Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Zero dependencies (160 LOC) & rock-solid request library: http/https, reliable retry on failure, redirects, gzip/deflate/brotli, extensible, proxy, streams, JSON mode, forms, timeout
Ensure your HTTP requests always reach their destination!
In most existing libraries (2023):
⚡️ Rock-req solves these problems with only 160 lines of code and zero dependencies
It also supports many features:
simple-get
API (fork source)Like NodeJS pipeline, when the callback is called, the request is 100% finished, even with streams.
npm install rock-req
All functions accept two or three parameters:
const rock = require('rock-req')
rock(optsOrURL [, bodyOrStreamFn], callback)
optsOrURL
can be an object or a the URLbodyOrStreamFn
can be a buffer/string/object or a function returning an input stream for sending the body of POST/PUT/PATCH/DELETE requestscallback(err, res, data)
called only when everything is finished (even with streams).// res is the server response, already consumed by rock-req. The result is in data
rock.get('http://ex.com', (err, res, data) => {
console.log(res.statusCode) // 200
console.log(data) // Buffer('server response')
})
Alternative syntax:
rock({ method: 'GET', url: 'http://ex.com' }, function (err, res, data) {} )
// OR
rock.concat({ method: 'GET', url: 'http://ex.com' }, function (err, res, data) {} )
Head requests:
rock.head('http://example.com', (err, res, data) => {})
Use the second paramater to pass the body:
rock.post('http://ex.com', 'POST body', (err, res, data) => {})
Alternative syntax:
rock({ method: 'POST', url : 'http://ex.com', body : 'POST body' }, function (err, res, data) {} )
Automatically serialize/deserialize request and response with JSON with getJSON
, putJSON
, postJSON
, deleteJSON
, ...
rock.putJSON('http://ex.com', { id : 123 }, (err, res, data) => {
console.log(data) // already JSON.parsed
})
Alternative syntax:
rock({ method: 'PUT', url: 'http://ex.com', body: { id : 123 }, json: true }, function (err, res, data) {} )
const opts = {
url : 'http://example.com',
method : 'POST',
body : 'this is the POST body',
headers: {
'user-agent': 'my cool app'
}
}
rock(opts, function (err, res, data) {} )
opts can contain any value of NodeJS http.request with rock-req parameters. Here are the most used one:
maxRedirects <number>
overwrite global maximum number of redirects. Defaults to 10maxRetry <number>
overwrite global maximum number of retries. Defaults to 0followRedirects <boolean>
do not follow redirectsbody <buffer> | <string> | <object> | <function>
body to postjson <boolean>
automatically stringify/parse request/response Default : falseurl <string>
the destination URLmethod <string>
A string specifying the HTTP request method. Default: 'GET'.headers <object>
An object containing request headers. Default: 'accept-encoding': 'gzip, deflate, br'timeout <number>
: A number specifying the socket timeout in milliseconds.auth <string>
Basic authentication ('user:password') to compute an Authorization header.port <number>
Port of remote server. Default: defaultPort if set, else 80.host <string>
A domain name or IP address of the server to issue the request to. Default: 'localhost'.hostname <string>
Alias for host.path <string>
Request path. Should include query string if any. E.G. '/index.html?page=12'.protocol <string>
Protocol to use. Default: 'http:'.setHost <boolean>
: Specifies whether or not to automatically add the Host header. Defaults to true.agent <http.Agent> | <boolean>
Controls Agent behavior. Possible values:
undefined
(default): use http.globalAgent for this host and port.Agent object
: explicitly use the passed in Agent.false
causes a new Agent with default values to be used.Rock-req requires that input stream is initialized in a function.
This function is invoked by rock-req for every request retry. If something goes wrong, the old stream is destroyed.
const rock = require('rock-req')
const fs = require('fs')
// opts contains options passed in rock(opts). DO NOT MODIFY IT
function createInputStream(opts) {
return fs.createReadStream('input.txt');
}
const opts = {
url : 'http://example.com',
body: createInputStream
}
rock(opts, function (err, res, data) {})
Alternative syntax:
rock.post('http://example.com', createInputStream, function (err, res, data) {})
// or with more object options:
rock.post(opts, createInputStream, function (err, res, data) {})
Rock-req requires that output stream is initialized in a function. This function is invoked by rock-req for every request retry.
const rock = require('rock-req')
const fs = require('fs')
const { finished } = require('stream')
// opts contains options passed in rock(opts). DO NOT MODIFY IT
// res if the http response (res.statusCode, ...). DO NOT MODIFY IT and DO NOT CONSUME THE RES STREAM YOURSELF
function createOutputStream(opts, res) {
const writer = fs.createWriteStream('test_gfg.txt')
// Internally, rock-req uses pipeline. If something goes wrong, the stream is destroyed automatically.
// If you need to do some action (removing temporary files, ...), uses this native NodeJS method:
const cleanup = finished(writer, (err) => {
if (err) {
// clean up things
}
// When using the finished() method in NodeJS, it's important to be aware that it can leave some event listeners
// (specifically, the 'error', 'end', 'finish', and 'close' events) hanging around even after this callback function has been called.
// This is intentional, as it helps prevent unexpected crashes if an error occurs due to incorrect stream implementations.
// However, if you don't want these event listeners to stick around after the callback function has been called,
// you can use the cleanup function that's returned by stream.finished() to remove them.
// You'll need to explicitly call this cleanup function within your callback function to ensure that the event listeners get removed properly.
cleanup();
});
// It must return a Writable stream. Otherwise, the request is cancel with an error
return writer
}
const opts = {
url : 'http://example.com',
output : createOutputStream
}
rock(opts, function (err, res) {})
By default, rock-req retries with the following errors if maxRetry > 1
.
The callback is called when the request succeed or all retries are done
const rock = require('rock-req');
// default values can be overwritten like this:
rock.defaults.retryOnCode = [
408, /* Request Timeout */
429, /* Too Many Requests */
500, /* Internal Server Error */
502, /* Bad Gateway */
503, /* Service Unavailable */
504, /* Gateway Timeout*/
521, /* Web Server Is Down*/
522, /* Cloudflare Connection Timed Out */
524 /* Cloudflare A Timeout Occurred */
];
rock.defaults.retryOnError = [
'ETIMEDOUT', /* One of the timeout limits was reached. */
'ECONNRESET', /* The connection was forcibly closed. */
'EADDRINUSE', /* Could not bind to any free port */
'ECONNREFUSED', /* The connection was refused by the server. */
'EPIPE', /* The remote side of the stream being written has been closed. */
'ENOTFOUND', /* Could not resolve the hostname to an IP address. */
'ENETUNREACH', /* No internet connection. */
'EAI_AGAIN' /* DNS lookup timed out. */
];
const opts = {
url : 'http://example.com',
body : 'this is the POST body',
maxRetry : 2 // 0 is the default value (= no retries)
}
rock(opts, function (err, res, data) {} );
Change default parameters globally (not recommended), or create a new instance with specific paramaters (see below)
rock.defaults = {
headers : { 'accept-encoding': 'gzip, deflate, br' },
maxRedirects : 10,
maxRetry : 0,
retryDelay : 100, //ms
retryOnCode : [408, 429, 500, 502, 503, 504, 521, 522, 524 ],
retryOnError : ['ETIMEDOUT', 'ECONNRESET', 'EADDRINUSE', 'ECONNREFUSED','EPIPE', 'ENOTFOUND', 'ENETUNREACH', 'EAI_AGAIN' ],
// beforeRequest is called for each request, retry and redirect
beforeRequest : (opts) => {
// There options can be overwritted (= parsed opts.url)
opts.protocol = 'https:' // or 'http:'
opts.hostname = 'google.com';
opts.port = 443;
opts.path = '/mypage.html?bla=1#hash';
opts.auth = '';
opts.headers = {};
opts.body = {};
opts.method = 'POST';
opts.remainingRetry;
opts.remainingRedirects;
// READ-ONLY options (not exhaustive)
opts.url; // DOT NOT OVERWRITE
opts.maxRetry;
opts.maxRedirects;
opts.prevError; // error of previous request on retry
opts.prevStatusCode; // HTTP status code of previous request on retry/redirect
// opts must be returned
return opts;
},
}
Create a new instance with specific parameter instead of modifying rock.defaults
By default, this new instance inherits values of the instance source if options are not overwritten. Headers are merged. Then only the first level of the options object is merged (no deep travelling in sub-objects or arrays).
Here is a basic example of beforeRequest
interceptor to use HAProxy as a forward proxy.
beforeRequest
is always called on each redirect/retry.
opts.url
(and hostname
, port
, protocol
, path
) is updated to the new location. opts.url
is null if it is a relative redirect.opts.url
(and hostname
, port
, protocol
, path
) have the same value as they did
when the rock-req was initially called.const myInstance = rock.extend({
beforeRequest: (opts) => {
const { hostname, port, protocol, path } = opts;
opts.protocol = 'http:';
opts.hostname = '10.0.0.1';
opts.port = 80;
opts.path = `${hostname}/${port}${path}`;
return opts;
},
headers: {
'Custom-header': 'x-for-proxy'
},
timeout : 1000
});
myInstance.get('http://example.com', function (err, res, data) {})
You can set a timeout (in milliseconds) on the request with the timeout
option.
If the request takes longer than timeout
to complete, then the entire request
will fail with an Error
.
const rock = require('rock-req')
const opts = {
url: 'http://example.com',
timeout: 2000 // 2 second timeout
}
rock(opts, function (err, res, data) {})
It's a good idea to set the 'user-agent'
header so the provider can more easily
see how their resource is used.
const rock = require('rock-req')
const pkg = require('./package.json')
rock({
url : 'http://example.com',
headers: {
'user-agent': `my-module/${pkg.version} (https://github.com/username/my-module)`
}
}, function (err, res, data) {})
You can use the tunnel
module with the
agent
option to work with proxies:
const rock = require('rock-req')
const tunnel = require('tunnel')
const opts = {
url: 'http://example.com',
agent: tunnel.httpOverHttp({
proxy: {
host: 'localhost'
}
})
}
rock(opts, function (err, res, data) {})
You can use the cookie
module to include
cookies in a request:
You can extend and create a new instance of rock-req to keep the cookie in header for each request.
const rock = require('rock-req')
const cookie = require('cookie')
const opts = {
url: 'http://example.com',
headers: {
cookie: cookie.serialize('foo', 'bar')
}
}
rock(opts, function (err, res, data) {})
You can use the form-data
module to
create POST request with form data:
const fs = require('fs')
const rock = require('rock-req')
const FormData = require('form-data')
const form = new FormData()
const opts = {
url: 'http://example.com',
body: () => {
form.append('my_file', fs.createReadStream('/foo/bar.jpg'))
}
}
rock.post(opts, function (err, res, data) {})
application/x-www-form-urlencoded
form data manually:const rock = require('rock-req')
const opts = {
url: 'http://example.com',
form: {
key: 'value'
}
}
rock.post(opts, function (err, res, data) {})
const rock = require('rock-req')
const opts = {
url: 'http://example.com/will-redirect-elsewhere',
followRedirects: false
}
// res.statusCode will be 301, no error thrown
rock(opts, function (err, res, data) {})
const user = 'someuser'
const pass = 'pa$$word'
const encodedAuth = Buffer.from(`${user}:${pass}`).toString('base64')
rock('http://example.com', {
headers: {
authorization: `Basic ${encodedAuth}`
}
})
You can use the oauth-1.0a
module to create
a signed OAuth request:
const rock = require('rock-req')
const crypto = require('crypto')
const OAuth = require('oauth-1.0a')
const oauth = OAuth({
consumer: {
key: process.env.CONSUMER_KEY,
secret: process.env.CONSUMER_SECRET
},
signature_method: 'HMAC-SHA1',
hash_function: (baseString, key) => crypto.createHmac('sha1', key).update(baseString).digest('base64')
})
const token = {
key: process.env.ACCESS_TOKEN,
secret: process.env.ACCESS_TOKEN_SECRET
}
const url = 'https://api.twitter.com/1.1/statuses/home_timeline.json'
const opts = {
url: url,
headers: oauth.toHeader(oauth.authorize({url, method: 'GET'}, token)),
json: true
}
rock(opts, function (err, res) {})
You can use limiter to throttle requests. This is useful when calling an API that is rate limited.
const rock = require('rock-get')
const RateLimiter = require('limiter').RateLimiter
const limiter = new RateLimiter(1, 'second')
const rock = (opts, cb) => limiter.removeTokens(1, () => rock(opts, cb))
rock.concat = (opts, cb) => limiter.removeTokens(1, () => rock.concat(opts, cb))
var opts = {
url: 'http://example.com'
}
rock.concat(opts, processResult)
rock.concat(opts, processResult)
function processResult (err, res, data) {
if (err) throw err
console.log(data.toString())
}
Rock-req is a fork of simple-get
opts.output
parameter (see "Output Stream" in the doc)body = stream
body = () => { const myStream = create(); return myStream; }
url.parse
by new URL
but new URL is slower than url.parse. Let's see if Node 20 LTS is fasterThis packaged in maintained by Carbone:
Thank you Feross Aboukhadijeh, creator of simple-get
5.0.2
FAQs
Ultra-light (150 LOC, No dependencies) & Ultra-fast request library with reliable retry on failure, http/https, redirects, gzip/deflate/brotli, extensible, proxy, streams, JSON mode, forms, timeout
The npm package rock-req receives a total of 186 weekly downloads. As such, rock-req popularity was classified as not popular.
We found that rock-req demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.