Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@titelmedia/node-fetch
Advanced tools
A light-weight module that brings the Fetch API to node.js; Forked from https://npm.im/node-fetch
A light-weight module that brings window.fetch
to Node.js
Instead of implementing XMLHttpRequest
in Node.js to run browser-specific Fetch polyfill, why not go from native http
to fetch
API directly? Hence node-fetch
, minimal code for a window.fetch
compatible API on Node.js runtime.
See Matt Andrews' isomorphic-fetch or Leonardo Quixada's cross-fetch for isomorphic usage (exports node-fetch
for server-side, whatwg-fetch
for client-side).
window.fetch
API.res.text()
output to UTF-8 optionally.window.fetch
offers, feel free to open an issue.Stable release (2.x
)
$ npm install node-fetch --save
Note that documentation below is up-to-date with 2.x
releases, see 1.x
readme, changelog and 2.x upgrade guide if you want to find out the difference.
import fetch from 'node-fetch';
// or
// const fetch = require('node-fetch');
// if you are using your own Promise library, set it through fetch.Promise. Eg.
// import Bluebird from 'bluebird';
// fetch.Promise = Bluebird;
// plain text or html
fetch('https://github.com/')
.then(res => res.text())
.then(body => console.log(body));
// json
fetch('https://api.github.com/users/github')
.then(res => res.json())
.then(json => console.log(json));
// catching network error
// 3xx-5xx responses are NOT network errors, and should be handled in then()
// you only need one catch() at the end of your promise chain
fetch('http://domain.invalid/')
.catch(err => console.error(err));
// stream
// the node.js way is to use stream when possible
fetch('https://assets-cdn.github.com/images/modules/logos_page/Octocat.png')
.then(res => {
return new Promise((resolve, reject) => {
const dest = fs.createWriteStream('./octocat.png');
res.body.pipe(dest);
res.body.on('error', err => {
reject(err);
});
dest.on('finish', () => {
resolve();
});
dest.on('error', err => {
reject(err);
});
});
});
// buffer
// if you prefer to cache binary data in full, use buffer()
// note that buffer() is a node-fetch only API
import fileType from 'file-type';
fetch('https://assets-cdn.github.com/images/modules/logos_page/Octocat.png')
.then(res => res.buffer())
.then(buffer => fileType(buffer))
.then(type => { /* ... */ });
// meta
fetch('https://github.com/')
.then(res => {
console.log(res.ok);
console.log(res.status);
console.log(res.statusText);
console.log(res.headers.raw());
console.log(res.headers.get('content-type'));
});
// post
fetch('http://httpbin.org/post', { method: 'POST', body: 'a=1' })
.then(res => res.json())
.then(json => console.log(json));
// post with stream from file
import { createReadStream } from 'fs';
const stream = createReadStream('input.txt');
fetch('http://httpbin.org/post', { method: 'POST', body: stream })
.then(res => res.json())
.then(json => console.log(json));
// post with JSON
var body = { a: 1 };
fetch('http://httpbin.org/post', {
method: 'POST',
body: JSON.stringify(body),
headers: { 'Content-Type': 'application/json' },
})
.then(res => res.json())
.then(json => console.log(json));
// post form parameters (x-www-form-urlencoded)
import { URLSearchParams } from 'url';
const params = new URLSearchParams();
params.append('a', 1);
fetch('http://httpbin.org/post', { method: 'POST', body: params })
.then(res => res.json())
.then(json => console.log(json));
// post with form-data (detect multipart)
import FormData from 'form-data';
const form = new FormData();
form.append('a', 1);
fetch('http://httpbin.org/post', { method: 'POST', body: form })
.then(res => res.json())
.then(json => console.log(json));
// post with form-data (custom headers)
// note that getHeaders() is non-standard API
import FormData from 'form-data';
const form = new FormData();
form.append('a', 1);
fetch('http://httpbin.org/post', { method: 'POST', body: form, headers: form.getHeaders() })
.then(res => res.json())
.then(json => console.log(json));
// node 7+ with async function
(async function () {
const res = await fetch('https://api.github.com/users/github');
const json = await res.json();
console.log(json);
})();
See test cases for more examples.
url
A string representing the URL for fetchingoptions
Options for the HTTP(S) requestPromise<Response>
Perform an HTTP(S) fetch.
url
should be an absolute url, such as http://example.com/
. A path-relative URL (/file/under/root
) or protocol-relative URL (//can-be-http-or-https.com/
) will result in a rejected promise.
The default values are shown after each option key.
{
// These properties are part of the Fetch Standard
method: 'GET',
headers: {}, // request headers. format is the identical to that accepted by the Headers constructor (see below)
body: null, // request body. can be null, a string, a Buffer, a Blob, or a Node.js Readable stream
redirect: 'follow', // set to `manual` to extract redirect headers, `error` to reject redirect
// The following properties are node-fetch extensions
follow: 20, // maximum redirect count. 0 to not follow redirect
timeout: 0, // req/res timeout in ms, it resets on redirect. 0 to disable (OS limit applies)
compress: true, // support gzip/deflate content encoding. false to disable
size: 0, // maximum response body size in bytes. 0 to disable
agent: null // http(s).Agent instance, allows custom proxy, certificate, lookup, family etc.
}
If no values are set, the following request headers will be sent automatically:
Header | Value |
---|---|
Accept-Encoding | gzip,deflate (when options.compress === true ) |
Accept | */* |
Connection | close (when no options.agent is present) |
Content-Length | (automatically calculated, if possible) |
User-Agent | node-fetch/1.0 (+https://github.com/bitinn/node-fetch) |
An HTTP(S) request containing information about URL, method, headers, and the body. This class implements the Body interface.
Due to the nature of Node.js, the following properties are not implemented at this moment:
type
destination
referrer
referrerPolicy
mode
credentials
cache
integrity
keepalive
The following node-fetch extension properties are provided:
follow
compress
counter
agent
See options for exact meaning of these extensions.
(spec-compliant)
input
A string representing a URL, or another Request
(which will be cloned)options
[Options][#fetch-options] for the HTTP(S) requestConstructs a new Request
object. The constructor is identical to that in the browser.
In most cases, directly fetch(url, options)
is simpler than creating a Request
object.
An HTTP(S) response. This class implements the Body interface.
The following properties are not implemented in node-fetch at this moment:
Response.error()
Response.redirect()
type
redirected
trailer
(spec-compliant)
body
A string or Readable streamoptions
A ResponseInit
options dictionaryConstructs a new Response
object. The constructor is identical to that in the browser.
Because Node.js does not implement service workers (for which this class was designed), one rarely has to construct a Response
directly.
Convenience property representing if the request ended normally. Will evaluate to true if the response status was greater than or equal to 200 but smaller than 300.
This class allows manipulating and iterating over a set of HTTP headers. All methods specified in the Fetch Standard are implemented.
(spec-compliant)
init
Optional argument to pre-fill the Headers
objectConstruct a new Headers
object. init
can be either null
, a Headers
object, an key-value map object, or any iterable object.
// Example adapted from https://fetch.spec.whatwg.org/#example-headers-class
const meta = {
'Content-Type': 'text/xml',
'Breaking-Bad': '<3'
};
const headers = new Headers(meta);
// The above is equivalent to
const meta = [
[ 'Content-Type', 'text/xml' ],
[ 'Breaking-Bad', '<3' ]
];
const headers = new Headers(meta);
// You can in fact use any iterable objects, like a Map or even another Headers
const meta = new Map();
meta.set('Content-Type', 'text/xml');
meta.set('Breaking-Bad', '<3');
const headers = new Headers(meta);
const copyOfHeaders = new Headers(headers);
Body
is an abstract interface with methods that are applicable to both Request
and Response
classes.
The following methods are not yet implemented in node-fetch at this moment:
formData()
(deviation from spec)
Readable
streamThe data encapsulated in the Body
object. Note that while the Fetch Standard requires the property to always be a WHATWG ReadableStream
, in node-fetch it is a Node.js Readable
stream.
(spec-compliant)
Boolean
A boolean property for if this body has been consumed. Per spec, a consumed body cannot be used again.
(spec-compliant)
Promise
Consume the body and return a promise that will resolve to one of these formats.
(node-fetch extension)
Promise<Buffer>
Consume the body and return a promise that will resolve to a Buffer.
(node-fetch extension)
Promise<String>
Identical to body.text()
, except instead of always converting to UTF-8, encoding sniffing will be performed and text converted to UTF-8, if possible.
(node-fetch extension)
An operational error in the fetching process. See ERROR-HANDLING.md for more info.
MIT
Thanks to github/fetch for providing a solid implementation reference.
FAQs
A light-weight module that brings the Fetch API to node.js; Forked from https://npm.im/node-fetch
We found that @titelmedia/node-fetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.