Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
digest-fetch
Advanced tools
The digest-fetch npm package is a library that provides HTTP Digest Access Authentication for making HTTP requests. It is particularly useful for interacting with APIs that require digest authentication, which is a more secure method compared to basic authentication.
Basic Usage
This feature demonstrates how to create a DigestFetch client with a username and password, and make a simple authenticated GET request.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
client.fetch('http://httpbin.org/digest-auth/auth/user/pass').then(response => response.json()).then(data => console.log(data));
Custom Headers
This feature shows how to add custom headers to the request. The headers are specified in the options object passed to the fetch method.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
const options = {
headers: {
'Custom-Header': 'CustomValue'
}
};
client.fetch('http://httpbin.org/digest-auth/auth/user/pass', options).then(response => response.json()).then(data => console.log(data));
POST Request
This feature demonstrates how to make a POST request with a JSON body. The method and body are specified in the options object passed to the fetch method.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
const options = {
method: 'POST',
body: JSON.stringify({ key: 'value' }),
headers: {
'Content-Type': 'application/json'
}
};
client.fetch('http://httpbin.org/digest-auth/auth/user/pass', options).then(response => response.json()).then(data => console.log(data));
Axios is a popular HTTP client for Node.js and the browser. While it does not natively support digest authentication, it can be extended with custom interceptors to handle digest authentication. Axios is more versatile and widely used compared to digest-fetch.
Node-fetch is a lightweight module that brings window.fetch to Node.js. Similar to axios, it does not natively support digest authentication but can be extended with custom logic. Node-fetch is simpler and more lightweight compared to digest-fetch.
Request is a comprehensive HTTP client for Node.js that supports various authentication methods, including digest authentication. However, it is now deprecated and not recommended for new projects. Request is more feature-rich but less maintained compared to digest-fetch.
digest auth request plugin for fetch/node-fetch.
// dependencies for node
npm install crypto-js node-fetch
// for browers, if to use it directly, please indcude file `digest-fetch.js` in a <script/>
<script type="application/javascript" src="path-to-digest-fetch.js'></script>
const DigestFetch = require('digest-fetch')
const digestOptions = {
cnonceSize: 32, // length of cnonce, default: 32
logger: console, // logger for debug, default: none
algorithm: 'MD5' // only 'MD5' is supported now
}
const client = new DigestFetch('user', 'password', digestOptions)
// do request same way as fetch or node-fetch
const url = ''
const options = {}
client.fetch(url, options)
.then(resp=>resp.json())
.then(data=>console.log(data))
.catch(e=>console.error(e))
// pass in refresh request options factory function for conditions options needs be refreshed when trying again.
// etc: when posting with file stream
const factory = () => ({ method: 'post', body: fs.createReadStream('path-to-file') })
client.fetch(url, {factory})
.then(resp=>resp.json())
.then(data=>console.log(data))
.catch(e=>console.error(e))
FAQs
digest auth request plugin for fetch/node-fetch also support http basic auth authentication
The npm package digest-fetch receives a total of 93,762 weekly downloads. As such, digest-fetch popularity was classified as popular.
We found that digest-fetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.