npmpackage.info

Gathering detailed insights and metrics for proxy-from-env

Other packages similar to proxy-from-env

@types/proxy-from-env

1.0.4

TypeScript definitions for proxy-from-env

@rettgerst/env-proxy

0.2.0

uses _proxies_ to simplify reading from process.env in node.

aws-iam-proxy

0.1.11

A proxy that signs the requests passing through with iam credentials. These credentials could come from an instance profile or ENV vars.

@bugcrowd/aws-iam-proxy

0.1.12

A proxy that signs the requests passing through with iam credentials. These credentials could come from an instance profile or ENV vars.

Gathering detailed insights and metrics for proxy-from-env

proxy-from-env - 1.1.0 | npmpackage.info

proxy-from-env

A Node.js library to get the proxy URL for a given URL based on standard environment variables (http_proxy, no_proxy, ...).

1.1.0

MIT

JavaScript

3.4

Installations

npm install proxy-from-env

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

13.7.0

NPM Version

6.13.6 Pull Requests

Open

5

Total

12

Closed

3

Merged

4

Issues

Open

8

Total

15

Closed

7

Releases

v1.1.0

Updated on Aug 14, 2020

View All 1 releases

Languages

JavaScript

JavaScript (100%)

Developer

Rob--W

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

58 Stars

26 Commits

24 Forks

3 Watchers

3 Branches

3 Contributors

Updated on Jul 09, 2025

Maintainers

View All 3 Contributors

Package Meta Information

Latest Version

1.1.0

Package Id

proxy-from-env@1.1.0

Size

7.59 kB

NPM Version

6.13.6

Node Version

13.7.0

Published on

Mar 04, 2020

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

coveralls eslint istanbul mocha

proxy-from-env

proxy-from-env is a Node.js package that exports a function (getProxyForUrl) that takes an input URL (a string or url.parse's return value) and returns the desired proxy URL (also a string) based on standard proxy environment variables. If no proxy is set, an empty string is returned.

It is your responsibility to actually proxy the request using the given URL.

Installation:

1npm install proxy-from-env

Example

This example shows how the data for a URL can be fetched via the http module, in a proxy-aware way.

1var http = require('http');
2var parseUrl = require('url').parse;
3var getProxyForUrl = require('proxy-from-env').getProxyForUrl;
4
5var some_url = 'http://example.com/something';
6
7// // Example, if there is a proxy server at 10.0.0.1:1234, then setting the
8// // http_proxy environment variable causes the request to go through a proxy.
9// process.env.http_proxy = 'http://10.0.0.1:1234';
10// 
11// // But if the host to be proxied is listed in NO_PROXY, then the request is
12// // not proxied (but a direct request is made).
13// process.env.no_proxy = 'example.com';
14
15var proxy_url = getProxyForUrl(some_url);  // <-- Our magic.
16if (proxy_url) {
17  // Should be proxied through proxy_url.
18  var parsed_some_url = parseUrl(some_url);
19  var parsed_proxy_url = parseUrl(proxy_url);
20  // A HTTP proxy is quite simple. It is similar to a normal request, except the
21  // path is an absolute URL, and the proxied URL's host is put in the header
22  // instead of the server's actual host.
23  httpOptions = {
24    protocol: parsed_proxy_url.protocol,
25    hostname: parsed_proxy_url.hostname,
26    port: parsed_proxy_url.port,
27    path: parsed_some_url.href,
28    headers: {
29      Host: parsed_some_url.host,  // = host name + optional port.
30    },
31  };
32} else {
33  // Direct request.
34  httpOptions = some_url;
35}
36http.get(httpOptions, function(res) {
37  var responses = [];
38  res.on('data', function(chunk) { responses.push(chunk); });
39  res.on('end', function() { console.log(responses.join(''));  });
40});
41

Environment variables

The environment variables can be specified in lowercase or uppercase, with the lowercase name having precedence over the uppercase variant. A variable that is not set has the same meaning as a variable that is set but has no value.

NO_PROXY

NO_PROXY is a list of host names (optionally with a port). If the input URL matches any of the entries in NO_PROXY, then the input URL should be fetched by a direct request (i.e. without a proxy).

Matching follows the following rules:

NO_PROXY=* disables all proxies.
Space and commas may be used to separate the entries in the NO_PROXY list.
If NO_PROXY does not contain any entries, then proxies are never disabled.
If a port is added after the host name, then the ports must match. If the URL does not have an explicit port name, the protocol's default port is used.
Generally, the proxy is only disabled if the host name is an exact match for an entry in the NO_PROXY list. The only exceptions are entries that start with a dot or with a wildcard; then the proxy is disabled if the host name ends with the entry.

See test.js for examples of what should match and what does not.

*_PROXY

The environment variable used for the proxy depends on the protocol of the URL. For example, https://example.com uses the "https" protocol, and therefore the proxy to be used is HTTPS_PROXY (NOT HTTP_PROXY, which is only used for http:-URLs).

The library is not limited to http(s), other schemes such as FTP_PROXY (ftp:), WSS_PROXY (wss:), WS_PROXY (ws:) are also supported.

If present, ALL_PROXY is used as fallback if there is no other match.

External resources

The exact way of parsing the environment variables is not codified in any standard. This library is designed to be compatible with formats as expected by existing software. The following resources were used to determine the desired behavior:

No vulnerabilities found.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:12
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:32
Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:35
Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 3 third-party GitHubAction dependencies pinned
Info: 0 out of 3 npmCommand dependencies pinned

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

3.4

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More