npmpackage.info

Gathering detailed insights and metrics for proxy-from-env

Other packages similar to proxy-from-env

@types/proxy-from-env

1.0.4

TypeScript definitions for proxy-from-env

proxy-agent

6.4.0

Maps proxy protocols to `http.Agent` implementations

http-proxy-agent

7.0.2

An HTTP(s) proxy `http.Agent` implementation for HTTP

agent-base

7.1.1

Turn a function into an `http.Agent` instance

Gathering detailed insights and metrics for proxy-from-env

proxy-from-env

A Node.js library to get the proxy URL for a given URL based on standard environment variables (http_proxy, no_proxy, ...).

1.1.0

MIT

JavaScript

648.00 B

3,924,519,232 3.4

Installations

npm install proxy-from-env

Score

Supply Chain

100

Quality

75.5

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

4

Total

11

Closed

3

Merged

4

Issues

Open

8

Total

15

Closed

7

Releases

v1.1.0

Published on 14 Aug 2020

View all 1 releases

Contributors

View all 3 contributors

Developer

Rob--W

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

Typescript Support

No

Node Version

13.7.0

NPM Version

6.13.6 Statistics

52 Stars

26 Commits

18 Forks

3 Watching

3 Branches

3 Contributors

Updated on 15 Oct 2024

Bundle Size

1.13 kB

Minified

648.00 B

Minified + Gzipped

Bundlephobia

Languages

JavaScript (100%)

Total Downloads

Cumulative downloads

Total Downloads

3,924,519,232

Last day

-1.9%

7,282,003

Compared to previous day

Last week

3.6%

38,836,070

Compared to previous week

Last month

11%

161,487,520

Compared to previous month

Last year

50.1%

1,619,542,545

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

coveralls eslint istanbul mocha

Versions

proxy-from-env

proxy-from-env is a Node.js package that exports a function (getProxyForUrl) that takes an input URL (a string or url.parse's return value) and returns the desired proxy URL (also a string) based on standard proxy environment variables. If no proxy is set, an empty string is returned.

It is your responsibility to actually proxy the request using the given URL.

Installation:

1npm install proxy-from-env

Example

This example shows how the data for a URL can be fetched via the http module, in a proxy-aware way.

1var http = require('http');
2var parseUrl = require('url').parse;
3var getProxyForUrl = require('proxy-from-env').getProxyForUrl;
4
5var some_url = 'http://example.com/something';
6
7// // Example, if there is a proxy server at 10.0.0.1:1234, then setting the
8// // http_proxy environment variable causes the request to go through a proxy.
9// process.env.http_proxy = 'http://10.0.0.1:1234';
10// 
11// // But if the host to be proxied is listed in NO_PROXY, then the request is
12// // not proxied (but a direct request is made).
13// process.env.no_proxy = 'example.com';
14
15var proxy_url = getProxyForUrl(some_url);  // <-- Our magic.
16if (proxy_url) {
17  // Should be proxied through proxy_url.
18  var parsed_some_url = parseUrl(some_url);
19  var parsed_proxy_url = parseUrl(proxy_url);
20  // A HTTP proxy is quite simple. It is similar to a normal request, except the
21  // path is an absolute URL, and the proxied URL's host is put in the header
22  // instead of the server's actual host.
23  httpOptions = {
24    protocol: parsed_proxy_url.protocol,
25    hostname: parsed_proxy_url.hostname,
26    port: parsed_proxy_url.port,
27    path: parsed_some_url.href,
28    headers: {
29      Host: parsed_some_url.host,  // = host name + optional port.
30    },
31  };
32} else {
33  // Direct request.
34  httpOptions = some_url;
35}
36http.get(httpOptions, function(res) {
37  var responses = [];
38  res.on('data', function(chunk) { responses.push(chunk); });
39  res.on('end', function() { console.log(responses.join(''));  });
40});
41

Environment variables

The environment variables can be specified in lowercase or uppercase, with the lowercase name having precedence over the uppercase variant. A variable that is not set has the same meaning as a variable that is set but has no value.

NO_PROXY

NO_PROXY is a list of host names (optionally with a port). If the input URL matches any of the entries in NO_PROXY, then the input URL should be fetched by a direct request (i.e. without a proxy).

Matching follows the following rules:

NO_PROXY=* disables all proxies.
Space and commas may be used to separate the entries in the NO_PROXY list.
If NO_PROXY does not contain any entries, then proxies are never disabled.
If a port is added after the host name, then the ports must match. If the URL does not have an explicit port name, the protocol's default port is used.
Generally, the proxy is only disabled if the host name is an exact match for an entry in the NO_PROXY list. The only exceptions are entries that start with a dot or with a wildcard; then the proxy is disabled if the host name ends with the entry.

See test.js for examples of what should match and what does not.

*_PROXY

The environment variable used for the proxy depends on the protocol of the URL. For example, https://example.com uses the "https" protocol, and therefore the proxy to be used is HTTPS_PROXY (NOT HTTP_PROXY, which is only used for http:-URLs).

The library is not limited to http(s), other schemes such as FTP_PROXY (ftp:), WSS_PROXY (wss:), WS_PROXY (ws:) are also supported.

If present, ALL_PROXY is used as fallback if there is no other match.

External resources

The exact way of parsing the environment variables is not codified in any standard. This library is designed to be compatible with formats as expected by existing software. The following resources were used to determine the desired behavior:

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:12
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:32
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:35
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3.4

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More