A Node.js library to get the proxy URL for a given URL based on standard environment variables (http_proxy, no_proxy, ...).
Installations
npm install proxy-from-envScore
98
Supply Chain
100
Quality
75.5
Maintenance
100
Vulnerability
100
License
Contributors
Developer
Rob--W
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
13.7.0
NPM Version
6.13.6
Statistics
52 Stars
26 Commits
18 Forks
3 Watching
3 Branches
3 Contributors
Updated on 15 Oct 2024
Bundle Size
1.13 kB
Minified
648.00 B
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
3,924,519,232
Last day
-1.9%
7,282,003
Compared to previous day
Last week
3.6%
38,836,070
Compared to previous week
Last month
11%
161,487,520
Compared to previous month
Last year
50.1%
1,619,542,545
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
proxy-from-env
proxy-from-env is a Node.js package that exports a function (getProxyForUrl)
that takes an input URL (a string or
url.parse's
return value) and returns the desired proxy URL (also a string) based on
standard proxy environment variables. If no proxy is set, an empty string is
returned.
It is your responsibility to actually proxy the request using the given URL.
Installation:
1npm install proxy-from-env
Example
This example shows how the data for a URL can be fetched via the
http module, in a proxy-aware way.
1var http = require('http'); 2var parseUrl = require('url').parse; 3var getProxyForUrl = require('proxy-from-env').getProxyForUrl; 4 5var some_url = 'http://example.com/something'; 6 7// // Example, if there is a proxy server at 10.0.0.1:1234, then setting the 8// // http_proxy environment variable causes the request to go through a proxy. 9// process.env.http_proxy = 'http://10.0.0.1:1234'; 10// 11// // But if the host to be proxied is listed in NO_PROXY, then the request is 12// // not proxied (but a direct request is made). 13// process.env.no_proxy = 'example.com'; 14 15var proxy_url = getProxyForUrl(some_url); // <-- Our magic. 16if (proxy_url) { 17 // Should be proxied through proxy_url. 18 var parsed_some_url = parseUrl(some_url); 19 var parsed_proxy_url = parseUrl(proxy_url); 20 // A HTTP proxy is quite simple. It is similar to a normal request, except the 21 // path is an absolute URL, and the proxied URL's host is put in the header 22 // instead of the server's actual host. 23 httpOptions = { 24 protocol: parsed_proxy_url.protocol, 25 hostname: parsed_proxy_url.hostname, 26 port: parsed_proxy_url.port, 27 path: parsed_some_url.href, 28 headers: { 29 Host: parsed_some_url.host, // = host name + optional port. 30 }, 31 }; 32} else { 33 // Direct request. 34 httpOptions = some_url; 35} 36http.get(httpOptions, function(res) { 37 var responses = []; 38 res.on('data', function(chunk) { responses.push(chunk); }); 39 res.on('end', function() { console.log(responses.join('')); }); 40}); 41
Environment variables
The environment variables can be specified in lowercase or uppercase, with the lowercase name having precedence over the uppercase variant. A variable that is not set has the same meaning as a variable that is set but has no value.
NO_PROXY
NO_PROXY is a list of host names (optionally with a port). If the input URL
matches any of the entries in NO_PROXY, then the input URL should be fetched
by a direct request (i.e. without a proxy).
Matching follows the following rules:
NO_PROXY=*disables all proxies.- Space and commas may be used to separate the entries in the
NO_PROXYlist. - If
NO_PROXYdoes not contain any entries, then proxies are never disabled. - If a port is added after the host name, then the ports must match. If the URL does not have an explicit port name, the protocol's default port is used.
- Generally, the proxy is only disabled if the host name is an exact match for
an entry in the
NO_PROXYlist. The only exceptions are entries that start with a dot or with a wildcard; then the proxy is disabled if the host name ends with the entry.
See test.js for examples of what should match and what does not.
*_PROXY
The environment variable used for the proxy depends on the protocol of the URL.
For example, https://example.com uses the "https" protocol, and therefore the
proxy to be used is HTTPS_PROXY (NOT HTTP_PROXY, which is only used for
http:-URLs).
The library is not limited to http(s), other schemes such as
FTP_PROXY (ftp:),
WSS_PROXY (wss:),
WS_PROXY (ws:)
are also supported.
If present, ALL_PROXY is used as fallback if there is no other match.
External resources
The exact way of parsing the environment variables is not codified in any standard. This library is designed to be compatible with formats as expected by existing software. The following resources were used to determine the desired behavior:
-
cURL: https://curl.haxx.se/docs/manpage.html#ENVIRONMENT
https://github.com/curl/curl/blob/4af40b3646d3b09f68e419f7ca866ff395d1f897/lib/url.c#L4446-L4514
https://github.com/curl/curl/blob/4af40b3646d3b09f68e419f7ca866ff395d1f897/lib/url.c#L4608-L4638 -
wget: https://www.gnu.org/software/wget/manual/wget.html#Proxies
http://git.savannah.gnu.org/cgit/wget.git/tree/src/init.c?id=636a5f9a1c508aa39e35a3a8e9e54520a284d93d#n383
http://git.savannah.gnu.org/cgit/wget.git/tree/src/retr.c?id=93c1517c4071c4288ba5a4b038e7634e4c6b5482#n1278 -
W3: https://www.w3.org/Daemon/User/Proxies/ProxyClients.html
-
Python's urllib: https://github.com/python/cpython/blob/936135bb97fe04223aa30ca6e98eac8f3ed6b349/Lib/urllib/request.py#L755-L782
https://github.com/python/cpython/blob/936135bb97fe04223aa30ca6e98eac8f3ed6b349/Lib/urllib/request.py#L2444-L2479
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 2/26 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/run-tests.yaml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/run-tests.yaml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/Rob--W/proxy-from-env/run-tests.yaml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:12
- Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:32
- Warn: npmCommand not pinned by hash: .github/workflows/run-tests.yaml:35
- Info: 0 out of 6 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 4 are checked with a SAST tool
Score
3.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More