Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sync-request-curl
Advanced tools
Fast way to send synchronous web requests. API is a subset of the original sync-request, leverages node-libcurl
Make synchronous web requests similar to sync-request, but 20 times more quickly.
Leverages node-libcurl for performance as opposed to spawning child processes like sync-request.
This library cannot be used in a browser.
npm install sync-request-curl
request(method, url, options);
e.g.
import request from 'sync-request-curl';
const response = request(
'GET',
'https://comp1531forum.alwaysdata.net/echo/echo',
{
qs: { message: 'Hello, world!' }
}
);
console.log(response.statusCode)
console.log(response.body.toString());
See sync-request for the original documentation.
Please note that this library only supports a subset of the original features, which are summarised below.
HTTP method (of type HttpVerb
)
e.g. PUT
/POST
/GET
/DELETE
.
URL as a string.
Only the following subset of options are supported for the time being:
qs
- an object containing query string values to be appended to the URL, e.g. { message: 'Hello, world!' }
headers
- HTTP headers, e.g. { token: 'abcdefg' }
body
- body for POST and PUT requests, e.g. JSON.stringify({ email: 'example@email.com', password: 'comp1531' })
json
- sets body as JSON representation of value and adds Content-type: application/json
to the headers.timeout
- times out if no response is returned within the given number of milliseconds, e.g. 2000
.In src/types.ts, the following is defined:
export interface Options {
headers?: IncomingHttpHeaders;
timeout?: number;
qs?: {
[key: string]: any;
};
json?: any;
body?: string | Buffer | NodeJS.ReadableStream;
}
statusCode
- a number representing the HTTP status code (e.g. 200
, 400
, 401
, 403
)headers
- HTTP response headersbody
- a string or buffer - use body.toString()
for common use cases.getBody
- a function with an optional encoding
argument that returns the body
if encoding
is undefined
, otherwise body.toString(encoding)
. If the statusCode >= 300
, an Error
is thrown instead.In src/types.ts, the following is defined:
export interface Response {
statusCode: number;
headers: OutgoingHttpHeaders;
body: string | Buffer;
getBody: (encoding?: BufferEncoding) => string | Buffer;
}
MIT
This library was developed mainly to improve performance with sending synchronous requests in NodeJS.
It was designed to work with UNIX-like systems for UNSW students enrolled in COMP1531 Software Fundamentals.
Tested to be working on Arch & Debian Linux. Since node-libcurl is the core of this module, it is likely also compatible with other operating systems such as MacOS and Windows.
FAQs
Fast way to send synchronous web requests in NodeJS. API is a subset of sync-request. Leverages node-libcurl for high performance. Cannot be used in a browser.
The npm package sync-request-curl receives a total of 32,229 weekly downloads. As such, sync-request-curl popularity was classified as popular.
We found that sync-request-curl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.