Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
bright-superagent
Advanced tools
Readme
use .disableStrictSSL(), otherwise defaults to true
This is a valid use case, because simply ignoring security for the entire process with process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0 is unacceptable, and should be allowed to be set on a per request basis.
see https://github.com/visionmedia/superagent/pull/832/commits
SuperAgent is a small progressive client-side and Node.js HTTP request library, sporting many high-level HTTP client features. View the docs.
node:
$ npm install superagent
Works with browserify and webpack.
const res = await request
.post('/api/pet')
.send({ name: 'Manny', species: 'cat' }) // sends a JSON post body
.set('X-API-Key', 'foobar')
.set('accept', 'json');
Tested browsers:
window.FormData
is required for .field()
.Node 6 or later is required. For older browsers ES6-to-ES5 translation (like Babel) is required.
SuperAgent is easily extended via plugins.
const nocache = require('superagent-no-cache');
const request = require('superagent');
const prefix = require('superagent-prefix')('/static');
request
.get('/some-url')
.query({ action: 'edit', city: 'London' }) // query string
.use(prefix) // Prefixes *only* this request
.use(nocache) // Prevents caching of *only* this request
.end((err, res) => {
// Do something
});
Existing plugins:
res.$
on html responsesPlease prefix your plugin with superagent-*
so that it can easily be found by others.
For SuperAgent extensions such as couchdb and oauth visit the wiki.
Our breaking changes are mostly in rarely used functionality and from stricter error handling.
.end()
callbacks to .then()
or await
..send()
multiple times. Invalid calls to .send()
will now throw instead of sending garbage..parse()
in the browser version, rename it to .serialize()
.undefined
in query-string values being sent literally as the text "undefined", switch to checking for missing value instead. ?key=undefined
is now ?key
(without a value)..then()
in Internet Explorer, ensure that you have a polyfill that adds a global Promise
object..end(function(res){})
use .then(res => {})
.Install dependencies:
$ npm install
Run em!
$ make test
Install dependencies:
$ npm install
Start the test runner:
$ make test-browser-local
Visit http://localhost:4000/__zuul
in your browser.
Edit tests and refresh your browser. You do not have to restart the test runner.
npm (for node) is configured via the package.json
file and the .npmignore
file. Key metadata in the package.json
file is the version
field which should be changed according to semantic versioning and have a 1-1 correspondence with git tags. So for example, if you were to git show v1.5.0:package.json | grep version
, you should see "version": "1.5.0",
and this should hold true for every release. This can be handled via the npm version
command. Be aware that when publishing, npm will presume the version being published should also be tagged in npm as latest
, which is OK for normal incremental releases. For betas and minor/patch releases to older versions, be sure to include --tag
appropriately to avoid an older release getting tagged as latest
.
npm (for browser standalone) When we publish versions to npm, we run make superagent.js
which generates the standalone superagent.js
file via browserify
, and this file is included in the package published to npm (but this file is never checked into the git repository). If users want to install via npm but serve a single .js
file directly to the browser, the node_modules/superagent/superagent.js
is a standalone browserified file ready to go for that purpose. It is not minified.
npm (for browserify) is handled via the package.json
browser
field which allows users to install SuperAgent via npm, reference it from their browser code with require('superagent')
, and then build their own application bundle via browserify
, which will use lib/client.js
as the SuperAgent entrypoint.
bower is configured via the bower.json
file. Bower installs files directly from git/github without any transformation, so you must use Browserify or Webpack (or use npm).
MIT
FAQs
elegant & feature rich browser / node HTTP with a fluent API / add github user Whoaa512's commit daeba63faf185c015d61e2df5d60ecdad301d86e
The npm package bright-superagent receives a total of 1 weekly downloads. As such, bright-superagent popularity was classified as not popular.
We found that bright-superagent demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.