Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sync-request-curl
Advanced tools
Fast way to send synchronous web requests in NodeJS. API is a subset of sync-request. Leverages node-libcurl for high performance. Cannot be used in a browser.
Make synchronous web requests similar to sync-request, but 20 times more quickly.
Leverages node-libcurl for performance as opposed to spawning child processes like sync-request.
This library was designed to run on NodeJS. It cannot be used in a browser.
npm install sync-request-curl
On MacOS, there may be an error in the installation process. This can often be fixed by following this GitHub issue.
request(method, url, options);
GET
request without options
import request from 'sync-request-curl';
const response = request('GET', 'https://comp1531namesages.alwaysdata.net');
console.log('Status Code:', response.statusCode);
const jsonBody = JSON.parse(response.body.toString());
console.log('Returned JSON object:', jsonBody);
GET
request with query string parameters
import request from 'sync-request-curl';
const response = request(
'GET',
'https://comp1531forum.alwaysdata.net/echo/echo',
{
qs: { message: 'Hello, world!' },
}
);
console.log('Status Code:', response.statusCode);
const jsonBody = JSON.parse(response.body.toString());
console.log('Returned JSON object:', jsonBody);
POST
request with headers and JSON payload
import request from 'sync-request-curl';
const response = request(
'POST',
'https://comp1531quiz.alwaysdata.net/quiz/create',
{
headers: { lab08quizsecret: "bruno's fight club" },
json: {
quizTitle: 'New Quiz',
quizSynopsis: 'Sync request curl example'
},
}
);
console.log('Status Code:', response.statusCode);
const jsonBody = JSON.parse(response.body.toString());
console.log('Returned JSON Object:', jsonBody);
See sync-request for the original documentation.
Please note that this library only supports a subset of the original features, which are summarised below.
HTTP method (of type HttpVerb
)
e.g. PUT
/POST
/GET
/DELETE
.
URL as a string
Only the following subset of options is supported for the time being:
Option | Description | Example |
---|---|---|
qs | An object containing query string parameters which will be appended to the URL. | { message: 'Hello, world!' } |
headers | HTTP headers for the request. | { token: 'abcdefg' } |
json |
Sets the body as a JSON representation of the value and automatically adds Content-type: application/json to the header. |
{ email: 'ab@c.com', password: 'comp1531' } |
body |
Body for POST and PUT requests. We recommended using json instead for JSON payloads, otherwise the Content-Type will need to be set manually.
| JSON.stringify({ email: 'ab@c.com', password: 'comp1531' }) |
timeout | Times out if no response is returned within the given number of milliseconds | 2000 |
followRedirects | Defaults to true, but can be set to false to not follow any redirects (302) automatically | false |
maxRedirects | Sets the maximum number of redirects to follow before throwing an Error. Defaults to Number.MAX_SAFE_INTEGER . | 3 |
In src/types.ts, the following is defined:
export interface Options {
headers?: IncomingHttpHeaders;
qs?: { [key: string]: any };
json?: any;
timeout?: number;
body?: string | Buffer | NodeJS.ReadableStream;
followRedirects?: boolean;
maxRedirects?: number;
}
statusCode
- a number representing the HTTP status code (e.g. 200
, 400
, 401
, 403
)headers
- HTTP response headersbody
- a string or buffer - use body.toString()
for common use cases in combination with JSON.parse()
getBody
- a function with an optional encoding
argument that returns the body
if encoding
is undefined, otherwise body.toString(encoding)
. If statusCode >= 300
, an Error
is thrown instead.url
- the final URL used in the request after all redirections and with the query string parameters appended.In src/types.ts, the following is defined:
export interface Response {
statusCode: number;
headers: IncomingHttpHeaders;
body: string | Buffer;
getBody: (encoding?: BufferEncoding) => string | Buffer; // simplified
url: string;
}
This library was developed mainly to improve performance with sending synchronous requests in NodeJS.
It was designed to work with UNIX-like systems for UNSW students enrolled in COMP1531 Software Engineering Fundamentals.
Tested to be working on Arch & Debian Linux. Since node-libcurl is the core of this module, it is likely also compatible with other operating systems such as MacOS and Windows.
FAQs
Fast way to send synchronous web requests in NodeJS. API is a subset of sync-request. Leverages node-libcurl for high performance. Cannot be used in a browser.
The npm package sync-request-curl receives a total of 32,229 weekly downloads. As such, sync-request-curl popularity was classified as popular.
We found that sync-request-curl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.