Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
xmlhttprequest
Advanced tools
The xmlhttprequest npm package is a JavaScript library that allows you to perform HTTP client functionality, such as making GET and POST requests to servers. It is designed to mimic the behavior of the native XMLHttpRequest object provided by web browsers, making it useful for server-side applications or testing where the native object is not available.
Performing a GET request
This code sample demonstrates how to perform a simple GET request to retrieve data from a specified URL.
var XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(xhr.responseText);
}
};
xhr.open('GET', 'http://example.com', true);
xhr.send();
Performing a POST request
This code sample shows how to perform a POST request to send JSON data to a server.
var XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
console.log(xhr.responseText);
}
};
xhr.open('POST', 'http://example.com', true);
xhr.setRequestHeader('Content-Type', 'application/json');
xhr.send(JSON.stringify({ key: 'value' }));
Setting request headers
This code sample illustrates how to set custom HTTP headers for a request.
var XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://example.com', true);
xhr.setRequestHeader('X-Custom-Header', 'value');
xhr.send();
Handling errors
This code sample demonstrates how to handle network errors that may occur during the request.
var XMLHttpRequest = require('xmlhttprequest').XMLHttpRequest;
var xhr = new XMLHttpRequest();
xhr.onerror = function() {
console.error('Request failed');
};
xhr.open('GET', 'http://example.com', true);
xhr.send();
Axios is a promise-based HTTP client for the browser and Node.js. It provides a more modern API, supports Promises out of the box, and has built-in CSRF protection. Axios is often preferred for its cleaner syntax and additional features.
The fetch package is a light-weight module that brings window.fetch to Node.js. It is based on the Fetch API, which is a modern alternative to XMLHttpRequest for making HTTP requests in web browsers. Fetch provides a more concise and powerful API compared to XMLHttpRequest.
Request is a simplified HTTP request client for Node.js. Although it has been deprecated, it was once one of the most popular HTTP request packages due to its simplicity and wide range of features. Compared to xmlhttprequest, it offers a higher-level API with more convenience methods.
Superagent is a small progressive client-side HTTP request library. It has a fluent API that allows chaining methods to configure requests, and it can be used both in Node.js and in browsers. Superagent offers more features and a more expressive API compared to xmlhttprequest.
Got is a human-friendly and powerful HTTP request library for Node.js. It is designed to be a simpler and more robust alternative to the core http module and third-party modules such as request and xmlhttprequest. Got supports Promises and async/await out of the box.
node-XMLHttpRequest is a wrapper for the built-in http client to emulate the browser XMLHttpRequest object.
This can be used with JS designed for browsers to improve reuse of code and allow the use of existing libraries.
Note: This library currently conforms to XMLHttpRequest 1. Version 2.0 will target XMLHttpRequest Level 2.
Here's how to include the module in your project and use as the browser-based XHR object.
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
var xhr = new XMLHttpRequest();
Note: use the lowercase string "xmlhttprequest" in your require(). On case-sensitive systems (eg Linux) using uppercase letters won't work.
Prior to 1.4.0 version numbers were arbitrary. From 1.4.0 on they conform to the standard major.minor.bugfix. 1.x shouldn't necessarily be considered stable just because it's above 0.x.
Since the XMLHttpRequest API is stable this library's API is stable as well. Major version numbers indicate significant core code changes. Minor versions indicate minor core code changes or better conformity to the W3C spec.
MIT license. See LICENSE for full details.
For a list of open issues or to report your own visit the github issues page.
FAQs
XMLHttpRequest for Node
The npm package xmlhttprequest receives a total of 1,157,013 weekly downloads. As such, xmlhttprequest popularity was classified as popular.
We found that xmlhttprequest demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.