Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
digest-fetch
Advanced tools
digest auth request plugin for fetch/node-fetch also support http basic auth authentication
The digest-fetch npm package is a library that provides HTTP Digest Access Authentication for making HTTP requests. It is particularly useful for interacting with APIs that require digest authentication, which is a more secure method compared to basic authentication.
Basic Usage
This feature demonstrates how to create a DigestFetch client with a username and password, and make a simple authenticated GET request.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
client.fetch('http://httpbin.org/digest-auth/auth/user/pass').then(response => response.json()).then(data => console.log(data));
Custom Headers
This feature shows how to add custom headers to the request. The headers are specified in the options object passed to the fetch method.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
const options = {
headers: {
'Custom-Header': 'CustomValue'
}
};
client.fetch('http://httpbin.org/digest-auth/auth/user/pass', options).then(response => response.json()).then(data => console.log(data));
POST Request
This feature demonstrates how to make a POST request with a JSON body. The method and body are specified in the options object passed to the fetch method.
const DigestFetch = require('digest-fetch');
const client = new DigestFetch('username', 'password');
const options = {
method: 'POST',
body: JSON.stringify({ key: 'value' }),
headers: {
'Content-Type': 'application/json'
}
};
client.fetch('http://httpbin.org/digest-auth/auth/user/pass', options).then(response => response.json()).then(data => console.log(data));
Axios is a popular HTTP client for Node.js and the browser. While it does not natively support digest authentication, it can be extended with custom interceptors to handle digest authentication. Axios is more versatile and widely used compared to digest-fetch.
Node-fetch is a lightweight module that brings window.fetch to Node.js. Similar to axios, it does not natively support digest authentication but can be extended with custom logic. Node-fetch is simpler and more lightweight compared to digest-fetch.
Request is a comprehensive HTTP client for Node.js that supports various authentication methods, including digest authentication. However, it is now deprecated and not recommended for new projects. Request is more feature-rich but less maintained compared to digest-fetch.
digest auth request plugin for fetch/node-fetch also supports http basic authentication
For digest-fetch 3.0.0 or above
npm install digest-fetch@latest node-fetch@latest
For digest-fetch 2.0.3 or below
npm install digest-fetch@v2 node-fetch@v2
// Use require for digest-fetch 2.0.3 or below
const DigestClient = require('digest-fetch')
// Use import
import DigestClient from "digest-fetch"
For digest-fetch 3.0.0 or above
Since digest-fetch becomes ES module starting 3.0.0, you need to set your project as module to use import.
"type": "module"
in your package.json--esm
for ts-node like npx ts-node --esm src/index.ts
"module": "ESNext", "moduleResolution": "node"
in your tsconfig.json// Install dependencies
npm install digest-fetch@latest node-fetch@latest
// Import
import DigestClient from "digest-fetch"
For digest-fetch 2.0.3 or below
// Install dependencies
npm install digest-fetch@v2 node-fetch@v2
// Import
import DigestClient from "digest-fetch"
Create a client using basic authentication challenge
const client = new DigestClient('user', 'password', { basic: true })
client.fetch(url, options).then(res => res.json).then(console.dir)
Create a digest authentication request client with default options
const client = new DigestClient('user', 'password')
Specify options for digest authentication
const client = new DigestClient('user', 'password', { algorithm: 'MD5' })
Supported Algorithm
['MD5', 'MD5-sess', 'SHA-256', 'SHA-256-sess', 'SHA-512-256', 'SHA-512-256-sess']
Options fields:
field | type | default | description |
---|---|---|---|
algorithm | string | 'MD5' | algorithm to be used: 'MD5', 'SHA-256', 'SHA-512-256' or with '-sess' |
statusCode | number | 401 | custom alternate authentication failure code for avoiding browser prompt, see details below |
cnonceSize | number | 32 | length of the cnonce |
logger | object | none | logger for debug, can use console , default no logging |
basic | bool | false | switch to use basic authentication |
precomputeHash | bool | false | wether to attach hash of credentials to the client instance instead of raw credential |
Details:
Do request same way as fetch or node-fetch
const url = ''
const options = {}
client.fetch(url, options)
.then(resp=>resp.json())
.then(data=>console.log(data))
.catch(e=>console.error(e))
Pass in refresh request options factory function for conditions options needs be refreshed when trying again. For example when posting with file stream:
const factory = () => ({ method: 'post', body: fs.createReadStream('path-to-file') })
client.fetch(url, {factory})
.then(resp=>resp.json())
.then(data=>console.log(data))
.catch(e=>console.error(e))
Digest authentication: https://en.wikipedia.org/wiki/Digest_access_authentication or https://www.rfc-editor.org/rfc/rfc7616 This plugin is implemented following RFC2069, RFC2617 and RFC7616 supports http basic authentication as well!
Please open issues if you find bugs or meet problems during using this plugin. Feel free to open PRs whenever you have better ideas on this project!
FAQs
digest auth request plugin for fetch/node-fetch also support http basic auth authentication
The npm package digest-fetch receives a total of 93,762 weekly downloads. As such, digest-fetch popularity was classified as popular.
We found that digest-fetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.