Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
minimal-request-promise
Advanced tools
A+ Promise interface to Node.js HTTPS request, with no dependencies
This is a wrapper for the standard HTTPS Node Request object, that provides an A+ Promise interface to request execution and automates the process of assembling the response body as a string. It can handle posting body contents, and automatically rejects the promise if the response code is not between 200 and 399.
The intent of this library is to wrap requests into a promise interface with minimal overhead, with no dependencies, and just expose the standard Node.js arguments. It's not trying to be a fully-featured replacement for complex workflows, streaming etc. For more complex libraries that can provide all kind of workflows like that, see request-promise and got.
Install using NPM:
npm install minimal-request-promise
You can use the standard Node HTTPS Request Options, with the following additional options:
body
: string
, the content to include in the request body when postingresolveErrors
: boolean
, if true, HTTP error response codes will result in a resolved promise (instead of rejected). Only network errors will result in a rejected promise. If false (default), network errors and successful HTTP requests with an error response code will cause the promise to be rejected.timeout
: number
, Integer containing the number of milliseconds to wait for a
server to send response headers (and start the response body) before aborting
the request. Note that if the underlying TCP connection cannot be established,
the OS-wide TCP connection timeout will overrule the timeout
option ([the
default in Linux can be anywhere from 20-120 seconds][linux-timeout]).If you want to execute a FORM POST, remember to add the Content-Length
header as well. This library intentionally does not automatically add that, to keep the interface in line with standard Node.JS requests.
var requestPromise = require('minimal-request-promise'),
options = {
method: 'POST',
hostname: 'graph.facebook.com',
path: '/v2.6/me/messages?access_token=' + fbAccessToken,
port: 443,
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
recipient: {
id: recipient
},
message: message
})
};
requestPromise(options).then(
function (response) {
console.log('got response', response.body, response.headers);
},
function (response) {
console.log('got error', response.body, response.headers, response.statusCode, response.statusMessage);
}
);
In addition to using the standard Node.js request parameters, you can also generate basic parameters from URLS for GET and POST using the helper methods. The helper methods are .get
, .post
, .put
and .delete
and they expect the following arguments:
url
: string
, a URL to GET, POST, PUT or DELETE tooptions
: (optional) object
, key-value map of additional options, described in the Usage sectionPromise
: (optional) Function
, an alternate Promise implementation. See Using with a different Promise library.Example:
var requestPromise = require('minimal-request-promise'),
options = {
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify({
recipient: {
id: recipient
},
message: message
})
};
requestPromise.post('https://graph.facebook.com/v2.6/me/messages?access_token=' + fbAccessToken, options).then(
function (response) {
console.log('got response', response.body, response.headers);
},
function (response) {
console.log('got error', response.body, response.headers, response.statusCode, response.statusMessage);
}
);
By default, this library uses the built-in Promise
from Node.js. If you'd like to use a different A+ Promise library, just pass it in as the second argument. For example:
var bluebird = require('bluebird'),
requestPromise = require('minimal-request-promise'),
options = {
// some options here ...
};
requestPromise(options, bluebird).then(report);
MIT
FAQs
A+ Promise interface to Node.js HTTPS request, with no dependencies
We found that minimal-request-promise demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.