Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
request-promise-core
Advanced tools
Core Promise support implementation for the simplified HTTP request client 'request'.
The request-promise-core package is a foundational library for making HTTP requests in Node.js. It is designed to be a lightweight and flexible core for building HTTP request libraries with promise support. It provides the essential functionality for making HTTP requests and handling responses, and it can be extended or used as a base for more complex request libraries.
Basic HTTP Request
This feature allows you to make a basic HTTP GET request to a specified URI and handle the response using promises. The example demonstrates how to fetch a post from a placeholder API and log the response.
const request = require('request-promise-core');
const options = {
method: 'GET',
uri: 'https://jsonplaceholder.typicode.com/posts/1',
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error(err);
});
Custom Request Options
This feature allows you to customize the HTTP request by specifying various options such as method, URI, and request body. The example demonstrates how to make a POST request to create a new post on a placeholder API.
const request = require('request-promise-core');
const options = {
method: 'POST',
uri: 'https://jsonplaceholder.typicode.com/posts',
body: {
title: 'foo',
body: 'bar',
userId: 1
},
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error(err);
});
Handling Errors
This feature demonstrates how to handle errors that occur during an HTTP request. The example shows how to catch and log errors when making a request to an invalid endpoint.
const request = require('request-promise-core');
const options = {
method: 'GET',
uri: 'https://jsonplaceholder.typicode.com/invalid-endpoint',
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error('Request failed:', err.message);
});
Axios is a popular promise-based HTTP client for the browser and Node.js. It provides a simple and easy-to-use API for making HTTP requests and handling responses. Compared to request-promise-core, Axios offers more built-in features such as request and response interceptors, automatic JSON data transformation, and support for canceling requests.
Node-fetch is a lightweight module that brings the Fetch API to Node.js. It is designed to be a minimalistic and efficient HTTP client. Compared to request-promise-core, node-fetch has a smaller footprint and is more aligned with the Fetch API standard used in browsers, making it a good choice for developers who prefer a consistent API across environments.
Got is a human-friendly and powerful HTTP request library for Node.js. It supports promises, streams, retries, and many other advanced features. Compared to request-promise-core, Got offers a more comprehensive set of features out of the box, including support for advanced request customization, hooks, and built-in retry mechanisms.
This package is the core for the following packages:
request-promise-core
contains the core logic to add Promise support to request
.
Please use one of the libraries above. It is only recommended to use this library directly, if you have very specific requirements.
request@^2.34
This module is installed via npm:
npm install --save request
npm install --save request-promise-core
request
is defined as a peer-dependency and thus has to be installed separately.
request@^2.34
// 1. Load the request library
// Only use a direct require if you are 100% sure that:
// - Your project does not use request directly. That is without the Promise capabilities by calling require('request').
// - Any of the installed libraries use request.
// ...because Request's prototype will be patched in step 2.
/* var request = require('request'); */
// Instead use:
var stealthyRequire = require('stealthy-require');
var request = stealthyRequire(require.cache, function () {
return require('request');
});
// 2. Add Promise support to request
var configure = require('request-promise-core/configure/request2');
configure({
request: request,
// Pass your favorite ES6-compatible promise implementation
PromiseImpl: Promise,
// Expose all methods of the promise instance you want to call on the request(...) call
expose: [
'then', // Allows to use request(...).then(...)
'catch', // Allows to use request(...).catch(...)
'promise' // Allows to use request(...).promise() which returns the promise instance
],
// Optional: Pass a callback that is called within the Promise constructor
constructorMixin: function (resolve, reject) {
// `this` is the request object
// Additional arguments may be passed depending on the PromiseImpl used
}
});
// 3. Use request with its promise capabilities
// E.g. crawl a web page:
request('http://www.google.com')
.then(function (htmlString) {
// Process html...
})
.catch(function (err) {
// Crawling failed...
});
request@next
Request Next is still in alpha. However, request-promise-core
is already designed to be compatible and ships with a configuration helper – require('request-promise-core/configure/request-next')
– that is used by request-promise
in its "next" branch.
To set up your development environment:
cd
to the main folder,npm install
,npm install gulp -g
if you haven't installed gulp globally yet, andgulp dev
. (Or run node ./node_modules/.bin/gulp dev
if you don't want to install gulp globally.)gulp dev
watches all source files and if you save some changes it will lint the code and execute all tests. The test coverage report can be viewed from ./coverage/lcov-report/index.html
.
If you want to debug a test you should use gulp test-without-coverage
to run all tests without obscuring the code by the test coverage instrumentation.
lodash
to ^4.17.19
following this advisory.lodash
to ^4.17.15
. See vulnerabilty reports.
(Thanks to @daniel-nagy for pull request #20 and thanks to @quetzaluz for reporting this in issue #21.)lodash
to ^4.17.11
. See vulnerabilty reports.
(Thanks to @lucaswillering and @sam-warren-finnair for reporting this in issues #12 and #13 and thanks to @Alec321 for pull request #14.)constructorMixin
option to enable request/request-promise#123request-promise@3.0.0
transform2xxOnly
option (fixes request/request-promise#131)In case you never heard about the ISC license it is functionally equivalent to the MIT license.
See the LICENSE file for details.
FAQs
Core Promise support implementation for the simplified HTTP request client 'request'.
The npm package request-promise-core receives a total of 7,135,907 weekly downloads. As such, request-promise-core popularity was classified as popular.
We found that request-promise-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.