Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@octokit/rest
Advanced tools
The @octokit/rest npm package is a client library for accessing the GitHub REST API. It provides a convenient way to interact with GitHub resources such as repositories, issues, pull requests, and more, directly from your JavaScript code. It abstracts away the direct HTTP requests to GitHub, offering an easier and more intuitive way to access GitHub data and perform operations.
Repository Management
This feature allows you to manage repositories. The code sample demonstrates how to create a new public repository for the authenticated user.
const { Octokit } = require('@octokit/rest');
const octokit = new Octokit({ auth: 'personal-access-token' });
octokit.repos.createForAuthenticatedUser({
name: 'new-repo',
private: false
});
Issues Management
This feature enables you to manage issues in a repository. The code sample shows how to create a new issue in a specified repository.
const { Octokit } = require('@octokit/rest');
const octokit = new Octokit({ auth: 'personal-access-token' });
octokit.issues.create({
owner: 'username',
repo: 'repository-name',
title: 'New Issue Title',
body: 'Description of the issue.'
});
Pull Requests
This feature allows for the creation and management of pull requests. The code sample illustrates how to create a pull request from one branch to another within the same repository.
const { Octokit } = require('@octokit/rest');
const octokit = new Octokit({ auth: 'personal-access-token' });
octokit.pulls.create({
owner: 'username',
repo: 'repository-name',
title: 'New Pull Request',
head: 'branch-name',
base: 'base-branch'
});
The 'github' npm package is another client library for the GitHub API. It offers similar functionalities to @octokit/rest but has been deprecated in favor of @octokit/rest, which is its direct successor. @octokit/rest provides a more modern and feature-rich interface.
The 'node-github' package is an older client for the GitHub API, offering basic functionalities to interact with GitHub resources. Compared to @octokit/rest, it might not be as up-to-date or feature-rich, as @octokit/rest is the official client library recommended by GitHub.
GitHub REST API client for Node.js
Install with npm install @octokit/rest
.
const octokit = require('@octokit/rest')()
// Compare: https://developer.github.com/v3/repos/#list-organization-repositories
octokit.repos.getForOrg({
org: 'octokit',
type: 'public'
}).then(({data}) => {
// handle data
})
Download octokit-rest.min.js
from the latest release: https://github.com/octokit/rest.js/releases
Load it as script into your web application:
<script scr="octokit-rest.min.js"></script>
Initialize octokit
const octokit = new Octokit()
// Compare: https://developer.github.com/v3/repos/#list-organization-repositories
octokit.repos.getForOrg({
org: 'octokit',
type: 'public'
}).then(({data}) => {
// handle data
})
All available client options with default values
const octokit = require('@octokit/rest')({
timeout: 0, // 0 means no request timeout
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit/rest.js v1.2.3' // v1.2.3 will be current version
},
// custom GitHub Enterprise URL
baseUrl: 'https://api.github.com',
// Node only: advanced request options can be passed as http(s) agent
agent: undefined
})
@octokit/rest
API docs: https://octokit.github.io/rest.js/
GitHub v3 REST API docs: https://developer.github.com/v3/
To take advantage of GitHub’s API Previews,
pass a custom accept
header, which you can do with any endpoint method documented
in the API docs, e.g.
const {data: {topics}} = octokit.repos.get({
owner: 'octokit',
repo: 'rest.js',
headers: {
accept: 'application/vnd.github.mercy-preview+json'
}
})
Multiple preview headers can be combined by separating them with commas
const {data: {topics, code_of_conduct}} = octokit.repos.get({
owner: 'octokit',
repo: 'rest.js',
headers: {
accept: 'application/vnd.github.mercy-preview+json,application/vnd.github.scarlet-witch-preview+json'
}
})
Most GitHub API calls don't require authentication. Rules of thumb:
// basic
octokit.authenticate({
type: 'basic',
username: 'yourusername',
password: 'password'
})
// oauth
octokit.authenticate({
type: 'oauth',
token: 'secrettoken123'
})
// oauth key/secret (to get a token)
octokit.authenticate({
type: 'oauth',
key: 'client_id',
secret: 'client_secret'
})
// token (https://github.com/settings/tokens)
octokit.authenticate({
type: 'token',
token: 'secrettoken123'
})
// GitHub app
octokit.authenticate({
type: 'integration',
token: 'secrettoken123'
})
Note: authenticate
is synchronous because it only sets the credentials
for the following requests.
There are a few pagination-related methods:
hasNextPage(response)
hasPreviousPage(response)
hasFirstPage(response)
hasLastPage(response)
getNextPage(response)
getPreviousPage(response)
getFirstPage(response)
getLastPage(response)
Usage
async function paginate (method) {
let response = await method({per_page: 100})
let {data} = response
while (octokit.hasNextPage(response)) {
response = await octokit.getNextPage(response)
data = data.concat(response.data)
}
return data
}
paginate(octokit.repos.getAll)
.then(data => {
// handle all results
})
Set DEBUG=octokit:rest*
for additional debug logs.
Before running any tests you have to start the fixtures server
$ npm run start-fixtures-server
In a second terminal, run the tests
$ npm test
Or run a specific test
$ ./node_modules/.bin/mocha test/scenarios/get-repository-test.js
Run browser tests
$ npm run test:browser
Note: In order to run the same scenario tests in both Node and browser, we simulate the Cypress environment in Node, see test/mocha-node-setup.js.
The examples are run as part of the tests. You can set an EXAMPLES_GITHUB_TOKEN
environment
variable (or set it in a .env
file) to avoid running against GitHub's rate limit.
We would love you to contribute to @octokit/rest
, pull requests are very welcomed!
Please see CONTRIBUTING.md for more information.
@octokit/rest
was originally created as node-github
in 2012 by Mike de Boer from Cloud9 IDE, Inc.
It was adopted and renamed by GitHub in 2017
FAQs
GitHub REST API client for Node.js
The npm package @octokit/rest receives a total of 2,456,769 weekly downloads. As such, @octokit/rest popularity was classified as popular.
We found that @octokit/rest demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.