Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@azure/core-http
Advanced tools
Isomorphic client Runtime for Typescript/node.js/browser javascript client libraries generated using AutoRest
@azure/core-http is a foundational library for making HTTP requests and handling responses in Azure SDKs. It provides a set of utilities and abstractions to simplify the process of interacting with HTTP services, including features like request and response handling, middleware support, and authentication.
Making HTTP Requests
This feature allows you to make HTTP requests using the DefaultHttpClient and WebResource classes. The code sample demonstrates how to make a GET request to a public API and log the response.
const { DefaultHttpClient, WebResource } = require('@azure/core-http');
async function makeRequest() {
const client = new DefaultHttpClient();
const request = new WebResource('https://jsonplaceholder.typicode.com/posts', 'GET');
const response = await client.sendRequest(request);
console.log(response.bodyAsText);
}
makeRequest();
Handling Middleware
This feature allows you to add middleware to the HTTP pipeline. The code sample demonstrates how to add a logging middleware that logs HTTP requests and responses.
const { DefaultHttpClient, WebResource, HttpPipelineLogger, HttpPipelineLogLevel } = require('@azure/core-http');
async function makeRequestWithMiddleware() {
const client = new DefaultHttpClient({
requestPolicyFactories: [
(nextPolicy, options) => new HttpPipelineLogger(nextPolicy, options, HttpPipelineLogLevel.INFO)
]
});
const request = new WebResource('https://jsonplaceholder.typicode.com/posts', 'GET');
const response = await client.sendRequest(request);
console.log(response.bodyAsText);
}
makeRequestWithMiddleware();
Authentication
This feature allows you to handle authentication by using TokenCredentials. The code sample demonstrates how to make an authenticated GET request by setting the Authorization header with a bearer token.
const { DefaultHttpClient, WebResource, TokenCredentials } = require('@azure/core-http');
async function makeAuthenticatedRequest() {
const token = 'YOUR_ACCESS_TOKEN';
const credentials = new TokenCredentials(token);
const client = new DefaultHttpClient();
const request = new WebResource('https://jsonplaceholder.typicode.com/posts', 'GET');
request.headers.set('Authorization', `Bearer ${credentials.token}`);
const response = await client.sendRequest(request);
console.log(response.bodyAsText);
}
makeAuthenticatedRequest();
Axios is a popular HTTP client for making requests in both Node.js and the browser. It provides a simple and easy-to-use API for making HTTP requests, handling responses, and managing interceptors. Compared to @azure/core-http, Axios is more general-purpose and widely used outside of the Azure ecosystem.
Node-fetch is a lightweight module that brings the Fetch API to Node.js. It is designed to be a minimalistic and straightforward way to make HTTP requests. Compared to @azure/core-http, node-fetch is simpler and more focused on providing a fetch-like experience in Node.js.
Request is a comprehensive and flexible HTTP client for Node.js. It supports a wide range of features, including streaming, form data, and OAuth. While request is more feature-rich, it is also more complex and has been deprecated in favor of more modern alternatives like Axios and node-fetch.
NOTE This package has been deprecated and replaced by a newer set of core libraries. Refer to README.md of the Azure SDK core libraries for more information on the change.
This is the core HTTP pipeline for Azure SDK JavaScript libraries which work in the browser and Node.js. This library is primarily intended to be used in code generated by AutoRest and autorest.typescript
.
See our support policy for more details.
This package is primarily used in generated code and not meant to be consumed directly by end users.
You can find an explanation of how this repository's code works by going to our architecture overview.
Examples can be found in the samples
folder.
Build this library (core-http
). For more information on how to build project in this repo, please refer to the Contributing Guide.
The code in samples\node-sample.ts
shows how to create a ServiceClient
instance with a test TokenCredential
implementation and use the client instance to perform a GET
operation from the Azure management service endpoint for subscriptions. To run the code, first obtain an access token to the Azure management service.
One easy way to get an access token is using Azure CLI
az login
az account set -s <subscription id>
az account get-access-token --resource=https://management.azure.com
Set values of subscriptionId
and token
variable in samples/node-sample.ts
Change directory to samples folder, compile the TypeScript code, then run the sample
cd samples
tsc node-sample.ts
node node-sample.js
subscriptionId
and token
variable in samples/index.js
If you run into issues while using this library, please feel free to file an issue.
If you'd like to contribute to this library, please read the contributing guide to learn more about how to build and test the code.
FAQs
Isomorphic client Runtime for Typescript/node.js/browser javascript client libraries generated using AutoRest
The npm package @azure/core-http receives a total of 1,294,693 weekly downloads. As such, @azure/core-http popularity was classified as popular.
We found that @azure/core-http demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.