Gathering detailed insights and metrics for node-abort-controller
Gathering detailed insights and metrics for node-abort-controller
AbortController Polyfill for Node.JS based on EventEmitter
Installations
npm install node-abort-controllerDeveloper Guide
BETA
Typescript
No
Module System
CommonJS, UMD
Node Version
14.21.1
NPM Version
6.14.17
Score
99.7
Supply Chain
100
Quality
78.2
Maintenance
100
Vulnerability
100
License
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
southpolesteve
Download Statistics
Total Downloads
1,117,260,474
Last Day
491,606
Last Week
11,335,046
Last Month
48,738,815
Last Year
568,215,610
GitHub Statistics
MIT License
54 Stars
75 Commits
14 Forks
1 Watchers
2 Branches
9 Contributors
Updated on Nov 06, 2024
Bundle Size
503.00 B
Minified
304.00 B
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
3.1.1
Package Id
node-abort-controller@3.1.1
Unpacked Size
16.49 kB
Size
5.28 kB
File Count
13
NPM Version
6.14.17
Node Version
14.21.1
Published on
Jan 26, 2023
Total Downloads
Cumulative downloads
Total Downloads
1,117,260,474
Last Day
3.5%
491,606
Compared to previous day
Last Week
-5.8%
11,335,046
Compared to previous week
Last Month
-1.6%
48,738,815
Compared to previous month
Last Year
44.1%
568,215,610
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
3
node-abort-controller
AbortController Polyfill for Node.JS based on EventEmitter for Node v14.6.x and below.
Are you using Node 14.7.0 or above? You don't need this! Node has AbortController and AbortSignal as builtin globals. In Node versions >=14.7.0 and <15.4.0 you can access the experimental implementation using --experimental-abortcontroller.
Example Usage
Timing out fetch
1import fetch from "node-fetch"; 2import { AbortController } from "node-abort-controller"; 3 4const controller = new AbortController(); 5const signal = controller.signal; 6 7await fetch("https:/www.google.com", { signal }); 8 9// Abort fetch after 500ms. Effectively a timeout 10setTimeout(() => controller.abort(), 500);
Re-usable fetch function with a built in timeout
1import { AbortController } from "node-abort-controller"; 2import fetch from "node-fetch"; 3 4const fetchWithTimeout = async (url = "") => { 5 const controller = new AbortController(); 6 const { signal } = controller; 7 8 const timeout = setTimeout(() => { 9 controller.abort(); 10 }, 5000); 11 12 const request = await fetch(url, { signal }); 13 14 clearTimeout(timeout); 15 16 const result = await req.json(); 17 18 return result; 19};
Why would I need this?
You might not need to! Generally speaking, there are three environments your JavaScript code can run in:
- Node
- Modern Browsers (Not Internet Explorer)
- Legacy Browsers (Mostly Internet Explorer)
For modern JS APIs, each environment would ideally get a polyfill:
- only if it needs one
- specific to the platform.
In practice, this is hard. Tooling such as webpack and browserify are great at making sure stuff works out of the box in all environments. But it is quite easy to fail on both points above. In all likelyhood, you end up shipping less than ideal polyfills on platforms that don't even need them. So what is a developer to do? In the case of fetch and AbortController I've done the work for you. This is a guide to that work.
If you are building a ...
NodeJS library only supports Node 16 or above
You don't need this library! AbortController is now built into nodeJS . Use that instead.
Web Application running only in modern browsers
You don't need a library! Close this tab. Uninstall this package.
Web Application running in modern browsers AND NodeJS (such as a server side rendered JS app)
Use this package and node-fetch. It is minimally what you need.
Web Application supporting legacy browsers AND NOT NodeJS
Use abort-controller and whatwg-fetch. These are more complete polyfills that will work in all browser environments.
Web Application supporting legacy browsers AND NodeJS
Use abort-controller and cross-fetch. Same as above, except cross-fetch will polyfill correctly in both the browser and node.js
NodeJS Library being consumed by other applications and using fetch internally
Use this package and node-fetch. It is the smallest and least opinionated combination for your end users. Application developers targeting Internet Exploer will need to polyfill AbortController and fetch on their own. But your library won't be forcing unecessary polyfills on developers who only target modern browsers.
Goals
With the above guide in mind, this library has a very specific set of goals:
- Provide a minimal polyfill in node.js
- Do not provide a polyfill in any browser environment
This is the ideal for library authors who use fetch and AbortController internally and target both browser and node developers.
Prior Art
Thank you @mysticatea for https://github.com/mysticatea/abort-controller. It is a fantastic AbortController polyfill and ideal for many use cases.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 7/20 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/southpolesteve/node-abort-controller/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/southpolesteve/node-abort-controller/test.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Reason
14 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-r683-j2x4-v87g
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More