Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The http-call npm package is a lightweight HTTP client for making HTTP requests in Node.js. It provides a simple and intuitive API for performing various types of HTTP requests, handling responses, and managing errors.
Making GET Requests
This feature allows you to make GET requests to a specified URL and handle the response. The example demonstrates how to fetch data from an API and log the response body.
const { get } = require('http-call');
async function fetchData() {
try {
const response = await get('https://api.example.com/data');
console.log(response.body);
} catch (error) {
console.error('Error fetching data:', error);
}
}
fetchData();
Making POST Requests
This feature allows you to make POST requests with a request body. The example demonstrates how to send data to an API and log the response body.
const { post } = require('http-call');
async function sendData() {
try {
const response = await post('https://api.example.com/data', { body: { key: 'value' } });
console.log(response.body);
} catch (error) {
console.error('Error sending data:', error);
}
}
sendData();
Handling Errors
This feature allows you to handle errors that occur during HTTP requests. The example demonstrates how to handle a 404 error specifically and log an appropriate message.
const { get } = require('http-call');
async function fetchData() {
try {
const response = await get('https://api.example.com/data');
console.log(response.body);
} catch (error) {
if (error.statusCode === 404) {
console.error('Resource not found');
} else {
console.error('Error fetching data:', error);
}
}
}
fetchData();
Axios is a popular promise-based HTTP client for the browser and Node.js. It provides a rich set of features including interceptors, automatic JSON transformation, and request cancellation. Compared to http-call, Axios offers more advanced features and a larger community support.
Node-fetch is a lightweight module that brings the Fetch API to Node.js. It is minimalistic and focuses on providing a simple API for making HTTP requests. Compared to http-call, node-fetch is more aligned with the Fetch API standard used in browsers.
Request is a simplified HTTP client for Node.js with support for various authentication mechanisms, redirects, and more. Although it is now deprecated, it was widely used for its ease of use and extensive feature set. Compared to http-call, request had a more comprehensive feature set but is no longer maintained.
const {HTTP} = require('http-call')
const {body: user} = await HTTP.get('https://api.github.com/users/me')
// do something with user
// automatically converts from json
// for typescript specify the type of the body with a generic:
const {body: user} = await HTTP.get<{id: string, email: string}>('https://api.github.com/users/me')
// set headers
await HTTP.get('https://api.github.com', {headers: {authorization: 'bearer auth'}})
FAQs
make http requests
The npm package http-call receives a total of 665,832 weekly downloads. As such, http-call popularity was classified as popular.
We found that http-call demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.