Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@octokit/request
Advanced tools
Send parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node
The @octokit/request npm package is a low-level client for making authenticated requests to GitHub's REST API. It simplifies the process of making HTTP requests to GitHub's API endpoints, handling authentication, and parsing responses. It's part of the Octokit family of tools designed to work with GitHub in various programming languages and environments.
Making authenticated requests
This feature allows you to make authenticated requests to GitHub's REST API. You can retrieve or manipulate data related to repositories, issues, pull requests, and more. The code sample demonstrates how to fetch issues from a specific repository using a personal access token for authentication.
{
"const { request } = require('@octokit/request');
request('GET /repos/{owner}/{repo}/issues', {
owner: 'octocat',
repo: 'hello-world',
headers: {
authorization: 'token <YOUR_PERSONAL_ACCESS_TOKEN>'
}
});"
}
Custom requests
Beyond fetching data, @octokit/request can also be used to create or update resources on GitHub, such as issues, pull requests, and more. The code sample shows how to create a new issue in a repository, demonstrating the package's capability for making various types of authenticated requests.
{
"const { request } = require('@octokit/request');
request('POST /repos/{owner}/{repo}/issues', {
owner: 'octocat',
repo: 'hello-world',
title: 'New issue title',
body: 'Description of the new issue',
headers: {
authorization: 'token <YOUR_PERSONAL_ACCESS_TOKEN>'
}
});"
}
Axios is a promise-based HTTP client for the browser and node.js. It supports request and response interception, client-side protection against XSRF, and more. While it is not specifically designed for GitHub's API, it can be used for similar purposes as @octokit/request by manually handling GitHub API endpoints and authentication.
node-fetch is a light-weight module that brings the Fetch API to Node.js. Like axios, it's a general-purpose HTTP client that can be used to interact with any REST API, including GitHub's. Compared to @octokit/request, node-fetch requires more manual setup for dealing with GitHub's API, such as handling authentication and parsing responses.
Send parameterized requests to GitHub’s APIs with sensible defaults in browsers and Node
@octokit/request
is a request library for browsers & node that makes it easier
to interact with GitHub’s REST API and
GitHub’s GraphQL API.
It uses @octokit/endpoint
to parse
the passed options and sends the request using fetch
(node-fetch in Node).
Install with npm install @octokit/request
.
const octokitRequest = require('@octokit/request')
Download octokit-request.min.js
from the latest release: https://github.com/octokit/request.js/releases
Load it as script into your web application:
<script src="request-rest.min.js"></script>
The octokitRequest
is now available
// Following GitHub docs formatting:
// https://developer.github.com/v3/repos/#list-organization-repositories
const result = await octokitRequest('GET /orgs/:org/repos', {
headers: {
authorization: 'token 0000000000000000000000000000000000000001'
},
org: 'octokit',
type: 'private'
})
console.log(`${result.data.length} repos found.`)
const result = await octokitRequest('POST /graphql', {
headers: {
authorization: 'token 0000000000000000000000000000000000000001'
},
query: `query ($login: String!) {
organization(login: $login) {
repositories(privacy: PRIVATE) {
totalCount
}
}
}`,
variables: {
login: 'octokit'
}
})
method
& url
as part of optionsAlternatively, pass in a method and a url
const result = await octokitRequest({
method: 'GET',
url: '/orgs/:org/repos',
headers: {
authorization: 'token 0000000000000000000000000000000000000001'
},
org: 'octokit',
type: 'private'
})
name | type | description |
---|---|---|
baseUrl
| String |
Required. Any supported http verb, case insensitive. Defaults to https://api.github.com .
|
headers
| Object |
Custom headers. Passed headers are merged with defaults:headers['user-agent'] defaults to octokit-rest.js/1.2.3 (where 1.2.3 is the released version).headers['accept'] defaults to application/vnd.github.v3+json . |
method
| String |
Required. Any supported http verb, case insensitive. Defaults to Get .
|
url
| String |
Required. A path or full URL which may contain :variable or {variable} placeholders,
e.g. /orgs/:org/repos . The url is parsed using url-template.
|
data
| Any | Set request body directly instead of setting it to JSON based on additional parameters. See "The `data` parameter" below. |
request
| Object | Pass [node-fetch extensions options](https://github.com/bitinn/node-fetch#options), such as `agent` or `timeout` |
All other options will passed depending on the method
and url
options.
url
, it will be used as replacement. For example, if the passed options are {url: '/orgs/:org/repos', org: 'foo'}
the returned options.url
is https://api.github.com/orgs/foo/repos
method
is GET
or HEAD
, the option is passed as query parameteroctokitRequest
returns a promise and resolves with 3 keys
key | type | description |
---|---|---|
headers | Object | All response headers |
code | Integer | Response status code |
data | Any | The response body as returned from server. If the response is JSON then it will be parsed into an object |
request.defaults()
Override or set default options. Example:
const myOctokitRequest = require('@octokit/request').defaults({
baseUrl: 'https://github-enterprise.acme-inc.com/api/v3',
headers: {
'user-agent': 'myApp/1.2.3',
authorization: `token 0000000000000000000000000000000000000001`
},
org: 'my-project',
per_page: 100
})
myOctokitRequest(`GET /orgs/:org/repos`)
You can call .defaults()
again on the returned method, the defaults will cascade.
const myProjectRequest = request.defaults({
baseUrl: 'https://github-enterprise.acme-inc.com/api/v3',
headers: {
'user-agent': 'myApp/1.2.3'
},
org: 'my-project'
})
const myProjectRequestWithAuth = myProjectRequest.defaults({
headers: {
authorization: `token 0000000000000000000000000000000000000001`
}
})
myProjectRequest
now defaults the baseUrl
, headers['user-agent']
,
org
and headers['authorization']
on top of headers['accept']
that is set
by the global default.
request.endpoint
See https://github.com/octokit/endpoint.js
data
parameter – set request body directlySome endpoints such as Render a Markdown document in raw mode don’t have parameters that are sent as request body keys, instead the request body needs to be set directly. In these cases, set the data
parameter.
const options = endpoint('POST /markdown/raw', {
data: 'Hello world github/linguist#1 **cool**, and #1!',
headers: {
accept: 'text/html;charset=utf-8',
'content-type': 'text/plain'
}
})
// options is
// {
// method: 'post',
// url: 'https://api.github.com/markdown/raw',
// headers: {
// accept: 'text/html;charset=utf-8',
// 'content-type': 'text/plain',
// 'user-agent': userAgent
// },
// body: 'Hello world github/linguist#1 **cool**, and #1!'
// }
There are API endpoints that accept both query parameters as well as a body. In that case you need to add the query parameters as templates to options.url
, as defined in the RFC 6570 URI Template specification.
Example
octokitRequest('POST https://uploads.github.com/repos/octocat/Hello-World/releases/1/assets{?name,label}', {
name: 'example.zip',
label: 'short description',
headers: {
'content-type': 'text/plain',
'content-length': 14,
authorization: `token 0000000000000000000000000000000000000001`
},
data: 'Hello, world!'
})
FAQs
Send parameterized requests to GitHub's APIs with sensible defaults in browsers and Node
The npm package @octokit/request receives a total of 0 weekly downloads. As such, @octokit/request popularity was classified as not popular.
We found that @octokit/request demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.