Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Help in opening URLs (mostly HTTP) in a complex world — basic and digest authentication, redirections, cookies and more.
The urllib npm package is a utility library for making HTTP requests and handling URLs. It provides a simple and flexible API for performing various types of HTTP requests, handling query parameters, and working with URLs.
HTTP GET Request
This feature allows you to make a simple HTTP GET request to a specified URL. The callback function handles the response data or any errors that occur.
const urllib = require('urllib');
urllib.request('https://api.example.com/data', function (err, data, res) {
if (err) {
console.error(err);
return;
}
console.log(data.toString());
});
HTTP POST Request
This feature allows you to make an HTTP POST request with a payload. The data object contains the key-value pairs to be sent in the request body.
const urllib = require('urllib');
urllib.request('https://api.example.com/data', {
method: 'POST',
data: {
key1: 'value1',
key2: 'value2'
}
}, function (err, data, res) {
if (err) {
console.error(err);
return;
}
console.log(data.toString());
});
Handling Query Parameters
This feature allows you to include query parameters in your HTTP request. The data object is automatically serialized into a query string and appended to the URL.
const urllib = require('urllib');
const params = {
key1: 'value1',
key2: 'value2'
};
urllib.request('https://api.example.com/data', {
data: params
}, function (err, data, res) {
if (err) {
console.error(err);
return;
}
console.log(data.toString());
});
Custom Headers
This feature allows you to set custom headers for your HTTP request. The headers object contains key-value pairs representing the header names and values.
const urllib = require('urllib');
urllib.request('https://api.example.com/data', {
headers: {
'Authorization': 'Bearer token',
'Content-Type': 'application/json'
}
}, function (err, data, res) {
if (err) {
console.error(err);
return;
}
console.log(data.toString());
});
Axios is a promise-based HTTP client for the browser and Node.js. It provides a more modern and flexible API compared to urllib, with support for interceptors, request cancellation, and automatic JSON data transformation.
Node-fetch is a lightweight module that brings the Fetch API to Node.js. It is a minimalistic alternative to urllib, focusing on simplicity and compliance with the Fetch standard.
Request is a simplified HTTP client for Node.js with a rich set of features. It is more feature-rich than urllib, offering support for OAuth, cookies, and multipart form data. However, it has been deprecated in favor of more modern alternatives like axios.
Request HTTP URLs in a complex world — basic and digest authentication, redirections, cookies, timeout and more.
$ npm install urllib@2 --save
var urllib = require('urllib');
urllib.request('http://cnodejs.org/', function (err, data, res) {
if (err) {
throw err; // you need to handle error
}
console.log(res.statusCode);
console.log(res.headers);
// data is Buffer instance
console.log(data.toString());
});
If you've installed bluebird,
bluebird will be used.
urllib
does not install bluebird for you.
Otherwise, if you're using a node that has native v8 Promises (v0.11.13+), then that will be used.
Otherwise, this library will crash the process and exit, so you might as well install bluebird as a dependency!
var urllib = require('urllib');
urllib.request('http://nodejs.org').then(function (result) {
// result: {data: buffer, res: response object}
console.log('status: %s, body size: %d, headers: %j', result.res.statusCode, result.data.length, result.res.headers);
}).catch(function (err) {
console.error(err);
});
var co = require('co');
var urllib = require('urllib');
co(function* () {
var result = yield urllib.requestThunk('http://nodejs.org');
console.log('status: %s, body size: %d, headers: %j',
result.status, result.data.length, result.headers);
})();
response
eventYou should create a urllib instance first.
var httpclient = require('urllib').create();
httpclient.on('response', function (info) {
error: err,
ctx: args.ctx,
req: {
url: url,
options: options,
size: requestSize,
},
res: res
});
httpclient.request('http://nodejs.org', function (err, body) {
console.log('body size: %d', body.length);
});
http.request(url[, options][, callback])
GET
. Could be GET
, POST
, DELETE
or PUT
. Alias 'type'.data
to query string.data
will be ignored.data
and content
will be ignored.callback
will be called with data
set null
after finished writing.multipart/form-data
format, base on formstream
. If method
not set, will use POST
method by default.json
(Notes: not use application/json
here). If it's json
, will auto set Content-Type: application/json
header.text
or json
. If it's text
, the callback
ed data
would be a String. If it's json
, the data
of callback would be a parsed JSON Object and will auto set Accept: application/json
header. Default callback
ed data
would be a Buffer
.false
.exports.TIMEOUT
, both are 5s. You can use timeout: 5000
to tell urllib use same timeout on two phase or set them seperately such as timeout: [3000, 5000]
, which will set connecting timeout to 3s and response 5s.username:password
used in HTTP Basic Authorization.username:password
used in HTTP Digest Authorization.false
if you does not use agent.false
if you does not use agent.url.resolve(from, to)
.res
object when request connected, default false
. alias customResponse
false
.false
.false
.null
.dns.lookup
. Require node >= 4.0.0(for http protocol) and node >=8(for https protocol)ip
and family
) and should return true or false to identified the address is legal or not. It rely on lookup
and have the same version requirement.false
.null
if no error accured.dataType
is set to text
or an JSON parsed into Object if it's set to json
.http.ClientRequest - The request.
Calling .abort()
method of the request stream can cancel the request.
options.data
When making a request:
urllib.request('http://example.com', {
method: 'GET',
data: {
'a': 'hello',
'b': 'world'
}
});
For GET
request, data
will be stringify to query string, e.g. http://example.com/?a=hello&b=world
.
For others like POST
, PATCH
or PUT
request,
in defaults, the data
will be stringify into application/x-www-form-urlencoded
format
if Content-Type
header is not set.
If Content-type
is application/json
, the data
will be JSON.stringify
to JSON data format.
options.content
options.content
is useful when you wish to construct the request body by yourself,
for example making a Content-Type: application/json
request.
Notes that if you want to send a JSON body, you should stringify it yourself:
urllib.request('http://example.com', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
content: JSON.stringify({
a: 'hello',
b: 'world'
})
});
It would make a HTTP request like:
POST / HTTP/1.1
Host: example.com
Content-Type: application/json
{
"a": "hello",
"b": "world"
}
This exmaple can use options.data
with application/json
content type:
urllib.request('http://example.com', {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
data: {
a: 'hello',
b: 'world'
}
});
options.files
Upload a file with a hello
field.
var urllib = request('urllib');
var req = urllib.request('http://my.server.com/upload', {
files: __filename,
data: {
hello: 'hello urllib',
},
}, function (err, data, res) {
// upload finished
});
Upload multi files with a hello
field.
var urllib = request('urllib');
var req = urllib.request('http://my.server.com/upload', {
files: [
__filename,
fs.createReadStream(__filename),
Buffer.from('mock file content'),
],
data: {
hello: 'hello urllib with multi files',
},
}, function (err, data, res) {
// upload finished
});
Custom file field name with uploadfile
.
var urllib = request('urllib');
var req = urllib.request('http://my.server.com/upload', {
files: {
uploadfile: __filename,
},
}, function (err, data, res) {
// upload finished
});
options.stream
Uploads a file with formstream:
var urllib = require('urllib');
var formstream = require('formstream');
var form = formstream();
form.file('file', __filename);
form.field('hello', '你好urllib');
var req = urllib.request('http://my.server.com/upload', {
method: 'POST',
headers: form.headers(),
stream: form
}, function (err, data, res) {
// upload finished
});
Response is normal object, it contains:
status
or statusCode
: response status code.
-1
meaning some network error like ENOTFOUND
-2
meaning ConnectionTimeoutErrorstatusMessage
: response status message.headers
: response http headers, default is {}
size
: response sizeaborted
: response was aborted or notrt
: total request and response time in ms.timing
: timing object if timing enable.remoteAddress
: http server ip addressremotePort
: http server ip portsocketHandledRequests
: socket already handled request countsocketHandledResponses
: socket already handled response countres.aborted
If the underlaying connection was terminated before response.end()
was called,
res.aborted
should be true
.
require('http').createServer(function (req, res) {
req.resume();
req.on('end', function () {
res.write('foo haha\n');
setTimeout(function () {
res.write('foo haha 2');
setTimeout(function () {
res.socket.end();
}, 300);
}, 200);
return;
});
}).listen(1984);
urllib.request('http://127.0.0.1:1984/socket.end', function (err, data, res) {
data.toString().should.equal('foo haha\nfoo haha 2');
should.ok(res.aborted);
done();
});
HttpClient2 is a new instance for future. request method only return a promise, compatible with async/await
and generator in co.
options extends from urllib, besides below
It's not supported by using retry and writeStream, because the retry request can't stop the stream which is consuming.
Support both http
and https
protocol.
Notice: Only support on Node.js >= 4.0.0
urllib.request('https://twitter.com/', {
enableProxy: true,
proxy: 'http://localhost:8008',
}, (err, data, res) => {
console.log(res.status, res.headers);
});
HTTP_PROXY=http://localhost:8008
http_proxy=http://localhost:8008
HTTP_PROXY=http://localhost:8008
http_proxy=http://localhost:8008
HTTPS_PROXY=https://localhost:8008
https_proxy=https://localhost:8008
$ http_proxy=http://localhost:8008 node index.js
If set trace true, error stack will contains full call stack, like
Error: connect ECONNREFUSED 127.0.0.1:11
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1113:14)
--------------------
at ~/workspace/urllib/lib/urllib.js:150:13
at new Promise (<anonymous>)
at Object.request (~/workspace/urllib/lib/urllib.js:149:10)
at Context.<anonymous> (~/workspace/urllib/test/urllib_promise.test.js:49:19)
....
When open the trace, urllib may have poor perfomance, please consider carefully.
Accept-Encoding=gzip
by options.gzip = true
This project follows the git-contributor spec, auto updated at Tue Jul 05 2022 16:17:31 GMT+0800
.
FAQs
Help in opening URLs (mostly HTTP) in a complex world — basic and digest authentication, redirections, timeout and more. Base undici API.
The npm package urllib receives a total of 186,877 weekly downloads. As such, urllib popularity was classified as popular.
We found that urllib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.