Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@autosec/fetchhole

Package Overview
Dependencies
Maintainers
1
Versions
19
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@autosec/fetchhole

Boost your FaaS development with `@autosec/fetchhole`, a secure, drop-in replacement for the native `fetch()` function, designed for security-focused web developers.

0.1.1-nightly.0
latest
Source
npmnpm
Version published
Maintainers
1
Created
Source

License TypeScript npm npm OpenSSF Scorecard Socket Badge

FetchHole

Elevate your Function as a Service (FaaS) development with enhanced security at the edge using @autosec/fetchhole. This package acts as a sophisticated drop-in replacement for the native fetch() function, tailored for developers who emphasize security in their web applications.

Features

  • Drop-in Replacement: Seamlessly integrates with existing code, replacing the native fetch() function.
  • Advanced Logging: Comprehensive logging capabilities for effective debugging.
  • Redirect Intercept: Customize redirect limits with a default of 20, as per the WHATWG Fetch specification.
  • Header Computation: Automatically computes and adds missing Content-Length and ETag headers. Choose your preferred ETag hash algorithm, with sha256 as the default.
  • Cache Support: Utilizes memory or disk caching via the Cache Web API. Compatible with Cloudflare's cache API for Cloudflare users.
  • Intercept for Alternate Routing: Ideal for scenarios like Cloudflare Workers Binding, allowing for alternate request routing.
  • Custom DNS Resolver Support: Designed for DNS level security applications like Zero Trust services. Compatible with any DoH resolver that uses 0.0.0.0 for blocking.
    • Direct IP Address Handling: Offers three modes for handling direct IP address access:
      • Full Block
      • Fail if No PTR Record (conducts a PTR record check, followed by a standard DNS check)
      • Allow

Installation

npm install @autosec/fetchhole

Usage

Simply import fetchhole and use it as a replacement for the native fetch() function.

import fetch from '@autosec/fetchhole';

// Use fetch as you normally would
fetch('https://example.com').then((response) => {
	// Your code here
});

Configuration

You can customize fetchhole with various options to suit your needs. Settings can be applied at the class instance level or as an fetch init property:

{
	cache: {
		type: CacheType.Default, // Defines cache type
		hashAlgorithm: 'sha256', // Choose a different ETag hash algorithm
		ignoreMethod: false,
		ignoreSearch: false,
		ignoreVary: false,
	},
	hardFail: true, // Determines failure handling
	logLevel: LoggingLevel.INFO, // Sets the level of logging
	redirectCount: 20, // Set custom redirect limit
}

FAQs

Package last updated on 15 Dec 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

DuckDB npm Account Compromised in Continuing Supply Chain Attack

Research

/

Security News

DuckDB npm Account Compromised in Continuing Supply Chain Attack

Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.

By Peter van der Zee, Sarah Gooding  -  Sep 09, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.