Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
request-promise-core
Advanced tools
Core Promise support implementation for the simplified HTTP request client 'request'.
The request-promise-core package is a foundational library for making HTTP requests in Node.js. It is designed to be a lightweight and flexible core for building HTTP request libraries with promise support. It provides the essential functionality for making HTTP requests and handling responses, and it can be extended or used as a base for more complex request libraries.
Basic HTTP Request
This feature allows you to make a basic HTTP GET request to a specified URI and handle the response using promises. The example demonstrates how to fetch a post from a placeholder API and log the response.
const request = require('request-promise-core');
const options = {
method: 'GET',
uri: 'https://jsonplaceholder.typicode.com/posts/1',
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error(err);
});
Custom Request Options
This feature allows you to customize the HTTP request by specifying various options such as method, URI, and request body. The example demonstrates how to make a POST request to create a new post on a placeholder API.
const request = require('request-promise-core');
const options = {
method: 'POST',
uri: 'https://jsonplaceholder.typicode.com/posts',
body: {
title: 'foo',
body: 'bar',
userId: 1
},
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error(err);
});
Handling Errors
This feature demonstrates how to handle errors that occur during an HTTP request. The example shows how to catch and log errors when making a request to an invalid endpoint.
const request = require('request-promise-core');
const options = {
method: 'GET',
uri: 'https://jsonplaceholder.typicode.com/invalid-endpoint',
json: true
};
request(options)
.then(response => {
console.log(response);
})
.catch(err => {
console.error('Request failed:', err.message);
});
Axios is a popular promise-based HTTP client for the browser and Node.js. It provides a simple and easy-to-use API for making HTTP requests and handling responses. Compared to request-promise-core, Axios offers more built-in features such as request and response interceptors, automatic JSON data transformation, and support for canceling requests.
Node-fetch is a lightweight module that brings the Fetch API to Node.js. It is designed to be a minimalistic and efficient HTTP client. Compared to request-promise-core, node-fetch has a smaller footprint and is more aligned with the Fetch API standard used in browsers, making it a good choice for developers who prefer a consistent API across environments.
Got is a human-friendly and powerful HTTP request library for Node.js. It supports promises, streams, retries, and many other advanced features. Compared to request-promise-core, Got offers a more comprehensive set of features out of the box, including support for advanced request customization, hooks, and built-in retry mechanisms.
This package is the core for the following packages:
request-promise-core
contains the core logic to add Promise support to request
.
Please use one of the libraries above. It is only recommended to use this library directly, if you have very specific requirements.
request@^2.34
This module is installed via npm:
npm install --save request
npm install --save request-promise-core
request
is defined as a peer-dependency and thus has to be installed separately.
request@^2.34
// 1. Load the request library
// Only use a direct require if you are 100% sure that:
// - Your project does not use request directly. That is without the Promise capabilities by calling require('request').
// - Any of the installed libraries use request.
// ...because Request's prototype will be patched in step 2.
/* var request = require('request'); */
// Instead use:
var stealthyRequire = require('stealthy-require');
var request = stealthyRequire(require.cache, function () {
return require('request');
});
// 2. Add Promise support to request
var configure = require('request-promise-core/configure/request2');
configure({
request: request,
// Pass your favorite ES6-compatible promise implementation
PromiseImpl: Promise,
// Expose all methods of the promise instance you want to call on the request(...) call
expose: [
'then', // Allows to use request(...).then(...)
'catch', // Allows to use request(...).catch(...)
'promise' // Allows to use request(...).promise() which returns the promise instance
],
// Optional: Pass a callback that is called within the Promise constructor
constructorMixin: function (resolve, reject) {
// `this` is the request object
// Additional arguments may be passed depending on the PromiseImpl used
}
});
// 3. Use request with its promise capabilities
// E.g. crawl a web page:
request('http://www.google.com')
.then(function (htmlString) {
// Process html...
})
.catch(function (err) {
// Crawling failed...
});
request@next
Request Next is still in alpha. However, request-promise-core
is already designed to be compatible and ships with a configuration helper – require('request-promise-core/configure/request-next')
– that is used by request-promise
in its "next" branch.
To set up your development environment:
cd
to the main folder,npm install
,npm install gulp -g
if you haven't installed gulp globally yet, andgulp dev
. (Or run node ./node_modules/.bin/gulp dev
if you don't want to install gulp globally.)gulp dev
watches all source files and if you save some changes it will lint the code and execute all tests. The test coverage report can be viewed from ./coverage/lcov-report/index.html
.
If you want to debug a test you should use gulp test-without-coverage
to run all tests without obscuring the code by the test coverage instrumentation.
lodash
to ^4.17.19
following this advisory.lodash
to ^4.17.15
. See vulnerabilty reports.
(Thanks to @daniel-nagy for pull request #20 and thanks to @quetzaluz for reporting this in issue #21.)lodash
to ^4.17.11
. See vulnerabilty reports.
(Thanks to @lucaswillering and @sam-warren-finnair for reporting this in issues #12 and #13 and thanks to @Alec321 for pull request #14.)constructorMixin
option to enable request/request-promise#123request-promise@3.0.0
transform2xxOnly
option (fixes request/request-promise#131)In case you never heard about the ISC license it is functionally equivalent to the MIT license.
See the LICENSE file for details.
FAQs
Core Promise support implementation for the simplified HTTP request client 'request'.
The npm package request-promise-core receives a total of 3,690,845 weekly downloads. As such, request-promise-core popularity was classified as popular.
We found that request-promise-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.