Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Sindre's open source work is supported by the community.
Special thanks to:
Human-friendly and powerful HTTP request library for Node.js
See how Got compares to other HTTP libraries
For browser usage, we recommend Ky by the same people.
Support questions should be asked here.
npm install got
Warning: This package is native ESM and no longer provides a CommonJS export. If your project uses CommonJS, you'll have to convert to ESM or use the dynamic import()
function. Please don't open issues for questions regarding CommonJS / ESM. You can also use Got v11 instead which is pretty stable. We will backport security fixes to v11 for the foreseeable future.
A quick start guide is available.
Got has a dedicated option for handling JSON payload.
Furthermore, the promise exposes a .json<T>()
function that returns Promise<T>
.
import got from 'got';
const {data} = await got.post('https://httpbin.org/anything', {
json: {
hello: 'world'
}
}).json();
console.log(data);
//=> {"hello": "world"}
For advanced JSON usage, check out the parseJson
and stringifyJson
options.
For more useful tips like this, visit the Tips page.
By default, Got will retry on failure. To disable this option, set options.retry.limit
to 0.
got4aws
- Got convenience wrapper to interact with AWS v4 signed APIsgh-got
- Got convenience wrapper to interact with the GitHub APIgl-got
- Got convenience wrapper to interact with the GitLab APIgotql
- Got convenience wrapper to interact with GraphQL using JSON-parsed queries instead of stringsgot-fetch
- Got with a fetch
interfacegot-scraping
- Got wrapper specifically designed for web scraping purposesgot-ssrf
- Got wrapper to protect server-side requests against SSRF attacksgot | request | node-fetch | ky | axios | superagent | |
---|---|---|---|---|---|---|
HTTP/2 support | :heavy_check_mark:¹ | :x: | :x: | :x: | :x: | :heavy_check_mark:** |
Browser support | :x: | :x: | :heavy_check_mark:* | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Promise API | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Stream API | :heavy_check_mark: | :heavy_check_mark: | Node.js only | :x: | :x: | :heavy_check_mark: |
Pagination API | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
Request cancelation | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
RFC compliant caching | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
Cookies (out-of-box) | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
Follows redirects | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Retries on failure | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :x: | :heavy_check_mark: |
Progress events | :heavy_check_mark: | :x: | :x: | :heavy_check_mark:*** | Browser only | :heavy_check_mark: |
Handles gzip/deflate | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Advanced timeouts | :heavy_check_mark: | :x: | :x: | :x: | :x: | :x: |
Timings | :heavy_check_mark: | :heavy_check_mark: | :x: | :x: | :x: | :x: |
Errors with metadata | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
JSON mode | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
Custom defaults | :heavy_check_mark: | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
Composable | :heavy_check_mark: | :x: | :x: | :x: | :x: | :heavy_check_mark: |
Hooks | :heavy_check_mark: | :x: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
Issues open | ||||||
Issues closed | ||||||
Downloads | ||||||
Coverage | TBD | |||||
Build | ||||||
Bugs | ||||||
Dependents | ||||||
Install size | ||||||
GitHub stars | ||||||
TypeScript support | ||||||
Last commit |
* It's almost API compatible with the browser fetch
API.
** Need to switch the protocol manually. Doesn't accept PUSH streams and doesn't reuse HTTP/2 sessions.
*** Currently, only DownloadProgress
event is supported, UploadProgress
event is not supported.
¹ Requires Node.js 15.10.0 or above.
:sparkle: Almost-stable feature, but the API may change. Don't hesitate to try it out!
:grey_question: Feature in early stage of development. Very experimental.
Click here to see the install size of the Got dependencies.
Sindre Sorhus | Szymon Marczak |
Segment is a happy user of Got! Got powers the main backend API that our app talks to. It's used by our in-house RPC client that we use to communicate with all microservices.
Antora, a static site generator for creating documentation sites, uses Got to download the UI bundle. In Antora, the UI bundle (aka theme) is maintained as a separate project. That project exports the UI as a zip file we call the UI bundle. The main site generator downloads that UI from a URL using Got and streams it to vinyl-zip to extract the files. Those files go on to be used to create the HTML pages and supporting assets.
GetVoIP is happily using Got in production. One of the unique capabilities of Got is the ability to handle Unix sockets which enables us to build a full control interfaces for our docker stack.
We're using Got inside of Exoframe to handle all the communication between CLI and server. Exoframe is a self-hosted tool that allows simple one-command deployments using Docker.
Karaoke Mugen uses Got to fetch content updates from its online server.
Renovate uses Got, gh-got and gl-got to send millions of queries per day to GitHub, GitLab, npmjs, PyPi, Packagist, Docker Hub, Terraform, CircleCI, and more.
Resistbot uses Got to communicate from the API frontend where all correspondence ingresses to the officials lookup database in back.
Natural Cycles is using Got to communicate with all kinds of 3rd-party REST APIs (over 9000!).
Microlink is a cloud browser as an API service that uses Got widely as the main HTTP client, serving ~22M requests a month, every time a network call needs to be performed.
We’re using Got at Radity. Thanks for such an amazing work!
Got has been a crucial component of Apify's scraping for years. We use it to extract data from billions of web pages every month, and we really appreciate the powerful API and extensibility, which allowed us to build our own specialized HTTP client on top of Got. The support has always been stellar too.
Available as part of the Tidelift Subscription.
The maintainers of got
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
Human-friendly and powerful HTTP request library for Node.js
We found that got-cjs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.