Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
proxy-http-agent
Advanced tools
A factory to create http proxy agent! To create proxy tunneling! http and https (for both server and proxy)
A factory to create http proxy agent! Based on the tunnel module! To use a proxy through modules like http and https or node-fetch!
It support https => (http, https) and http => (http, https). (proxy => server) ! Either the proxy is http and either it will go as a tunnel for http! Or a tunnel for https through the CONNECT method! Or the proxy will be https! And direct forwarding will go!
npm install proxy-http-agent --save
The name start with proxy and make the accent on https agent to highlight that it's https.Agent
let agent = getProxyHttpAgent(options);
const { getProxyHttpAgent } = require('proxy-http-agent');
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent = getProxyHttpAgent({
proxy: proxyUrl,
rejectUnauthorized: false
});
Also the module is build by typescript! It support typescript too out of the box!
import { getProxyHttpAgent } = from 'proxy-http-agent';
import https from 'https';
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent: https.Agent = getProxyHttpAgent({
proxy: proxyUrl,
rejectUnauthorized: false
});
In the core the options are the direct options of http.Agent
and https.Agent
and tunnel module factories options
Check the node-tunnel repo here
https://github.com/koichik/node-tunnel/
Plus our extra options:
(Obligatory)
interface IProxyOptions {
host: string;
port: number;
protocol?: 'http:' | 'https:';
localAddress?: string;
proxyAuth?: string;
headers?: { [key: string]: any };
}
interface IHttpsProxyOptions extends IProxyOptions {
ca?: Buffer[];
servername?: string;
key?: Buffer;
cert?: Buffer;
}
string: the proxy url
(optional) default: 'https:'
For typescript you can also get directly https.Agent type from this module as follow
import { getProxyHttpAgent, HttpsAgent, HttpAgent } = from 'proxy-http-agent';
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent: HttpsAgent = getProxyHttpAgent({
proxy: proxyUrl,
rejectUnauthorized: false
});
We do expose and export it too.
From the test files here some nice examples
(default is https)
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent = getProxyHttpAgent({
proxy: proxyUrl, // proxy as url string! We can use an object (as tunnel module require too)
rejectUnauthorized: false
});
try {
console.log(('fetch :::: :: :: :: :'))
const response = await fetch(`https://localhost:${localApiHttpsServerPort}`, {
method: 'GET',
agent
});
console.log('"response !!!!!!!!!!!!"')
if (response.status === 200) {
const data = await response.json();
console.log(data)
if (data) {
expect(data.host).toEqual(`localhost:${localApiHttpsServerPort}`);
} else {
fail(new Error('No data from local server!'));
}
}
} catch(err) {
fail(err);
}
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent = getProxyHttpAgent({
proxy: proxyUrl
});
const opts: any = url.parse(`https://api.binance.com/api/v3/ping`);
delete opts.port;
opts.agent = agent;
let req = https.get(opts, function(res) {
let data: any = '';
res.setEncoding('utf8');
res.on('data', function(b) {
console.log('::::::::::::::::::::::::::::::::::::://///>')
console.log('DATA ::::')
data += b;
});
res.on('end', function() {
console.log('RESPONSE END :::::::::::////>')
data = JSON.parse(data);
console.log(data)
expect(data).toEqual({});
done();
});
});
req.once('error', done);
let proxyUrl =
process.env.HTTP_PROXY ||
process.env.http_proxy ||
`http://localhost:${proxyPort}`;
let agent = getProxyHttpAgent({
proxy: proxyUrl,
endServerProtocol: 'http:' // <<==== here (we precise that we need an agent to communicate with an end server that work with http)
});
try {
console.log("Fetch ::::>")
const response = await fetch(`http://localhost:${localApiServerPort}`, {
method: 'GET',
agent
});
console.log('response :::::::::////>')
if (response.status === 200) {
const data = await response.json();
if (data) {
expect(data.host).toEqual(`localhost:${localApiServerPort}`);
} else {
fail(new Error('No data from local server!'));
}
}
} catch(err) {
fail(err);
}
FAQs
A factory to create http proxy agent! To create proxy tunneling! http and https (for both server and proxy)
We found that proxy-http-agent demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.