Product
Announcing Precomputed Reachability Analysis in Socket
Socket’s precomputed reachability slashes false positives by flagging up to 80% of vulnerabilities as irrelevant, with no setup and instant results.
By Martin Torp - Jul 30, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
http-post-message
Advanced tools
http-post-message
A generic messaging component to send HTTP style message payloads over the window.postMessage API. Requires an implementation of window postMessage proxy such as 'window-post-message-proxy'.
htt-post-message
A generic messaging component to send HTTP style message payloads over the window.postMessage API. Requires an implementation of window postMessage proxy such as 'window-post-message-proxy'.
Documentation:
https://microsoft.github.io/http-post-message
Installation
npm install --save http-post-message
Usage
The HttpPostMessage takes in an object that implements the IPostMessage interface which
is just one method postMessage which returns a Promise.
In the case below we created a mock postMessage proxy, but in normal usage you would likely use the accompanying library window-post-message-proxy and configure it to handle http messages as shown in the section below
import * as hpm from 'http-post-message';
const stubWindowPostMessageProxy: hpm.IPostMessage = {
postMessage(message: any) {
console.log(message);
return Promise.resolve(message):
}
}
const httpPostMessage = new hpm.HttpPostMessage(stubWindowPostMessageProxy);
httpPostMessage.get('target/path')
.then(response => {
...
});
Methods
The object supports all the standard http methods, get, post, put, patch, and delete.
You can also send an IRequest object directly to the lower-level send method.
Determining promise resolution state
The promise returned by the request will be fulfulled or rejected depending on how the instance of WindowPostMessageProxy provided to the constructor was configured.
Since we intend to use HTTP semantics, this library comes with static methods that can be provided to the WPMP class during construction as seen below:
import * as wpmp from 'window-post-message-proxy';
import * as hpm from 'http-post-message';
const windowPostMessageProxy = new wpmp.WindowPostMessageProxy({
processTrackingProperties: {
addTrackingProperties: hpm.HttpPostMessage.addTrackingProperties,
getTrackingProperties: hpm.HttpPostMessage.getTrackingProperties,
},
isErrorMessage: hpm.HttpPostMessage.isErrorMessage
});
const httpPostMessage = new hpm.HttpPostMessage(windowPostMessageProxy);
Default Headers and Default Window
You may specify default headers and default target window to be sent with every request by supplying them during construction.
Providing the default target window in the constructor means you do not have to specify it in each individual request, but it can be over written to allow a single instance of HPM to communicate with multiple windows.
import * as hpm from 'http-post-message';
...
const httpPostMessage = new hpm.HttpPostMessage(wpmp, {
'x-sdk-type': sdkType,
'x-sdk-version': sdkVersion
}, defaultTargetWindow);
});
FAQs
A generic messaging component to send HTTP style message payloads over the window.postMessage API. Requires an implementation of window postMessage proxy such as 'window-post-message-proxy'.
The npm package http-post-message receives a total of 164,634 weekly downloads. As such, http-post-message popularity was classified as popular.
We found that http-post-message demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Aug 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Protects the Chrome Extension Ecosystem
Socket is launching experimental protection for Chrome extensions, scanning for malware and risky permissions to prevent silent supply chain attacks.
By Mix Irving, Alexandros Kapravelos, Eli Insua - Jul 30, 2025
Product
Introducing Socket MCP for Claude Desktop
Add secure dependency scanning to Claude Desktop with Socket MCP, a one-click extension that keeps your coding conversations safe from malicious packages.
By Alexandros Kapravelos - Jul 29, 2025