Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
hitt
hitt is a command line HTTP testing tool focused on speed and simplicity.
hitt 0.0.21
Command line HTTP testing tool focused on speed and simplicity
Mads Hougesen <mads@mhouge.dk>
Usage: hitt <COMMAND>
Commands:
run Send http requests
sse Listen to sse events
completions Generate shell completions
help Print this message or the help of the given subcommand(s)
Options:
-h, --help Print help
-V, --version Print version
Install
Linux & MacOS
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/hougesen/hitt/releases/latest/download/hitt-installer.sh | sh
Windows
powershell -ExecutionPolicy ByPass -c "irm https://github.com/hougesen/hitt/releases/latest/download/hitt-installer.ps1 | iex"
Cargo
hitt can be installed using Cargo.
cargo install hitt --locked
If you do not have Cargo installed, you need to install it first.
npm/npx
You can install hitt using npm:
npm install -g hitt-cli
hitt run hello-world.http
or run it directly using npx:
npx hitt-cli run hello-world.http
Homebrew
brew install hougesen/tap/hitt
Usage
To send a request create a file ending in .http.
The syntax of .http files is pretty straightforward:
GET https://mhouge.dk/
The file can then be run using the following command:
hitt run PATH_TO_FILE
That is all that is need to send a request.
Send http requests
Usage: hitt run [OPTIONS] [PATHS]...
Arguments:
[PATHS]... Path to .http files, or directories if supplied with the `--recursive` argument
Options:
--timeout <TIMEOUT_MS> Request timeout in milliseconds
--var <KEY>=<VALUE> Variables to pass to request
-r, --recursive Enable to run directory recursively
--fail-fast Exit on error response status code
--hide-body Whether or not to show response body
--hide-headers Whether or not to show response headers
--disable-formatting Disable pretty printing of response body
-h, --help Print help
-V, --version Print version
Arguments
| Argument | Description |
|---|---|
--var <KEY>=<VALUE> | Variables to pass to request |
--recursive | Run all files in directory |
--fail-fast | Exit on status code 4XX or 5xx |
--hide-headers | Hide response headers |
--hide-body | Hide response body |
--timeout <TIMEOUT_MS> | Request timeout in ms |
Request headers
Request headers can be added by writing key value pairs (KEY:VALUE) on a new line after the method and URL:
GET https://mhouge.dk/
key:value
Leading spaces in the header value is ignored, so KEY: VALUE and KEY:VALUE will both have the value VALUE.
Request body
A body can be sent with the request by creating a blank line, followed by the desired body input.
Please note, hitt does not infer content type. That has to be written as a header.
POST https://mhouge.dk/
content-type:application/json
{
"key": "value"
}
Multiple request in single file
Multiple requests can be written in a single file by adding a line with ### as a separator:
GET https://mhouge.dk/
###
GET https://mhouge.dk/
Variables
hitt has support for request variables.
A variable can be set in a file using the following syntax @name = VALUE. Whitespace is ignored.
Variables are used by wrapping the name in curly brackets ({{ name }}).
@variable_name = localhost
GET {{ variable_name }}/api
In-file variables are not shared between other files.
Variable arguments
Variables can be passed to all requests using the --var <KEY>=<VALUE> argument:
# file.http
GET {{ host }}/api
The file can the be run:
hitt run --var host=localhost:5000 file.http
Server sent events (SSE)
A SSE listener can be started using the hitt sse command.
hitt sse https://sse.dev/test
Listen to sse events
Usage: hitt sse <URL>
Arguments:
<URL>
Options:
-h, --help Print help
-V, --version Print version
Shell completions
Shell completions can be generated using hitt completions <SHELL>.
Generate shell completions
Usage: hitt completions <SHELL>
Arguments:
<SHELL> [possible values: bash, elvish, fish, nushell, powershell, zsh]
Options:
-h, --help Print help
-V, --version Print version
Bash
Add the following to your .bashrc.
eval "$(hitt completions bash)"
Zsh
Add the following to your .zshrc.
eval "$(hitt completions zsh)"
Fish
Add the following to ~/.config/fish/config.fish.
hitt completions fish | source
PowerShell
Add the following to your PowerShell configuration (Can be found by running $PROFILE).
Invoke-Expression (&hitt completions powershell)
Elvish
Add the following to ~/.elvish/rc.elv.
eval (hitt completions elvish)
Neovim
hitt can be run directly from Neovim.
[!NOTE] The
hittexecutable must be available in your path for the plugin to work.
Install
Lazy
local hitt_plugin = {
"hougesen/hitt",
opts = {},
}
Usage
The plugin exposes a single command :HittSendRequest, which can be bound to a keymap like this:
-- ~/.config/nvim/after/plugin/hitt.lua
local hitt = require("hitt")
vim.keymap.set("n", "<leader>rr", hitt.HittSendRequest, {})
Configuration
| Name | Default | Description |
|---|---|---|
| window_width | 80 | Window width in percentage |
| window_height | 80 | Window height in percentage |
| fail_fast | false | Enables the --fail-fast options |
HTTP syntax highlighting
Syntax highlighting can be enabled by installing the http treesitter parser (:TSInstall http) and adding a file association for .http files.
vim.filetype.add({
extension = {
http = "http",
},
})
Disclaimer
hitt is most likely not ready for main stream usage. I (Mads Hougesen) am primarily developing it based on features I believe to be useful, or fun to develop.
23 August 2025
- chore: release v0.0.21
#528 - build(deps): bump tempfile from 3.20.0 to 3.21.0
#527 - build(deps): bump reqwest from 0.12.22 to 0.12.23
#525 - build(deps): bump clap from 4.5.44 to 4.5.45
#526 - build(cargo-dist): bump version to v0.29.0
#524 - build(deps): bump clap_complete from 4.5.56 to 4.5.57
#523 - build(deps): bump clap from 4.5.43 to 4.5.44
#522 - build(deps): bump clap_complete from 4.5.55 to 4.5.56
#521 - build(deps): bump clap from 4.5.41 to 4.5.43
#518 - build(deps): bump tokio from 1.46.1 to 1.47.1
#519 - chore: migrate from just to mise
#516 - test: validate error cases
#515 - build: upgrade cargo dist to v0.28.1
#514 - build(deps): bump clap_complete from 4.5.54 to 4.5.55
#513 - build(deps): bump clap_complete_nushell from 4.5.7 to 4.5.8
#511 - build(deps): bump clap from 4.5.40 to 4.5.41
#512 - build(deps): bump tokio from 1.45.1 to 1.46.1
#510 - build(deps): bump reqwest from 0.12.20 to 0.12.22
#509 - refactor: apply rust 1.88.0 fixes
#508
FAQs
Command line HTTP testing tool focused on speed and simplicity
The npm package hitt-cli receives a total of 3 weekly downloads. As such, hitt-cli popularity was classified as not popular.
We found that hitt-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025