
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@eric8810/catcher-web
Advanced tools
Catcher HTTP client for browsers — fetch-based with retry, circuit breaker & priority queue
Resilient HTTP + WebSocket + SSE client for browsers — built on fetch with retry, circuit breaker, and priority queue. Part of the catcher toolkit.
API is intentionally identical to @eric8810/catcher-http (Node.js) so you can share the same config across environments.
Note: For Node.js, use
@eric8810/catcher-napi-http(⭐ recommended, Rust native) or@eric8810/catcher-http(pure TS).
npm install @eric8810/catcher-web
import { createWebClient } from '@eric8810/catcher-web'
const client = createWebClient({
baseURL: 'https://api.example.com',
retry: { attempts: 3, backoff: 'exponential', minTimeout: 500 },
concurrency: 6,
circuitBreaker: { failureThreshold: 5, resetTimeout: 30_000 },
})
const data = await client.get('/users/1')
const result = await client.post('/messages', { text: 'hello' })
// Interceptors
client.interceptors.request.use(config => {
config.headers['Authorization'] = `Bearer ${token}`
return config
})
// Events
client.on('requestComplete', (e) => {
console.log(`${e.method} ${e.url} → ${e.status} (${e.durationMs}ms)`)
})
// Runtime config update
client.updateConfig({ retry: { attempts: 5 } })
import { createWebSocketClient } from '@eric8810/catcher-web'
const ws = createWebSocketClient({
url: 'wss://echo.example.com',
reconnect: { initialDelay: 1000, maxDelay: 30_000, maxAttempts: 20 },
})
ws.addEventListener('open', () => ws.send('hello'))
ws.addEventListener('message', (e) => console.log(e.data))
ws.addEventListener('close', (e) => console.log('Closed', e.code))
// Close
ws.close(1000, 'done')
import { createSSEStream, createSSEClient } from '@eric8810/catcher-web'
// One-shot stream
const stream = createSSEStream({
url: '/api/chat',
method: 'POST',
body: { prompt: 'Hello', stream: true },
})
for await (const line of stream) {
if (line.startsWith('data: ')) console.log(line.slice(6))
}
// Long-lived with auto-reconnect
const client = createSSEClient({
url: '/api/events',
reconnect: { initialDelay: 1000, maxDelay: 30_000 },
})
for await (const line of client) {
console.log(line)
}
createWebClient(config) → IHttpClientResilience layers: fetch → retry → circuit breaker → concurrency queue
Supports all HttpClientConfig options including:
auth / bearerToken — automatic auth headersxsrfCookieName / xsrfHeaderName — XSRF protectioncredentials — CORS credentials policyredirect — redirect following controlresponseType — 'json' | 'text' | 'bytes' | 'stream' (ReadableStream)createWebSocketClient(options) → WebSocketClient| Property | Description |
|---|---|
url | Single URL or array for fallback |
reconnect | Exponential backoff with jitter |
binaryType | 'blob' (default) or 'arraybuffer' |
createSSEStream(opts) / createSSEClient(opts)Browser-compatible SSE via fetch + ReadableStream parsing.
fetch()mode and credentialsMIT
FAQs
Catcher HTTP client for browsers — fetch-based with retry, circuit breaker & priority queue
The npm package @eric8810/catcher-web receives a total of 24 weekly downloads. As such, @eric8810/catcher-web popularity was classified as not popular.
We found that @eric8810/catcher-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.