Gathering detailed insights and metrics for got-fetch
Gathering detailed insights and metrics for got-fetch
Installations
npm install got-fetchDeveloper
alexghr
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=20.0.0
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
21 Stars
458 Commits
4 Forks
3 Watching
3 Branches
4 Contributors
Updated on 25 Nov 2024
Languages
TypeScript (96%)
JavaScript (4%)
Total Downloads
Cumulative downloads
Total Downloads
1,804,842
Last day
-3.8%
5,069
Compared to previous day
Last week
8.9%
28,471
Compared to previous week
Last month
9.7%
109,308
Compared to previous month
Last year
131%
1,056,079
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Dev Dependencies
19
@semantic-release/changelog@semantic-release/commit-analyzer@semantic-release/git@semantic-release/github@semantic-release/npm@semantic-release/release-notes-generator@types/jest@types/nock@types/node@typescript-eslint/eslint-plugin@typescript-eslint/parserconcurrentlycz-conventional-changelogeslintgotjestnocksemantic-releasetypescript
Versions
got-fetch
A fetch-compatible wrapper around got for those times when you need to
fetch stuff over HTTP 😉
Why would you use this instead of got? Sometimes you might need a fetch
wrapper and this is it (e.g. Apollo uses fetch to query remote schemas).
Before you install
If you're using on NodeJS v18 or greater than you should be using its global fetch. It's better integrated, better supported and has more features.
Install
Support table:
got-fetch version | works with got version | Notes |
|---|---|---|
| ^5.0.0 | ^12.0.0 | ESM package. You have to use import |
| ^4.0.0 | ^11.0.0 | CJS package. You can use require |
got is a peer dependency so you will need to install it alongside got-fetch:
1npm install --save got got-fetch
For CommonJS support, we maintain v4 of this package.
Usage
Use the default export:
1import fetch from 'got-fetch'; 2 3// in ESM we can use top-level await 4const resp = await fetch('https://example.com'); 5 6console.log(resp.status); // 200 7console.log(await resp.text()); // a HTML document
The module also exports a function which allows you to use your own custom
got instance:
1import got from 'got'; 2import { createFetch } from 'got-fetch'; 3 4const myGot = got.extend({ 5 headers: { 6 'x-api-key': 'foo bar' 7 } 8}); 9 10const fetch = createFetch(myGot); 11 12// this request will send the header `x-api-key: foo bar` 13fetch('https://example.com');
Limitations
fetch is designed for browser environments and this package is just a wrapper
around a Node-based HTTP client. Not all fetch features are supported:
- ❌ RequestMode
no-cors,same-origin,navigate - ❌ RequestCache
only-if-cached - ❌ RequestRedirect
error,manual - ❌ response body streaming. See https://github.com/alexghr/got-fetch/issues/25
- ❗ ESM vs CJS packages. See https://github.com/alexghr/got-fetch/issues/70
- ❗ RequestHeaders must be a plain object
- ❗ RequestCache if unset (or
default) will use got's caching algorithm (any other value will disable caching)
License
See LICENSE for information.
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
Found 0/1 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/pr.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/alexghr/got-fetch/release.yml/main?enable=pin
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Score
4.8
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More