Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The 'got' npm package is a human-friendly and powerful HTTP request library for Node.js. It provides an easy-to-use API for making HTTP requests and supports many features like streams, pagination, JSON parsing, and more.
Simplified HTTP requests
This feature allows you to perform HTTP GET requests with a promise-based API. The example shows how to fetch a webpage and log the HTML content.
const got = require('got');
got('https://sindresorhus.com').then(response => {
console.log(response.body);
}).catch(error => {
console.log(error.response.body);
});
JSON support
This feature automatically parses JSON responses. The example demonstrates fetching JSON data from an API and logging the parsed object.
const got = require('got');
got('https://api.example.com/data', { responseType: 'json' }).then(response => {
console.log(response.body);
}).catch(error => {
console.log(error.response.body);
});
POST requests
This feature allows you to send POST requests with JSON bodies. The example shows how to send a POST request with a JSON payload and receive a JSON response.
const got = require('got');
got.post('https://api.example.com/submit', {
json: {
key: 'value'
},
responseType: 'json'
}).then(response => {
console.log(response.body);
}).catch(error => {
console.log(error.response.body);
});
Error handling
This feature provides comprehensive error handling for various types of request failures. The example demonstrates how to handle different error scenarios when a request fails.
const got = require('got');
got('https://api.example.com/wrong-endpoint').then(response => {
console.log(response.body);
}).catch(error => {
if (error.response) {
console.log('The server responded with a non-2xx status code.');
} else if (error.request) {
console.log('The request was made but no response was received');
} else {
console.log('An error occurred when trying to perform the request.');
}
});
Stream support
This feature allows you to use got as a stream. The example shows how to stream a webpage's content and write it to a file.
const got = require('got');
const fs = require('fs');
const stream = got.stream('https://sindresorhus.com');
stream.pipe(fs.createWriteStream('index.html'));
Axios is a promise-based HTTP client for the browser and Node.js. It provides an API similar to got but also works in the browser. Axios has interceptors that allow you to transform requests and responses before they are handled by then or catch.
Request is a simplified HTTP request client that was very popular but is now deprecated. It had a callback-based API but also supported promises. Got is considered a modern alternative to Request with promise support by default.
Node-fetch is a light-weight module that brings the Fetch API to Node.js. It is a minimalistic and straightforward API that resembles the Fetch API provided by modern browsers, making it familiar to front-end developers.
Superagent is a small progressive client-side HTTP request library. It has a fluent API that allows chaining methods to configure requests, and it can be used on both server and client side. Compared to got, it has a more object-oriented style.
Simplified HTTP requests
Got is a human-friendly and powerful HTTP request library.
It was created because the popular request
package is bloated:
Got is for Node.js. For browsers, we recommend Ky.
This readme reflects the next major version that is currently in development. You probably want the v9 readme.
See how Got compares to other HTTP libraries
$ npm install got
const got = require('got');
(async () => {
try {
const response = await got('https://sindresorhus.com');
console.log(response.body);
//=> '<!doctype html> ...'
} catch (error) {
console.log(error.response.body);
//=> 'Internal server error ...'
}
})();
const stream = require('stream');
const {promisify} = require('util');
const fs = require('fs');
const got = require('got');
const pipeline = promisify(stream.pipeline);
(async () => {
await pipeline(
got.stream('https://sindresorhus.com'),
fs.createWriteStream('index.html')
);
// For POST, PUT, and PATCH methods `got.stream` returns a `stream.Writable`
await pipeline(
fs.createReadStream('index.html'),
got.stream.post('https://sindresorhus.com')
);
})();
Tip: Using from.pipe(to)
doesn't forward errors. If you use it, switch to Stream.pipeline(from, ..., to, callback)
instead (available from Node v10).
It's a GET
request by default, but can be changed by using different methods or via options.method
.
Returns a Promise for a response
object or a stream if options.isStream
is set to true.
Type: string | object
The URL to request, as a string, a https.request
options object, or a WHATWG URL
.
Properties from options
will override properties in the parsed url
.
If no protocol is specified, it will throw a TypeError
.
Note: this can also be an option.
Type: object
Any of the https.request
options.
Type: string | URL
When specified, prefixUrl
will be prepended to url
. The prefix can be any valid URL, either relative or absolute. A trailing slash /
is optional, one will be added automatically, if needed, when joining prefixUrl
and url
. The url
argument cannot start with a /
when using this option.
Useful when used with got.extend()
to create niche-specific Got-instances.
Note: prefixUrl
will be ignored if the url
argument is a URL instance.
Tip: If the input URL still contains the initial prefixUrl
, you can change it as many times as you want. Otherwise it will throw an error.
const got = require('got');
(async () => {
await got('unicorn', {prefixUrl: 'https://cats.com'});
//=> 'https://cats.com/unicorn'
const instance = got.extend({
prefixUrl: 'https://google.com'
});
await instance('unicorn', {
hooks: {
beforeRequest: [
options => {
options.prefixUrl = 'https://cats.com';
}
]
}
});
//=> 'https://cats.com/unicorn'
})();
Type: object
Default: {}
Request headers.
Existing headers will be overwritten. Headers set to undefined
will be omitted.
Type: boolean
Default: false
Returns a Stream
instead of a Promise
. This is equivalent to calling got.stream(url, [options])
.
Type: string | Buffer | stream.Readable
or form-data
instance
Note: The body
option cannot be used with the json
or form
option.
Note: If you provide this option, got.stream()
will be read-only.
If present in options
and options.method
is not set, it will throw a TypeError
.
The content-length
header will be automatically set if body
is a string
/ Buffer
/ fs.createReadStream
instance / form-data
instance, and content-length
and transfer-encoding
are not manually set in options.headers
.
Type: object | Array | number | string | boolean | null
(JSON-serializable values)
Note: If you provide this option, got.stream()
will be read-only.
JSON body. If the Content-Type
header is not set, it will be set to application/json
.
Type: object
User data. In contrast to other options, context
is not enumerable.
Note: The object is never merged, it's just passed through. Got will not modify the object in any way.
It's very useful for storing auth tokens:
const got = require('got');
const instance = got.extend({
hooks: {
beforeRequest: [
options => {
if (!options.context && !options.context.token) {
throw new Error('Token required');
}
options.headers.token = options.context.token;
}
]
}
});
(async () => {
const context = {
token: 'secret'
};
const response = await instance('https://httpbin.org/headers', {context});
// Let's see the headers
console.log(response.body);
})();
Type: string
Default: 'default'
Note: When using streams, this option is ignored.
Parsing method used to retrieve the body from the response.
'default'
- if options.encoding
is null
, the body will be a Buffer. Otherwise it will be a string unless it's overwritten in a afterResponse
hook,'text'
- will always give a string, no matter what's the options.encoding
or if the body is a custom object,'json'
- will always give an object, unless it's invalid JSON - then it will throw.'buffer'
- will always give a Buffer, no matter what's the options.encoding
. It will throw if the body is a custom object.The promise has .json()
and .buffer()
and .text()
functions which set this option automatically.
Example:
const {body} = await got(url).json();
Type: string
Default: false
When set to true
the promise will return the Response body instead of the Response object.
Type: object
| tough.CookieJar
instance
Note: If you provide this option, options.headers.cookie
will be overridden.
Cookie support. You don't have to care about parsing or how to store them. Example.
Type: Function<Promise>
The function takes two arguments: rawCookie
(string
) and url
(string
).
Type: Function<Promise>
The function takes one argument: url
(string
).
Type: boolean
Default: false
Ignore invalid cookies instead of throwing an error. Only useful when the cookieJar
option has been set. Not recommended.
Type: string | null
Default: 'utf8'
Encoding to be used on setEncoding
of the response data. If null
, the body is returned as a Buffer
(binary data).
Type: object | true
Note: If you provide this option, got.stream()
will be read-only.
The form body is converted to query string using (new URLSearchParams(object)).toString()
.
If set to true
and the Content-Type
header is not set, it will be set to application/x-www-form-urlencoded
.
Type: string | object<string, string | number> | URLSearchParams
Query string that will be added to the request URL. This will override the query string in url
.
If you need to pass in an array, you can do it using a URLSearchParams
instance:
const got = require('got');
const searchParams = new URLSearchParams([['key', 'a'], ['key', 'b']]);
got('https://example.com', {searchParams});
console.log(searchParams.toString());
//=> 'key=a&key=b'
And if you need a different array format, you could use the query-string
package:
const got = require('got');
const queryString = require('query-string');
const searchParams = queryString.stringify({key: ['a', 'b']}, {arrayFormat: 'bracket'});
got('https://example.com', {searchParams});
console.log(searchParams);
//=> 'key[]=a&key[]=b'
Type: number | object
Milliseconds to wait for the server to end the response before aborting the request with got.TimeoutError
error (a.k.a. request
property). By default, there's no timeout.
This also accepts an object
with the following fields to constrain the duration of each phase of the request lifecycle:
lookup
starts when a socket is assigned and ends when the hostname has been resolved. Does not apply when using a Unix domain socket.connect
starts when lookup
completes (or when the socket is assigned if lookup does not apply to the request) and ends when the socket is connected.secureConnect
starts when connect
completes and ends when the handshaking process completes (HTTPS only).socket
starts when the socket is connected. See request.setTimeout.response
starts when the request has been written to the socket and ends when the response headers are received.send
starts when the socket is connected and ends with the request has been written to the socket.request
starts when the request is initiated and ends when the response's end event fires.Type: number | object
Default:
2
(attemptCount, retryOptions, error, computedValue) => computedValue
GET
PUT
HEAD
DELETE
OPTIONS
TRACE
408
413
429
500
502
503
504
undefined
ETIMEDOUT
ECONNRESET
EADDRINUSE
ECONNREFUSED
EPIPE
ENOTFOUND
ENETUNREACH
EAI_AGAIN
An object representing limit
, calculateDelay
, methods
, statusCodes
, maxRetryAfter
and errorCodes
fields for maximum retry count, retry handler, allowed methods, allowed status codes, maximum Retry-After
time and allowed error codes.
Note: When using streams, this option is ignored. If the connection is reset when downloading, you need to catch the error and clear the file you were writing into to prevent duplicated content.
If maxRetryAfter
is set to undefined
, it will use options.timeout
.
If Retry-After
header is greater than maxRetryAfter
, it will cancel the request.
Delays between retries counts with function 1000 * Math.pow(2, retry) + Math.random() * 100
, where retry
is attempt number (starts from 1).
The calculateDelay
property is a function
with attemptCount
, retryOptions
, error
and computedValue
arguments for current retry count, the retry options, error and default computed value. The function must return a delay in milliseconds (0
return value cancels retry).
By default, it retries only on the specified methods, status codes, and on these network errors:
ETIMEDOUT
: One of the timeout limits were reached.ECONNRESET
: Connection was forcibly closed by a peer.EADDRINUSE
: Could not bind to any free port.ECONNREFUSED
: Connection was refused by the server.EPIPE
: The remote side of the stream being written has been closed.ENOTFOUND
: Couldn't resolve the hostname to an IP address.ENETUNREACH
: No internet connection.EAI_AGAIN
: DNS lookup timed out.Type: boolean
Default: true
Defines if redirect responses should be followed automatically.
Note that if a 303
is sent by the server in response to any request type (POST
, DELETE
, etc.), Got will automatically request the resource pointed to in the location header via GET
. This is in accordance with the spec.
This supports method rewriting. For example, when sending a POST request and receiving a 302
, it will resend that request to the new location.
Type: number
Default: 10
If exceeded, the request will be aborted and a MaxRedirectsError
will be thrown.
Type: boolean
Default: true
Decompress the response automatically. This will set the accept-encoding
header to gzip, deflate, br
on Node.js 11.7.0+ or gzip, deflate
for older Node.js versions, unless you set it yourself.
Brotli (br
) support requires Node.js 11.7.0 or later.
If this is disabled, a compressed response is returned as a Buffer
. This may be useful if you want to handle decompression yourself or stream the raw compressed data.
Type: object
Default: false
Cache adapter instance for storing cached response data.
Type: object
Default: false
Cache adapter instance for storing cached DNS data.
Type: Function
Default: http.request
https.request
(Depending on the protocol)
Custom request function. The main purpose of this is to support HTTP2 using a wrapper.
Type: boolean
Default: false
When used in Electron, Got will use electron.net
instead of the Node.js http
module. According to the Electron docs, it should be fully compatible, but it's not entirely. See #443 and #461.
Type: boolean
Default: true
Determines if a got.HTTPError
is thrown for error responses (non-2xx status codes).
If this is disabled, requests that encounter an error status code will be resolved with the response
instead of throwing. This may be useful if you are checking for resource availability and are expecting error responses.
Same as the agent
option for http.request
, but with an extra feature:
If you require different agents for different protocols, you can pass a map of agents to the agent
option. This is necessary because a request to one protocol might redirect to another. In such a scenario, Got will switch over to the right protocol agent for you.
const got = require('got');
const HttpAgent = require('agentkeepalive');
const {HttpsAgent} = HttpAgent;
got('https://sindresorhus.com', {
agent: {
http: new HttpAgent(),
https: new HttpsAgent()
}
});
Type: object<string, Function[]>
Hooks allow modifications during the request lifecycle. Hook functions may be async and are run serially.
Type: Function[]
Default: []
Called with plain request options, right before their normalization. This is especially useful in conjunction with got.extend()
and got.create()
when the input needs custom handling.
See the Request migration guide for an example.
Note: This hook must be synchronous!
Type: Function[]
Default: []
Called with normalized request options. Got will make no further changes to the request before it is sent (except the body serialization). This is especially useful in conjunction with got.extend()
and got.create()
when you want to create an API client that, for example, uses HMAC-signing.
See the AWS section for an example.
Type: Function[]
Default: []
Called with normalized request options and the redirect response. Got will make no further changes to the request. This is especially useful when you want to avoid dead sites. Example:
const got = require('got');
got('https://example.com', {
hooks: {
beforeRedirect: [
(options, response) => {
if (options.hostname === 'deadSite') {
options.hostname = 'fallbackSite';
}
}
]
}
});
Type: Function[]
Default: []
Note: When using streams, this hook is ignored.
Called with normalized request options, the error and the retry count. Got will make no further changes to the request. This is especially useful when some extra work is required before the next try. Example:
const got = require('got');
got.post('https://example.com', {
hooks: {
beforeRetry: [
(options, error, retryCount) => {
if (error.statusCode === 413) { // Payload too large
options.body = getNewBody();
}
}
]
}
});
Note: When retrying in a afterResponse
hook, all remaining beforeRetry
hooks will be called without the error
and retryCount
arguments.
Type: Function[]
Default: []
Note: When using streams, this hook is ignored.
Called with response object and a retry function. Calling the retry function will trigger beforeRetry
hooks.
Each function should return the response. This is especially useful when you want to refresh an access token. Example:
const got = require('got');
const instance = got.extend({
hooks: {
afterResponse: [
(response, retryWithMergedOptions) => {
if (response.statusCode === 401) { // Unauthorized
const updatedOptions = {
headers: {
token: getNewToken() // Refresh the access token
}
};
// Save for further requests
instance.defaults.options = got.mergeOptions(instance.defaults.options, updatedOptions);
// Make a new retry
return retryWithMergedOptions(updatedOptions);
}
// No changes otherwise
return response;
}
],
beforeRetry: [
(options, error, retryCount) => {
// This will be called on `retryWithMergedOptions(...)`
}
]
},
mutableDefaults: true
});
Type: Function[]
Default: []
Called with an Error
instance. The error is passed to the hook right before it's thrown. This is especially useful when you want to have more detailed errors.
Note: Errors thrown while normalizing input options are thrown directly and not part of this hook.
const got = require('got');
got('https://api.github.com/some-endpoint', {
hooks: {
beforeError: [
error => {
const {response} = error;
if (response && response.body) {
error.name = 'GitHubError';
error.message = `${response.body.message} (${error.statusCode})`;
}
return error;
}
]
}
});
The response object will typically be a Node.js HTTP response stream, however, if returned from the cache it will be a response-like object which behaves in the same way.
Type: object
Note: This is not a http.ClientRequest.
options
- The Got options that were set on this request.Type: string | object | Buffer
(Depending on options.responseType
)
The result of the request.
Type: string
The request URL or the final URL after redirects.
Type: string
The remote IP address.
Note: Not available when the response is cached. This is hopefully a temporary limitation, see lukechilds/cacheable-request#86.
Type: string
The original request URL.
Type: object
The object contains the following properties:
start
- Time when the request started.socket
- Time when a socket was assigned to the request.lookup
- Time when the DNS lookup finished.connect
- Time when the socket successfully connected.upload
- Time when the request finished uploading.response
- Time when the request fired the response
event.end
- Time when the response fired the end
event.error
- Time when the request fired the error
event.phases
wait
- timings.socket - timings.start
dns
- timings.lookup - timings.socket
tcp
- timings.connect - timings.lookup
request
- timings.upload - timings.connect
firstByte
- timings.response - timings.upload
download
- timings.end - timings.response
total
- timings.end - timings.start
or timings.error - timings.start
Note: The time is a number
representing the milliseconds elapsed since the UNIX epoch.
Type: boolean
Whether the response was retrieved from the cache.
Type: string[]
The redirect URLs.
Type: number
The number of times the request was retried.
Note: Progress events, redirect events and request/response events can also be used with promises.
Note: To access response.isFromCache
you need to use got.stream(url, options).isFromCache
. The value will be undefined until the response
event.
Sets options.isStream
to true
.
Returns a duplex stream with additional events:
request
event to get the request object of the request.
Tip: You can use request
event to abort request:
got.stream('https://github.com')
.on('request', request => setTimeout(() => request.abort(), 50));
The response
event to get the response object of the final request.
The redirect
event to get the response object of a redirect. The second argument is options for the next request to the redirect location.
Progress events for uploading (sending a request) and downloading (receiving a response). The progress
argument is an object like:
{
percent: 0.1,
transferred: 1024,
total: 10240
}
If it's not possible to retrieve the body size (can happen when streaming), total
will be null
.
(async () => {
const response = await got('https://sindresorhus.com')
.on('downloadProgress', progress => {
// Report download progress
})
.on('uploadProgress', progress => {
// Report upload progress
});
console.log(response);
})();
The error
event emitted in case of a protocol error (like ENOTFOUND
etc.) or status error (4xx or 5xx). The second argument is the body of the server response in case of status error. The third argument is a response object.
Sets options.method
to the method name and makes a request.
Configure a new got
instance with default options
. The options
are merged with the parent instance's defaults.options
using got.mergeOptions
. You can access the resolved options with the .defaults
property on the instance.
const client = got.extend({
prefixUrl: 'https://example.com',
headers: {
'x-unicorn': 'rainbow'
}
});
client.get('/demo');
/* HTTP Request =>
* GET /demo HTTP/1.1
* Host: example.com
* x-unicorn: rainbow
*/
(async () => {
const client = got.extend({
prefixUrl: 'httpbin.org',
headers: {
'x-foo': 'bar'
}
});
const {headers} = await client.get('/headers').json();
//=> headers['x-foo'] === 'bar'
const jsonClient = client.extend({
responseType: 'json',
resolveBodyOnly: true,
headers: {
'x-baz': 'qux'
}
});
const {headers: headers2} = await jsonClient.get('/headers');
//=> headers2['x-foo'] === 'bar'
//=> headers2['x-baz'] === 'qux'
})();
Additionally, got.extend()
accepts two properties from the defaults
object: mutableDefaults
and handlers
. Example:
// You can now modify `mutableGot.defaults.options`.
const mutableGot = got.extend({mutableDefaults: true});
const mergedHandlers = got.extend({
handlers: [
(options, next) => {
delete options.headers.referer;
return next(options);
}
]
});
Note: Handlers can be asynchronous. The recommended approach is:
const handler = (options, next) => {
if (options.stream) {
// It's a Stream
return next(options);
}
// It's a Promise
return (async () => {
try {
const response = await next(options);
response.yourOwnProperty = true;
return response;
} catch (error) {
// Every error will be replaced by this one.
// Before you receive any error here,
// it will be passed to the `beforeError` hooks first.
// Note: this one won't be passed to `beforeError` hook. It's final.
throw new Error('Your very own error.');
}
})();
};
const instance = got.extend({handlers: [handler]});
Merges many instances into a single one:
got.mergeOptions()
(+ hooks are merged too),instance.defaults.handlers
).It's possible to combine options and instances.
It gives the same effect as got.extend(...options).extend(...instances)
:
const a = {headers: {cat: 'meow'}};
const b = got.create({
options: {
headers: {
cow: 'moo'
}
}
});
// The same as `got.extend(a).extend(b)`.
// Note `a` is options and `b` is an instance.
got.extend(a, b);
//=> {headers: {cat: 'meow', cow: 'moo'}}
Extends parent options. Avoid using object spread as it doesn't work recursively:
const a = {headers: {cat: 'meow', wolf: ['bark', 'wrrr']}};
const b = {headers: {cow: 'moo', wolf: ['auuu']}};
{...a, ...b} // => {headers: {cow: 'moo', wolf: ['auuu']}}
got.mergeOptions(a, b) // => {headers: {cat: 'meow', cow: 'moo', wolf: ['auuu']}}
Options are deeply merged to a new object. The value of each key is determined as follows:
undefined
, it keeps the old one.URLSearchParams
, a new URLSearchParams instance is created. The values are merged using urlSearchParams.append(key, value)
.URL
and the new value is a string
or URL
, a new URL instance is created: new URL(new, parent)
.object
:
object
too, both values are merged recursively into a new object
.Array
, it overwrites the old one with a deep clone of the new property.Type: object
The Got defaults used in that instance.
Type: Function[]
Default: []
An array of functions. You execute them directly by calling got()
. They are some sort of "global hooks" - these functions are called first. The last handler (it's hidden) is either asPromise
or asStream
, depending on the options.isStream
property.
Each handler takes two arguments:
Returns a Promise
or a Stream
depending on options.isStream
.
const settings = {
handlers: [
(options, next) => {
if (options.isStream) {
// It's a Stream, so we can perform stream-specific actions on it
return next(options)
.on('request', request => {
setTimeout(() => {
request.abort();
}, 50);
});
}
// It's a Promise
return next(options);
}
],
options: got.mergeOptions(got.defaults.options, {
responseType: 'json'
})
};
const jsonGot = got.create(settings);
Type: boolean
Default: false
A read-only boolean describing whether the defaults are mutable or not. If set to true
, you can update headers over time, for example, update an access token when it expires.
Each error contains an options
property which are the options Got used to create a request - just to make debugging easier.
When a cache method fails, for example, if the database goes down or there's a filesystem error.
When a request fails. Contains a code
property with error class code, like ECONNREFUSED
.
When reading from response stream fails.
When server response code is 2xx, and parsing body fails. Includes a response
property.
When the server response code is not 2xx. Includes a response
property.
When the server redirects you more than ten times. Includes a response
property.
When given an unsupported protocol.
When the request is aborted with .cancel()
.
When the request is aborted due to a timeout. Includes an event
and timings
property.
The promise returned by Got has a .cancel()
method which when called, aborts the request.
(async () => {
const request = got(url, options);
// …
// In another part of the code
if (something) {
request.cancel();
}
// …
try {
await request;
} catch (error) {
if (request.isCanceled) { // Or `error instanceof got.CancelError`
// Handle cancelation
}
// Handle other errors
}
})();
When using hooks, simply throw an error to abort the request.
(async () => {
const request = got(url, {
hooks: {
beforeRequest: [
() => {
throw new Error('Oops. Request canceled.');
}
]
}
});
try {
await request;
} catch (error) {
// …
}
})();
Got implements RFC 7234 compliant HTTP caching which works out of the box in-memory and is easily pluggable with a wide range of storage adapters. Fresh cache entries are served directly from the cache, and stale cache entries are revalidated with If-None-Match
/If-Modified-Since
headers. You can read more about the underlying cache behavior in the cacheable-request
documentation. For DNS cache, Got uses cacheable-lookup
.
You can use the JavaScript Map
type as an in-memory cache:
const got = require('got');
const map = new Map();
(async () => {
let response = await got('https://sindresorhus.com', {cache: map});
console.log(response.isFromCache);
//=> false
response = await got('https://sindresorhus.com', {cache: map});
console.log(response.isFromCache);
//=> true
})();
Got uses Keyv internally to support a wide range of storage adapters. For something more scalable you could use an official Keyv storage adapter:
$ npm install @keyv/redis
const got = require('got');
const KeyvRedis = require('@keyv/redis');
const redis = new KeyvRedis('redis://user:pass@localhost:6379');
got('https://sindresorhus.com', {cache: redis});
Got supports anything that follows the Map API, so it's easy to write your own storage adapter or use a third-party solution.
For example, the following are all valid storage adapters:
const storageAdapter = new Map();
// Or
const storageAdapter = require('./my-storage-adapter');
// Or
const QuickLRU = require('quick-lru');
const storageAdapter = new QuickLRU({maxSize: 1000});
got('https://sindresorhus.com', {cache: storageAdapter});
View the Keyv docs for more information on how to use storage adapters.
You can use the tunnel
package with the agent
option to work with proxies:
const got = require('got');
const tunnel = require('tunnel');
got('https://sindresorhus.com', {
agent: tunnel.httpOverHttp({
proxy: {
host: 'localhost'
}
})
});
Alternatively, use global-agent
to configure a global proxy for all HTTP/HTTPS traffic in your program.
You can use the tough-cookie
package:
const {promisify} = require('util');
const got = require('got');
const {CookieJar} = require('tough-cookie');
(async () => {
const cookieJar = new CookieJar();
const setCookie = promisify(cookieJar.setCookie.bind(cookieJar));
await setCookie('foo=bar', 'https://example.com');
await got('https://example.com', {cookieJar});
})();
You can use the form-data
package to create POST request with form data:
const fs = require('fs');
const got = require('got');
const FormData = require('form-data');
const form = new FormData();
form.append('my_file', fs.createReadStream('/foo/bar.jpg'));
got.post('https://example.com', {
body: form
});
You can use the oauth-1.0a
package to create a signed OAuth request:
const got = require('got');
const crypto = require('crypto');
const OAuth = require('oauth-1.0a');
const oauth = OAuth({
consumer: {
key: process.env.CONSUMER_KEY,
secret: process.env.CONSUMER_SECRET
},
signature_method: 'HMAC-SHA1',
hash_function: (baseString, key) => crypto.createHmac('sha1', key).update(baseString).digest('base64')
});
const token = {
key: process.env.ACCESS_TOKEN,
secret: process.env.ACCESS_TOKEN_SECRET
};
const url = 'https://api.twitter.com/1.1/statuses/home_timeline.json';
got(url, {
headers: oauth.toHeader(oauth.authorize({url, method: 'GET'}, token)),
responseType: 'json'
});
Requests can also be sent via unix domain sockets. Use the following URL scheme: PROTOCOL://unix:SOCKET:PATH
.
PROTOCOL
- http
or https
(optional)SOCKET
- Absolute path to a unix domain socket, for example: /var/run/docker.sock
PATH
- Request path, for example: /v2/keys
got('http://unix:/var/run/docker.sock:/containers/json');
// Or without protocol (HTTP by default)
got('unix:/var/run/docker.sock:/containers/json');
Requests to AWS services need to have their headers signed. This can be accomplished by using the aws4
package. This is an example for querying an "API Gateway" with a signed request.
const got = require('got');
const AWS = require('aws-sdk');
const aws4 = require('aws4');
const chain = new AWS.CredentialProviderChain();
// Create a Got instance to use relative paths and signed requests
const awsClient = got.extend({
prefixUrl: 'https://<api-id>.execute-api.<api-region>.amazonaws.com/<stage>/',
hooks: {
beforeRequest: [
async options => {
const credentials = await chain.resolvePromise();
aws4.sign(options, credentials);
}
]
}
});
const response = await awsClient('endpoint/path', {
// Request-specific options
});
You can test your requests by using the nock
package to mock an endpoint:
const got = require('got');
const nock = require('nock');
nock('https://sindresorhus.com')
.get('/')
.reply(200, 'Hello world!');
(async () => {
const response = await got('https://sindresorhus.com');
console.log(response.body);
//=> 'Hello world!'
})();
For real integration testing we recommend using ava
with create-test-server
. We're using a macro so we don't have to server.listen()
and server.close()
every test. Take a look at one of our tests:
test('retry function gets iteration count', withServer, async (t, server, got) => {
let knocks = 0;
server.get('/', (request, response) => {
if (knocks++ === 1) {
response.end('who`s there?');
}
});
await got({
retry: {
calculateDelay: ({attemptCount}) => {
t.true(is.number(attemptCount));
return attemptCount < 2;
}
}
});
});
To pass an object as the body, you need to use the json
option. It will be stringified using JSON.stringify
. Example:
const got = require('got');
(async () => {
const {body} = await got.post('https://httpbin.org/anything', {
json: {
hello: 'world'
},
responseType: 'json'
});
console.log(body.data);
//=> '{"hello":"world"}'
})();
To receive a JSON body you can either set responseType
option to json
or use promise.json()
. Example:
const got = require('got');
(async () => {
const {body} = await got.post('https://httpbin.org/anything', {
body: {
hello: 'world'
}
}).json();
console.log(body);
//=> {…}
})();
It's a good idea to set the 'user-agent'
header so the provider can more easily see how their resource is used. By default, it's the URL to this repo. You can omit this header by setting it to undefined
.
const got = require('got');
const pkg = require('./package.json');
got('https://sindresorhus.com', {
headers: {
'user-agent': `my-package/${pkg.version} (https://github.com/username/my-package)`
}
});
got('https://sindresorhus.com', {
headers: {
'user-agent': undefined
}
});
Bear in mind; if you send an if-modified-since
header and receive a 304 Not Modified
response, the body will be empty. It's your responsibility to cache and retrieve the body contents.
Use got.extend()
to make it nicer to work with REST APIs. Especially if you use the prefixUrl
option.
Note: Not to be confused with got.create()
, which has no defaults.
const got = require('got');
const pkg = require('./package.json');
const custom = got.extend({
prefixUrl: 'example.com',
responseType: 'json',
headers: {
'user-agent': `my-package/${pkg.version} (https://github.com/username/my-package)`
}
});
// Use `custom` exactly how you use `got`
(async () => {
const list = await custom('/v1/users/list');
})();
Got provides an experimental support for HTTP2 using the http2-wrapper
package:
const got = require('got');
const {request} = require('http2-wrapper');
const h2got = got.extend({request});
(async () => {
const {body} = await h2got('https://nghttp2.org/httpbin/headers');
console.log(body);
})();
got | request | node-fetch | ky | axios | superagent | |
---|---|---|---|---|---|---|
HTTP/2 support | ❔ | ❌ | ❌ | ❌ | ❌ | ✔️** |
Browser support | ❌ | ❌ | ✔️* | ✔️ | ✔️ | ✔️ |
Electron support | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ |
Promise API | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Stream API | ✔️ | ✔️ | Node.js only | ❌ | ❌ | ✔️ |
Request cancelation | ✔️ | ❌ | ✔️ | ✔️ | ✔️ | ✔️ |
RFC compliant caching | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ |
Cookies (out-of-box) | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ |
Follows redirects | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Retries on failure | ✔️ | ❌ | ❌ | ✔️ | ❌ | ✔️ |
Progress events | ✔️ | ❌ | ❌ | ✔️*** | Browser only | ✔️ |
Handles gzip/deflate | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Advanced timeouts | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ |
Timings | ✔️ | ✔️ | ❌ | ❌ | ❌ | ❌ |
Errors with metadata | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ❌ |
JSON mode | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
Custom defaults | ✔️ | ✔️ | ❌ | ✔️ | ✔️ | ❌ |
Composable | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ |
Hooks | ✔️ | ❌ | ❌ | ✔️ | ✔️ | ❌ |
Issues open | ||||||
Issues closed | ||||||
Downloads | ||||||
Coverage | ||||||
Build | ||||||
Bugs | ||||||
Dependents | ||||||
Install size |
* It's almost API compatible with the browser fetch
API.
** Need to switch the protocol manually.
*** Currently, only 'DownloadProgress' event is supported, 'UploadProgress' event is not supported.
❔ Experimental support.
Dependency | Install size |
---|---|
@sindresorhus/is | |
@szmarczak/http-timer | |
cacheable-request | |
decompress-response | |
duplexer3 | |
get-stream | |
lowercase-keys | |
mimic-response | |
p-cancelable | |
to-readable-stream | |
fetch
interfaceSindre Sorhus | Szymon Marczak | Alexander Tesfamichael | Brandon Smith | Luke Childs |
FAQs
Human-friendly and powerful HTTP request library for Node.js
We found that got demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.