Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
isomorphic-unfetch
Advanced tools
The isomorphic-unfetch npm package is a lightweight module that allows for making HTTP requests in both Node.js and browser environments. It's designed to provide a consistent API for fetch across these environments, making it easier to write isomorphic code that runs on both the server and the client.
Basic GET Request
This code sample demonstrates how to perform a basic GET request to retrieve data from an API and print it to the console. It uses the fetch API to make the request, parses the response as JSON, and handles any errors that may occur.
fetch('https://api.example.com/data')
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
POST Request with JSON Body
This example shows how to send a POST request with a JSON body. It sets the method to POST, includes a Content-Type header to indicate the type of the request body, and uses JSON.stringify to convert a JavaScript object to a JSON string. The response is then parsed as JSON.
fetch('https://api.example.com/data', {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
key: 'value'
}),
})
.then(response => response.json())
.then(data => console.log(data))
.catch(error => console.error('Error:', error));
Axios is a popular HTTP client for the browser and Node.js. It provides a promise-based API and includes features like intercepting requests and responses, transforming request and response data, and automatic transforms for JSON data. Compared to isomorphic-unfetch, axios offers more features out of the box, such as automatic JSON data transformation and request and response interception.
node-fetch is a lightweight module that brings window.fetch to Node.js. While it provides a similar fetch API for server-side environments, it does not offer built-in browser support, making isomorphic-unfetch a more suitable choice for isomorphic applications that need to run the same code on both the server and the client.
Got is a powerful HTTP request library for Node.js. It supports retries, streams, and advanced request and response handling. Compared to isomorphic-unfetch, Got is more feature-rich and tailored for server-side use in Node.js, lacking the isomorphic capabilities of isomorphic-unfetch.
Switches between unfetch & node-fetch for client & server.
This project uses node and npm. Go check them out if you don't have them locally installed.
Note: This module uses node-fetch 3.x, which is ES Module and requires Node >= 12.20.0.
$ npm i isomorphic-unfetch
Then with a module bundler like rollup or webpack, use as you would anything else:
// using ES6 modules
import fetch from "isomorphic-unfetch";
// using CommonJS modules
const fetch = require("isomorphic-unfetch");
As a ponyfill:
import fetch from "isomorphic-unfetch";
fetch("/foo.json")
.then((r) => r.json())
.then((data) => {
console.log(data);
});
Globally, as a polyfill:
import "isomorphic-unfetch";
// "fetch" is now installed globally if it wasn't already available
fetch("/foo.json")
.then((r) => r.json())
.then((data) => {
console.log(data);
});
FAQs
Switches between unfetch & node-fetch for client & server.
The npm package isomorphic-unfetch receives a total of 2,216,388 weekly downloads. As such, isomorphic-unfetch popularity was classified as popular.
We found that isomorphic-unfetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.