Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
superagent
Advanced tools
The superagent npm package is a small progressive client-side HTTP request library, and Node.js module with the same API, sporting many high-level HTTP client features. It is designed to make HTTP requests from both Node.js and browsers.
GET requests
This feature allows you to make GET requests to retrieve data from a server. You can include query parameters and handle the response asynchronously.
superagent.get('/search').query({ query: 'Manny' }).end(function(err, res){ /* handling response */ });
POST requests
This feature is used to send POST requests to a server. You can send data as part of the request body and set custom headers.
superagent.post('/api/pets').send({ name: 'Manny', species: 'cat' }).set('X-API-Key', 'foobar').end(function(err, res){ /* handling response */ });
Handling responses
This feature allows you to handle responses from the server, checking if the request was successful and then acting on the data received.
superagent.get('/some-url').end(function(err, res){ if (res.ok) { console.log('yay got ' + JSON.stringify(res.body)); } else { console.log('Oh no! error ' + res.text); } });
Promises and async/await
Superagent can be used with promises and async/await syntax for better asynchronous control flow.
async function getData() { try { const res = await superagent.get('/some-url'); console.log(res.body); } catch (err) { console.error(err); } }
Pipelining requests
This feature allows you to pipe the response stream directly to a file or another writable stream.
superagent.get('/some-url').pipe(fs.createWriteStream('result.txt'))
Axios is a promise-based HTTP client for the browser and Node.js. It provides a simple API and handles requests and responses in JSON format. Compared to superagent, it has built-in CSRF protection and supports interceptors for request and response transformation.
The Fetch API provides a more modern alternative to XMLHttpRequest for making HTTP requests in the browser. It is not an npm package but a built-in browser API. It returns promises and works with async/await. Unlike superagent, it is not Node.js compatible without polyfills.
Got is a Node.js HTTP request library that is designed to be a simpler and more user-friendly alternative to Node's native 'http' module. It supports promises and async/await, streams, and advanced features like retries and timeouts. It is often compared to superagent for its simplicity and feature set.
node-fetch is a light-weight module that brings the browser Fetch API to Node.js. It is similar to superagent but is designed to mimic the Fetch API as closely as possible. It is promise-based and supports stream consumption.
Request is a simplified HTTP request client for Node.js, but it has been deprecated. It was known for its simplicity and wide adoption. Superagent offers a similar feature set but continues to be maintained and updated.
SuperAgent is a small progressive client-side HTTP request library, and Node.js module with the same API, sporting many high-level HTTP client features. View the docs.
node:
$ npm install superagent
component:
$ component install visionmedia/superagent
Works with browserify and should work with webpack
request
.post('/api/pet')
.send({ name: 'Manny', species: 'cat' })
.set('X-API-Key', 'foobar')
.set('Accept', 'application/json')
.end(function(err, res){
// Calling the end function will send the request
});
Tested browsers:
Even though IE9 is supported, a polyfill for window.FormData
is required for .field()
, and window.btoa
is needed to use basic auth.
Superagent is easily extended via plugins.
var nocache = require('superagent-no-cache');
var request = require('superagent');
var prefix = require('superagent-prefix')('/static');
request
.get('/some-url')
.use(prefix) // Prefixes *only* this request
.use(nocache) // Prevents caching of *only* this request
.end(function(err, res){
// Do something
});
Existing plugins:
Please prefix your plugin with superagent-*
so that it can easily be found by others.
For superagent extensions such as couchdb and oauth visit the wiki.
Install dependencies:
$ npm install
Run em!
$ make test
Install dependencies:
$ npm install
Start the test runner:
$ make test-browser-local
Visit http://localhost:4000/__zuul
in your browser.
Edit tests and refresh your browser. You do not have to restart the test runner.
npm (for node) is configured via the package.json
file and the .npmignore
file. Key metadata in the package.json
file is the version
field which should be changed according to semantic versioning and have a 1-1 correspondence with git tags. So for example, if you were to git show v1.5.0:package.json | grep version
, you should see "version": "1.5.0",
and this should hold true for every release. This can be handled via the npm version
command. Be aware that when publishing, npm will presume the version being published should also be tagged in npm as latest
, which is OK for normal incremental releases. For betas and minor/patch releases to older versions, be sure to include --tag
appropriately to avoid an older release getting tagged as latest
.
npm (for browser standalone) When we publish versions to npm, we run make superagent.js
which generates the standalone superagent.js
file via browserify
, and this file is included in the package published to npm (but this file is never checked into the git repository). If users want to install via npm but serve a single .js
file directly to the browser, the node_modules/superagent/superagent.js
is a standalone browserified file ready to go for that purpose. It is not minified.
npm (for browserify) is handled via the package.json
browser
field which allows users to install superagent via npm, reference it from their browser code with require('superagent')
, and then build their own application bundle via browserify
, which will use lib/client.js
as the superagent entrypoint.
bower is configured via the bower.json
file. Bower installs files directly from git/github without any transformation.
component is configured via the component.json
file.
MIT
2.0.0 (2016-05-29)
Breaking changes are in rarely used functionality, so we hope upgrade will be smooth for most users.
.parse()
method has been renamed to .serialize()
for consistency with NodeJS version.'undefined'
, now their value is ''
(empty string) (shura, Kornel Lesiński).redirect
event is called after new query string and headers have been set and is allowed to override the request URL (Kornel Lesiński).then()
returns a real Promise
. Note that use of superagent with promises now requires a global Promise
object.
If you target Internet Explorer or Node 0.10, you'll need require('es6-promise').polyfill()
or similar.@api private
to have _prefixed
names (Kornel Lesiński)FormData
error events (scriptype)request.head()
supports .redirects(5)
call (Kornel Lesiński)response
event is also emitted when using .pipe()
FAQs
elegant & feature rich browser / node HTTP with a fluent API
The npm package superagent receives a total of 7,613,213 weekly downloads. As such, superagent popularity was classified as popular.
We found that superagent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.