request VS fetch

request for HTTP requests outside of the browser.

PS D:\Fretonator\fretonator-main> yarn yarn install v1.22.19 info No lockfile found. warning package-lock.json found. Your project contains lock files generated by tools other than Yarn. It is advised not to mix package managers in order to avoid resolution inconsistencies caused by unsynchronized lock files. To clear this warning, remove package-lock.json. [1/4] Resolving packages... warning @nrwl/angular > @nrwl/jest > @angular-devkit/core > magic-string > [email protected]: Please use @jridgewell/sourcemap-codec instead warning @nrwl/angular > @nrwl/cypress > fork-ts-checker-webpack-plugin > micromatch > snapdragon > [email protected]: See https://github.com/lydell/source-map-resolve#deprecated warning @nrwl/angular > @nrwl/cypress > fork-ts-checker-webpack-plugin > micromatch > snapdragon > source-map-resolve > [email protected]: https://github.com/lydell/resolve-url#deprecated warning @nrwl/angular > @nrwl/cypress > fork-ts-checker-webpack-plugin > micromatch > snapdragon > source-map-resolve > [email protected]: Please see https://github.com/lydell/urix#deprecated warning @nrwl/angular > @nrwl/cypress > fork-ts-checker-webpack-plugin > micromatch > snapdragon > source-map-resolve > [email protected]: See https://github.com/lydell/source-map-url#deprecated warning @nrwl/angular > @nrwl/cypress > @cypress/webpack-preprocessor > [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) warning [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. warning @angular-devkit/build-angular > [email protected]: core-js@<3.23.3 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Some versions have web compatibility issues. Please, upgrade your dependencies to the actual version of core-js. warning @angular-devkit/build-angular > rollup > [email protected]: "Please update to latest v2.3 or v2.2" warning @angular-devkit/build-angular > webpack-dev-server > [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies warning @angular-devkit/build-angular > webpack-dev-server > chokidar > [email protected]: The v1 package contains DANGEROUS / INSECURE binaries. Upgrade to safe fsevents v2 warning @angular-devkit/build-angular > less > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 warning @angular-devkit/build-angular > copy-webpack-plugin > webpack-log > [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @angular-devkit/build-angular > less > request > [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @angular-devkit/build-angular > webpack-dev-server > sockjs > [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @angular-devkit/build-angular > less > request > [email protected]: this library is no longer supported warning @angular-devkit/build-angular > stylus > css-parse > css > [email protected]: See https://github.com/lydell/source-map-resolve#deprecated warning @angular-devkit/build-angular > stylus > css-parse > css > [email protected]: Please see https://github.com/lydell/urix#deprecated warning @angular-devkit/build-angular > webpack > watchpack > watchpack-chokidar2 > [email protected]: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies warning @angular-devkit/build-angular > webpack-dev-server > url > [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. warning @angular-devkit/build-angular > cssnano > cssnano-preset-default > postcss-svgo > [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x. warning @angular-devkit/build-angular > cssnano > cssnano-preset-default > postcss-svgo > svgo > [email protected]: Modern JS already guarantees Array#sort() is a stable sort, so this library is deprecated. See the compatibility table on MDN: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/sort#browser_compatibility warning @angular/cli > [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) warning @angular/cli > universal-analytics > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 warning @angular/cli > universal-analytics > [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. warning @angular/cli > @schematics/[email protected]: This was an internal-only Angular package up through Angular v11 which is no longer used or maintained. Upgrade Angular to v12+ to remove this dependency. warning @angular/cli > [email protected]: The functionality that this package provided is now in @npmcli/arborist warning @angular/cli > pacote > make-fetch-happen > [email protected]: This module is not used anymore, npm uses minipass-fetch for its fetch implementation now warning @angular/cli > read-package-tree > [email protected]: This functionality has been moved to @npmcli/fswarning @angular/compiler-cli > [email protected]: Please use @jridgewell/sourcemap-codec instead warning @angular/compiler-cli > magic-string > [email protected]: Please use @jridgewell/sourcemap-codec instead warning @nguniversal/builders > guess-parser > @wessberg/[email protected]: this package has been renamed to ts-evaluator. Please install ts-evaluator instead warning @nguniversal/builders > guess-parser > @wessberg/ts-evaluator > jsdom > [email protected]: Use your platform's native performance.now() and performance.timeOrigin. warning @nrwl/workspace > [email protected]: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410 warning cypress > @cypress/request > [email protected]: when using stringify with arrayFormat comma, `[]` is appended on single-item arrays. Upgrade to v6.11.0 or downgrade to v6.10.4 to fix. warning jest > @jest/core > jest-haste-map > [email protected]: some dependency vulnerabilities fixed, support for node < 10 dropped, and newer ECMAScript syntax/features added warning jest > @jest/core > jest-config > jest-environment-jsdom > jsdom > [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 warning jest > @jest/core > jest-config > jest-environment-jsdom > jsdom > [email protected]: Use your platform's native performance.now() and performance.timeOrigin. warning jest > @jest/core > jest-config > jest-environment-jsdom > jsdom > [email protected]: request-promise-native has been deprecated because it extends the now deprecated request package, see https://github.com/request/request/issues/3142 warning [email protected]: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information. [2/4] Fetching packages... error @nguniversal/[email protected]: The engine "node" is incompatible with this module. Expected version ">=10.13.0 <13.0.0". Got "18.16.0" error Found incompatible module. info Visit https://yarnpkg.com/en/docs/cli/install for documentation about this command. PS D:\Fretonator\fretonator-main>

$ npm WARN deprecated [email protected]: this library is no longer supported $ npm WARN deprecated [email protected]: Please use the native JSON object instead of JSON 3 $ npm WARN deprecated [email protected]: this package isn't maintained anymore because ES6+ $ npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use kontvolkoren.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/kontvolkoren-random for details. $ npm WARN deprecated [email protected]: Backported compatibility to node > 6 $ npm WARN deprecated [email protected]: Legacy versions of mkdirp are no longer supported. Please update to mkdirp 1.x. (Note that the API surface has changed to use Promises in 1.x.) $ npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 $ npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap. $ npm WARN deprecated [email protected]: Package renamed as '@messageformat/core', see messageformat.github.io for more details. 'messageformat@4' will eventually provide a polyfill for Intl.MessageFormat, once it's been defined by Unicode & ECMA. $ npm WARN deprecated [email protected]: Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410 $ npm WARN deprecated [email protected]: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap. $ npm WARN deprecated [email protected]: this package isn't maintained anymore because ES6+ $ npm ERR! code 1 $ npm ERR! path /home/kontvolkoren/Downloads/git/goldshell-miner-lb1/node_modules/raw-socket $ npm ERR! command failed $ npm ERR! command sh -c -- node-gyp rebuild $ npm ERR! gyp info it worked if it ends with ok $ npm ERR! gyp info using [email protected] $ npm ERR! gyp info using [email protected] | linux | x64 $ npm ERR! gyp ERR! configure error $ npm ERR! gyp ERR! stack Error: Command failed: /usr/bin/python -c import sys; print "%s.%s.%s" % sys.version_info[:3]; $ npm ERR! gyp ERR! stack File "", line 1 $ npm ERR! gyp ERR! stack import sys; print "%s.%s.%s" % sys.version_info[:3]; $ npm ERR! gyp ERR! stack ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ $ npm ERR! gyp ERR! stack SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)? $ npm ERR! gyp ERR! stack $ npm ERR! gyp ERR! stack at ChildProcess.exithandler (node:child_process:419:12) $ npm ERR! gyp ERR! stack at ChildProcess.emit (node:events:513:28) $ npm ERR! gyp ERR! stack at maybeClose (node:internal/child_process:1098:16) $ npm ERR! gyp ERR! stack at ChildProcess._handle.onexit (node:internal/child_process:304:5) $ npm ERR! gyp ERR! System Linux 6.1.29-1-MANJARO $ npm ERR! gyp ERR! command "/usr/bin/node" "/home/kontvolkoren/Downloads/git/goldshell-miner-lb1/node_modules/.bin/node-gyp" "rebuild" $ npm ERR! gyp ERR! cwd /home/kontvolkoren/Downloads/git/goldshell-miner-lb1/node_modules/raw-socket $ npm ERR! gyp ERR! node -v v19.9.0 $ npm ERR! gyp ERR! node-gyp -v v3.8.0 $ npm ERR! gyp ERR! not ok $ npm ERR! A complete log of this run can be found in: $ npm ERR! /home/kontvolkoren/.npm/_logs/2023-05-26T21_42_31_670Z-debug-0.log```

Numéro officiel dans le dépôt `` Demande 'pour les alternatives: https://github.com/request/request/issues/3143

It's really that they no longer accept any fixes, as the library is officially deprecated.

>As of Feb 11th 2020, request is fully deprecated. No new changes are expected to land. In fact, none have landed for some time.

But 18,302,678 weekly downloads[0] haven't noticed...

[0] https://www.npmjs.com/package/request

npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue npm WARN deprecated [email protected]: Please update to ini >=1.3.6 to avoid a prototype pollution issue npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-url#deprecated npm WARN deprecated [email protected]: The functionality that this package provided is now in u/npmcli/arborist npm WARN deprecated [email protected]: Please see https://github.com/lydell/urix#deprecated npm WARN deprecated [email protected]: this library is no longer supported npm WARN deprecated [email protected]: See https://github.com/lydell/source-map-resolve#deprecated npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated [email protected]: Chokidar 2 will break on node v14+. Upgrade to chokidar 3 with 15x less dependencies. npm WARN deprecated [email protected]: https://github.com/lydell/resolve-url#deprecated npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated [email protected]: Debug versions >=3.2.0 <3.2.7 || >=4 <4.3.1 have a low-severity ReDos regression when used in a Node.js environment. It is recommended you upgrade to 3.2.7 or 4.3.1. (https://github.com/visionmedia/debug/issues/797) npm WARN deprecated [email protected]: The querystring API is considered Legacy. new code should use the URLSearchParams API instead. npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated [email protected]: This SVGO version is no longer supported. Upgrade to v2.x.x. npm WARN deprecated [email protected]: You can find the new Popper v2 at u/popperjs/core, this package is dedicated to the legacy v1 npm WARN deprecated [email protected]: TSLint has been deprecated in favor of ESLint. Please see https://github.com/palantir/tslint/issues/4534 for more information.

This library has been deprecated for a long time and the authors have been encouraging people to migrate to other libraries. I seriously doubt that they will fix it. People should not be using it.

`npm WARN deprecated [email protected]: this library is no longer supported npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details. npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142 npm WARN deprecated [email protected]: < 19.2.0 is no longer supported [##################] - reify:cssstyle: timing r

npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142

request was deprecated in 2020 and still has 16 million weekly downloads.

mTLS has warts when used cross-origin. Fetch spec says that pre-flight requests mustn't include client certificates[1], so as a consequence servers behind mTLS authenticated proxy won't get a chance to reply to those pre-flight. Yet for non-preflighted requests it's fine to include client certificates..

[1] https://fetch.spec.whatwg.org/#cors-protocol-and-credentials

I've been testing full duplex streaming from and to the browser using fetch() in a Native Messaging host. (No browser currently support full duplex streaming even though HTTP/2 does, see Fetch body streams are not full duplex #1254).

Most js libraries use XMLHttpRequest and so provide HTTP_X_REQUESTED_WITH: XMLHttpRequest, but neither Chrome's implementation nor Github's polyfill of the new fetch uses a similar header. So how can one detect that the request is AJAX?

Any resource of significance should be given a URI. https://www.w3.org/DesignIssues/Axioms.html#uri

Or alternatively,

> Cool URLs don't change (implicitly, cool things have URLs, see above). https://www.w3.org/Provider/Style/URI

The advantage would be so high. It'd become a standard way to assert a resource, to make known a fact, that would be viable across systems. Instead of pushing to a chat app an anonymous chat message in a room, the server could assert a /room/42/msg/c0f3 resource, could identify universally what it is it's sending.

We have come glancingly close to getting such a thing so many times. The HyBi mailing list that begat websockets had a number of alternate more resourceful ideas floating around such as a BEEP protocol that allowed patterns beyond request/response of resources. The browser actually implements an internal protocol that uses HTTP2/push to send resourceful messages... Even though http2/push was de-implemented for webserving in general, and even though ability to hear push events was never implemented (oft requested).

The best we have today is to stream json-ls events, which have an @id property identifying them. But developers would have to snoop these events, and store them in a service worker, to make them actually accessible as http resources.

I continue to hold hope eventually we'll get better at using urls to send data, to assert new things happening... But it's been nearly 30 years of me hoping, and with some fleeting exceptions the browser teams have seemed disinterested in making urls cool, in spite of a number of requests. https://github.com/whatwg/fetch/issues/65 was an old request. https://github.com/whatwg/fetch/issues/607 had some steam in making it happen.

Fetch

Proposal: fetch with multiple AbortSignals - I got the idea of merging multiple signals from here.

Port 10080 is blocked on most browsers[0] per the WhatWG "bad ports" list[1]. That particular port was added to the list due to the Slipstream attack[2] that made the news a few years ago[3].

You don't have to switch to a browser that ignores standard security mitigations. Just pick a different port for your service.

[0] I just tested Chrome, Firefox, and Safari.

[1] https://fetch.spec.whatwg.org/#bad-port

[2] https://samy.pl/slipstream/

[3] https://news.ycombinator.com/item?id=24955891

Note that caching resources across sites isn't really a thing anymore. See https://github.com/whatwg/fetch/issues/904