Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The 'request' npm package is a simple, yet powerful HTTP client that supports multiple features such as making HTTP calls, handling responses, streaming data, and more. It is designed to be the simplest way possible to make http calls and supports HTTPS and follows redirects by default.
Simple HTTP GET requests
This code performs a simple HTTP GET request to Google's homepage and logs the error, response status code, and the response body.
const request = require('request');
request('http://www.google.com', function (error, response, body) {
console.log('error:', error);
console.log('statusCode:', response && response.statusCode);
console.log('body:', body);
});
Streaming data
This code demonstrates how to stream data from an HTTP request directly to a file, which can be useful for downloading files or handling large amounts of data.
const request = require('request');
const fs = require('fs');
const stream = fs.createWriteStream('file.txt');
request('http://www.google.com').pipe(stream);
Custom HTTP headers
This code shows how to send a custom HTTP header (in this case, the User-Agent header) with a request. This is often required when using certain APIs, like GitHub's.
const request = require('request');
const options = {
url: 'https://api.github.com/repos/request/request',
headers: {
'User-Agent': 'request'
}
};
function callback(error, response, body) {
if (!error && response.statusCode == 200) {
const info = JSON.parse(body);
console.log(info);
}
}
request(options, callback);
Handling POST requests
This code snippet demonstrates how to send a POST request with form data, including how to upload a file as part of that form data.
const request = require('request');
const options = {
method: 'POST',
url: 'http://service.com/upload',
headers: {
'Content-Type': 'multipart/form-data'
},
formData: {
key: 'value',
file: fs.createReadStream('file.txt')
}
};
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
Axios is a promise-based HTTP client for the browser and Node.js. It provides a simple API for making HTTP requests and is often used as an alternative to 'request' due to its promise support and interceptors for request/response manipulation.
Got is a human-friendly and powerful HTTP request library. It is designed to be a simpler and more performant alternative to 'request', with features like streams support, promise API, and better error handling.
Node-fetch is a light-weight module that brings the Fetch API to Node.js. It is an alternative to 'request' that provides a simpler, promise-based API for making HTTP requests, similar to what is available in modern web browsers.
Superagent is a small progressive client-side HTTP request library, and Node.js module with the same API, sporting many high-level HTTP client features. It compares to 'request' by offering a fluent API and being lightweight.
npm install request
Or from source:
git clone git://github.com/mikeal/request.git cd request npm link
Request is designed to be the simplest way possible to make http calls. It supports HTTPS and follows redirects by default.
var request = require('request');
request('http://www.google.com', function (error, response, body) {
if (!error && response.statusCode == 200) {
console.log(body) // Print the google web page.
}
})
You can stream any response to a file stream.
request('http://google.com/doodle.png').pipe(fs.createWriteStream('doodle.png'))
You can also stream a file to a PUT or POST request. This method will also check the file extension against a mapping of file extensions to content-types, in this case application/json
, and use the proper content-type in the PUT request if one is not already provided in the headers.
fs.createReadStream('file.json').pipe(request.put('http://mysite.com/obj.json'))
Request can also pipe to itself. When doing so the content-type and content-length will be preserved in the PUT headers.
request.get('http://google.com/img.png').pipe(request.put('http://mysite.com/img.png'))
Now let's get fancy.
http.createServer(function (req, resp) {
if (req.url === '/doodle.png') {
if (req.method === 'PUT') {
req.pipe(request.put('http://mysite.com/doodle.png'))
} else if (req.method === 'GET' || req.method === 'HEAD') {
request.get('http://mysite.com/doodle.png').pipe(resp)
}
}
})
You can also pipe() from a http.ServerRequest instance and to a http.ServerResponse instance. The HTTP method and headers will be sent as well as the entity-body data. Which means that, if you don't really care about security, you can do:
http.createServer(function (req, resp) {
if (req.url === '/doodle.png') {
var x = request('http://mysite.com/doodle.png')
req.pipe(x)
x.pipe(resp)
}
})
And since pipe() returns the destination stream in node 0.5.x you can do one line proxying :)
req.pipe(request('http://mysite.com/doodle.png')).pipe(resp)
Also, none of this new functionality conflicts with requests previous features, it just expands them.
var r = request.defaults({'proxy':'http://localproxy.com'})
http.createServer(function (req, resp) {
if (req.url === '/doodle.png') {
r.get('http://google.com/doodle.png').pipe(resp)
}
})
You can still use intermediate proxies, the requests will still follow HTTP forwards, etc.
// Twitter OAuth
var qs = require('querystring')
, oauth =
{ callback: 'http://mysite.com/callback/'
, consumer_key: CONSUMER_KEY
, consumer_secret: CONSUMER_SECRET
}
, url = 'https://api.twitter.com/oauth/request_token'
;
request.post({url:url, oauth:oauth}, function (e, r, body) {
// Assume by some stretch of magic you aquired the verifier
var access_token = qs.parse(body)
, oauth =
{ consumer_key: CONSUMER_KEY
, consumer_secret: CONSUMER_SECRET
, token: access_token.oauth_token
, verifier: VERIFIER
, token_secret: access_token.oauth_token_secret
}
, url = 'https://api.twitter.com/oauth/access_token'
;
request.post({url:url, oauth:oauth}, function (e, r, body) {
var perm_token = qs.parse(body)
, oauth =
{ consumer_key: CONSUMER_KEY
, consumer_secret: CONSUMER_SECRET
, token: perm_token.oauth_token
, token_secret: perm_token.oauth_token_secret
}
, url = 'https://api.twitter.com/1/users/show.json?'
, params =
{ screen_name: perm_token.screen_name
, user_id: perm_token.user_id
}
;
url += qs.stringify(params)
request.get({url:url, oauth:oauth, json:true}, function (e, r, user) {
console.log(user)
})
})
})
The first argument can be either a url or an options object. The only required option is uri, all others are optional.
uri
|| url
- fully qualified uri or a parsed url object from url.parse()qs
- object containing querystring values to be appended to the urimethod
- http method, defaults to GETheaders
- http headers, defaults to {}body
- entity body for POST and PUT requests. Must be buffer or string.form
- sets body
but to querystring representation of value and adds Content-type: application/x-www-form-urlencoded; charset=utf-8
header.json
- sets body
but to JSON representation of value and adds Content-type: application/json
header. Additionally, parses the response body as json.multipart
- (experimental) array of objects which contains their own headers and body
attribute. Sends multipart/related
request. See example below.followRedirect
- follow HTTP 3xx responses as redirects. defaults to true.followAllRedirects
- follow non-GET HTTP 3xx responses as redirects. defaults to false.maxRedirects
- the maximum number of redirects to follow, defaults to 10.encoding
- Encoding to be used on setEncoding
of response data. If set to null
, the body is returned as a Buffer.pool
- A hash object containing the agents for these requests. If omitted this request will use the global pool which is set to node's default maxSockets.pool.maxSockets
- Integer containing the maximum amount of sockets in the pool.timeout
- Integer containing the number of milliseconds to wait for a request to respond before aborting the requestproxy
- An HTTP proxy to be used. Support proxy Auth with Basic Auth the same way it's supported with the url
parameter by embedding the auth info in the uri.oauth
- Options for OAuth HMAC-SHA1 signing, see documentation above.strictSSL
- Set to true
to require that SSL certificates be valid. Note: to use your own certificate authority, you need to specify an agent that was created with that ca as an option.jar
- Set to false
if you don't want cookies to be remembered for future use or define your custom cookie jar (see examples section)The callback argument gets 3 arguments. The first is an error when applicable (usually from the http.Client option not the http.ClientRequest object). The second in an http.ClientResponse object. The third is the response body String or Buffer.
There are also shorthand methods for different HTTP METHODs and some other conveniences.
This method returns a wrapper around the normal request API that defaults to whatever options you pass in to it.
Same as request() but defaults to method: "PUT"
.
request.put(url)
Same as request() but defaults to method: "POST"
.
request.post(url)
Same as request() but defaults to method: "HEAD"
.
request.head(url)
Same as request() but defaults to method: "DELETE"
.
request.del(url)
Alias to normal request method for uniformity.
request.get(url)
Function that creates a new cookie.
request.cookie('cookie_string_here')
Function that creates a new cookie jar.
request.jar()
var request = require('request')
, rand = Math.floor(Math.random()*100000000).toString()
;
request(
{ method: 'PUT'
, uri: 'http://mikeal.iriscouch.com/testjs/' + rand
, multipart:
[ { 'content-type': 'application/json'
, body: JSON.stringify({foo: 'bar', _attachments: {'message.txt': {follows: true, length: 18, 'content_type': 'text/plain' }}})
}
, { body: 'I am an attachment' }
]
}
, function (error, response, body) {
if(response.statusCode == 201){
console.log('document saved as: http://mikeal.iriscouch.com/testjs/'+ rand)
} else {
console.log('error: '+ response.statusCode)
console.log(body)
}
}
)
Cookies are enabled by default (so they can be used in subsequent requests). To disable cookies set jar to false (either in defaults or in the options sent).
var request = request.defaults({jar: false})
request('http://www.google.com', function () {
request('http://images.google.com')
})
If you to use a custom cookie jar (instead of letting request use its own global cookie jar) you do so by setting the jar default or by specifying it as an option:
var j = request.jar()
var request = request.defaults({jar:j})
request('http://www.google.com', function () {
request('http://images.google.com')
})
OR
var j = request.jar()
var cookie = request.cookie('your_cookie_here')
j.add(cookie)
request({url: 'http://www.google.com', jar: j}, function () {
request('http://images.google.com')
})
FAQs
Simplified HTTP request client.
The npm package request receives a total of 8,343,141 weekly downloads. As such, request popularity was classified as popular.
We found that request demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.