Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Wrappers for built-in fetch() enabling killswitch, logging, concurrency limit and other features
Wrappers for built-in fetch() enabling killswitch, logging, concurrency limit and other features.
fetch is great, however, its usage in secure environments is complicated. The library makes it simple.
A standalone file micro-ftch.js is also available.
npm install micro-ftch
There are three wrappers over fetch()
:
ftch(fetch)
- killswitch, logging, timeouts, concurrency limits, basic authjsonrpc(fetch)
- batched JSON-RPC functionalityreplayable(fetch)
- log & replay network requests without actually calling network code.import { ftch, jsonrpc, replayable } from 'micro-ftch';
When kill-switch is enabled, all requests will throw an error. You can dynamically enable and disable it any any time.
let ENABLED = true;
const f = ftch(fetch, { killswitch: () => ENABLED });
f('http://localhost'); // ok
ENABLED = false;
f('http://localhost'); // throws
ENABLED = true;
f('http://localhost'); // ok
const f = ftch(fetch, { log: (url, opts) => console.log('fetching', url, opts) });
f('http://url/'); // will print request information
// browser and OS may have additional timeouts, we cannot override them
// a: per-request timeout
const f = ftch(fetch);
const res = await f('http://url/', { timeout: 1000 }); // throws if request takes more than one second
// b: timeout for all
const f = ftch(fetch, { timeout: 1000 });
const res = await f('http://url/'); // throws if request takes more than one second
Allows to not accidentally hit rate limits or do DoS.
// browser and OS may have additional limits, we cannot override them
const f = ftch(fetch, { concurrencyLimit: 1 });
const res = await Promise.all([f('http://url1/'), f('http://url2/')]); // these would be processed sequentially
const f = ftch(fetch);
const res = await f('https://user:pwd@httpbin.org/basic-auth/user/pwd'); // supports basic auth!
Supports batching multiple HTTP requests into one "Batched" JSON RPC HTTP request. Can massively speed-up when servers are single-threaded, has small per-user limits
const rpc = jsonrpc(fetch, 'http://rpc_node/', {
headers: {},
batchSize: 20,
});
const res = await rpc.call('method', 'arg0', 'arg1');
const res2 = await rpc.callNamed('method', { arg0: '0', arg1: '1' }); // named arguments
Small utility to log & replay network requests in tests, without actually calling network code.
const ftch = ftch(fetch);
const replayCapture = replayable(ftch); // wraps fetch
await replayCapture('http://url/1'); // real network
await replayCapture('http://url/2');
const logs = replayCapture.export(); // Exports logs
// When logs provided - use cached version (faster)
const replayTest = replayable(ftch, JSON.parse(logs));
await replayTest('http://url/1'); // cached
await replayTest('http://url/2'); // cached
await replayTest('http://url/3'); // real network
// When done and everything is captured, turn on 'offline' mode to throw on network requests:
const replayTestOffline = replayable(ftch, JSON.parse(logs), {
offline: true,
});
await replayTest('http://url/1'); // cached
await replayTest('http://url/2'); // cached
await replayTest('http://url/3'); // throws!
ftch() disables referrer by default by setting referrerPolicy: 'no-referrer'
.
MIT (c) Paul Miller (https://paulmillr.com), see LICENSE file.
FAQs
Wrappers for built-in fetch() enabling killswitch, logging, concurrency limit and other features
The npm package micro-ftch receives a total of 392,026 weekly downloads. As such, micro-ftch popularity was classified as popular.
We found that micro-ftch demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.