![Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack](https://cdn.sanity.io/images/cgdhsj6q/production/6af25114feaaac7179b18127c83327568ff592d1-1024x1024.webp?w=800&fit=max&auto=format)
Security News
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
native-fetch
Advanced tools
Readme
Returns native fetch/Request/Headers if available or the
undici
module if not
An (almost) drop-in replacement for the undici
module that returns the native fetch if available or the polyfill if not.
Some environments such as the Electron Renderer process straddle the node/browser divide with features from both APIs available. In these cases the webpack approach of always using the browser
field in your package.json
to override requires is too heavy-handed as sometimes you want to use the node version of an API.
Instead we can check for the availability of a given API and return it, rather than the node-polyfill for that API.
node-fetch is the OG fetch implementation for node, but it uses Node.js streams instead of WHATWG streams. This means the APIs are not the same which leads to all sorts of weird shenanigans with types.
undici is the new kid on the block and uses WHATWG streams so all of the APIs now live in glorious harmony.
If you are trying to write polymorphic code with strong typing this is a big deal.
You must install a version of undici
alongside this module to be used if a native implementation is not available.
$ npm install --save native-fetch undici
const { fetch } = require('native-fetch')
fetch('https://github.com/')
.then(res => res.text())
.then(body => console.log(body))
FAQs
Returns native fetch if available or the undici module if not
We found that native-fetch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.
Security News
A JavaScript library maintainer is under fire after merging a controversial PR to support legacy versions of Node.js.