed helper for Abort error detection
import { extendedFetch, isAbortError } from 'extended-fetch'
const abortController = new AbortController()
abortController.abort()
try {
const reference = await extendedFetch(srv.readyCheck(), {
signal: abortController.signal,
})
} catch (err) {
if (isAbortError(e)) {
// request was aborted
}
}
Fetch has a pretty good api but doesn't cover some of the frequent occurrences of what an XHR query can give us
Currently, there is no way to determine that the reason the request failed is due to the Timeout Error using the fetch API, but sometimes it needed, for example, for meaningful UI reaction.
The most popular workaround for this today is to set a forced limit on the client side, which will only work if it less than the existing limit outside, and it will also break functionality in situations where the limit has been raised above the standard limit
Using fetch we can get download progress information using readable stream (if supported), but we still don't have a way to get upload progress using fetch api.
I wrapped XHR in a fetch api (taking some code from the fetch polyfill) and added the missing functionality available from the XHR api
FAQs
Tiny window.fetch JavaScript implementation over XMLHttpRequest with additional features
The npm package @akiyamka/extended-fetch receives a total of 16 weekly downloads. As such, @akiyamka/extended-fetch popularity was classified as not popular.
We found that @akiyamka/extended-fetch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.