🌐 Human-friendly and powerful HTTP request library for Node.js
Installations
npm install gotScore
60
Supply Chain
99.2
Quality
92.3
Maintenance
100
Vulnerability
99.6
License
Developer
sindresorhus
Developer Guide
Module System
ESM
Min. Node Version
>=20
Typescript Support
No
Node Version
18.20.4
NPM Version
10.6.0
Statistics
14,325 Stars
1,526 Commits
938 Forks
110 Watching
2 Branches
196 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
5,372,324,119
Last day
-1.4%
4,437,574
Compared to previous day
Last week
4.3%
24,253,004
Compared to previous week
Last month
15.2%
97,334,904
Compared to previous month
Last year
0.9%
1,023,153,521
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
11
Dev Dependencies
42
Sindre's open source work is supported by the community.
Special thanks to:
Human-friendly and powerful HTTP request library for Node.js
See how Got compares to other HTTP libraries
You probably want Ky instead, by the same people. It's smaller, works in the browser too, and is more stable since it's built upon Fetch.
Support questions should be asked here.
Install
1npm install got
Warning: This package is native ESM and no longer provides a CommonJS export. If your project uses CommonJS, you will have to convert to ESM. Please don't open issues for questions regarding CommonJS / ESM.
Got v11 is no longer maintained and we will not accept any backport requests.
Take a peek
A quick start guide is available.
JSON mode
Got has a dedicated option for handling JSON payload.
Furthermore, the promise exposes a .json<T>() function that returns Promise<T>.
1import got from 'got'; 2 3const {data} = await got.post('https://httpbin.org/anything', { 4 json: { 5 hello: 'world' 6 } 7}).json(); 8 9console.log(data); 10//=> {"hello": "world"}
For advanced JSON usage, check out the parseJson and stringifyJson options.
For more useful tips like this, visit the Tips page.
Highlights
Documentation
By default, Got will retry on failure. To disable this option, set options.retry.limit to 0.
Main API
Timeouts and retries
Advanced creation
Cache, Proxy and UNIX sockets
Integration
Migration guides
Got plugins
got4aws- Got convenience wrapper to interact with AWS v4 signed APIsgh-got- Got convenience wrapper to interact with the GitHub APIgl-got- Got convenience wrapper to interact with the GitLab APIgotql- Got convenience wrapper to interact with GraphQL using JSON-parsed queries instead of stringsgot-fetch- Got with afetchinterfacegot-scraping- Got wrapper specifically designed for web scraping purposesgot-ssrf- Got wrapper to protect server-side requests against SSRF attacks
Comparison
got | node-fetch | ky | axios | superagent | |
|---|---|---|---|---|---|
| HTTP/2 support | :heavy_check_mark:¹ | :x: | :heavy_check_mark: | :x: | :heavy_check_mark:** |
| Browser support | :x: | :heavy_check_mark:* | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Promise API | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Stream API | :heavy_check_mark: | Node.js only | :x: | :x: | :heavy_check_mark: |
| Pagination API | :heavy_check_mark: | :x: | :x: | :x: | :x: |
| Request cancelation | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| RFC compliant caching | :heavy_check_mark: | :x: | :x: | :x: | :x: |
| Cookies (out-of-the-box) | :heavy_check_mark: | :x: | :x: | :x: | :x: |
| Follows redirects | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Retries on failure | :heavy_check_mark: | :x: | :heavy_check_mark: | :x: | :heavy_check_mark: |
| Progress events | :heavy_check_mark: | :x: | :heavy_check_mark:*** | Browser only | :heavy_check_mark: |
| Handles gzip/deflate | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Advanced timeouts | :heavy_check_mark: | :x: | :x: | :x: | :x: |
| Timings | :heavy_check_mark: | :x: | :x: | :x: | :x: |
| Errors with metadata | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
| JSON mode | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: | :heavy_check_mark: |
| Custom defaults | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
| Composable | :heavy_check_mark: | :x: | :x: | :x: | :heavy_check_mark: |
| Hooks | :heavy_check_mark: | :x: | :heavy_check_mark: | :heavy_check_mark: | :x: |
| Issues open |  |  |  |  |  |
| Issues closed |  |  |  |  |  |
| Downloads |  |  |  |  |  |
| Coverage | TBD |  |  |  |  |
| Build |  |  |  |  |  |
| Bugs |  |  |  |  |  |
| Dependents | |||||
| Install size | |||||
| GitHub stars |  |  |  |  |  |
| TypeScript support | |||||
| Last commit |  |  |  |  |  |
* It's almost API compatible with the browser fetch API.
** Need to switch the protocol manually. Doesn't accept PUSH streams and doesn't reuse HTTP/2 sessions.
*** Currently, only DownloadProgress event is supported, UploadProgress event is not supported.
¹ Requires Node.js 15.10.0 or above.
:sparkle: Almost-stable feature, but the API may change. Don't hesitate to try it out!
:grey_question: Feature in early stage of development. Very experimental.
Click here to see the install size of the Got dependencies.
Maintainers
 |  |
|---|---|
| Sindre Sorhus | Szymon Marczak |
These amazing companies are using Got
|
|
|
|
|
|
|
|
|
|
Segment is a happy user of Got! Got powers the main backend API that our app talks to. It's used by our in-house RPC client that we use to communicate with all microservices.
Antora, a static site generator for creating documentation sites, uses Got to download the UI bundle. In Antora, the UI bundle (aka theme) is maintained as a separate project. That project exports the UI as a zip file we call the UI bundle. The main site generator downloads that UI from a URL using Got and streams it to vinyl-zip to extract the files. Those files go on to be used to create the HTML pages and supporting assets.
GetVoIP is happily using Got in production. One of the unique capabilities of Got is the ability to handle Unix sockets which enables us to build a full control interfaces for our docker stack.
We're using Got inside of Exoframe to handle all the communication between CLI and server. Exoframe is a self-hosted tool that allows simple one-command deployments using Docker.
Karaoke Mugen uses Got to fetch content updates from its online server.
Renovate uses Got, gh-got and gl-got to send millions of queries per day to GitHub, GitLab, npmjs, PyPi, Packagist, Docker Hub, Terraform, CircleCI, and more.
Resistbot uses Got to communicate from the API frontend where all correspondence ingresses to the officials lookup database in back.
Natural Cycles is using Got to communicate with all kinds of 3rd-party REST APIs (over 9000!).
Microlink is a cloud browser as an API service that uses Got widely as the main HTTP client, serving ~22M requests a month, every time a network call needs to be performed.
We’re using Got at Radity. Thanks for such an amazing work!
Stable Version
The latest stable version of the package.
Stable Version
14.4.5
MODERATE
2
5.3/10
Summary
Got allows a redirect to a UNIX socket
Affected Versions
< 11.8.5
Patched Versions
11.8.5
5.3/10
Summary
Got allows a redirect to a UNIX socket
Affected Versions
>= 12.0.0, < 12.1.0
Patched Versions
12.1.0
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: .github/security.md:1
- Info: Found linked content: .github/security.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: .github/security.md:1
- Info: Found text in security policy: .github/security.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/main.yml:6
- Info: no jobLevel write permissions found
Reason
0 existing vulnerabilities detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7
Reason
Found 15/30 approved changesets -- score normalized to 5
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/got/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/sindresorhus/got/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:28
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 15 are checked with a SAST tool
Score
6.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More