Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
socks-proxy-agent
Advanced tools
The socks-proxy-agent package is a SOCKS proxy http.Agent implementation for HTTP and HTTPS. This package allows you to route HTTP and HTTPS requests through a SOCKS proxy server. It is useful for bypassing network restrictions or connecting to servers anonymously.
HTTP/HTTPS request via SOCKS proxy
This code sample demonstrates how to send an HTTP or HTTPS request through a SOCKS proxy using the socks-proxy-agent package. The agent is created with the proxy server information and passed to the HTTP request options.
const SocksProxyAgent = require('socks-proxy-agent');
const agent = new SocksProxyAgent('socks://localhost:1080');
const https = require('https');
https.get('https://example.com', { agent }, (res) => {
console.log(`Got response: ${res.statusCode}`);
// consume response body
res.resume();
}).on('error', (e) => {
console.error(`Got error: ${e.message}`);
});
The http-proxy-agent package provides an http.Agent implementation that connects to a specified HTTP proxy server, and can be used for forwarding HTTP requests. Unlike socks-proxy-agent, it does not support SOCKS proxies, only HTTP.
Similar to http-proxy-agent, https-proxy-agent provides an http.Agent implementation for HTTPS requests that connects to an HTTPS proxy server. It is specifically designed for HTTPS connections and does not support SOCKS proxies.
The proxy-agent package is a more general solution that supports multiple proxy protocols including HTTP, HTTPS, SOCKS, and PAC files. It can be used as a drop-in replacement for the standard http.Agent and automatically selects the appropriate agent based on the proxy's protocol. This makes it more versatile than socks-proxy-agent, which is specialized for SOCKS proxies only.
http.Agent
implementation for HTTP and HTTPSThis module provides an http.Agent
implementation that connects to a
specified SOCKS proxy server, and can be used with the built-in http
and https
modules.
It can also be used in conjunction with the ws
module to establish a WebSocket
connection over a SOCKS proxy. See the "Examples" section below.
import https from 'https';
import { SocksProxyAgent } from 'socks-proxy-agent';
const agent = new SocksProxyAgent(
'socks://your-name%40gmail.com:abcdef12345124@br41.nordvpn.com'
);
https.get('https://ipinfo.io', { agent }, (res) => {
console.log(res.headers);
res.pipe(process.stdout);
});
ws
WebSocket connection exampleimport WebSocket from 'ws';
import { SocksProxyAgent } from 'socks-proxy-agent';
const agent = new SocksProxyAgent(
'socks://your-name%40gmail.com:abcdef12345124@br41.nordvpn.com'
);
var socket = new WebSocket('ws://echo.websocket.events', { agent });
socket.on('open', function () {
console.log('"open" event!');
socket.send('hello world');
});
socket.on('message', function (data, flags) {
console.log('"message" event! %j %j', data, flags);
socket.close();
});
FAQs
A SOCKS proxy `http.Agent` implementation for HTTP and HTTPS
The npm package socks-proxy-agent receives a total of 15,889,627 weekly downloads. As such, socks-proxy-agent popularity was classified as popular.
We found that socks-proxy-agent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.