DEV Community

Cover image for Replacing the deprecated npm package ‘request’ without altering your project.
Diego Gallovich
Diego Gallovich

Posted on

Replacing the deprecated npm package ‘request’ without altering your project.

If you are a working developer, then you are probably aware that the HTTP caller package ‘request’ has not so recently been tagged as deprecated. In the JavaScript world, we would argue that a month is not a little amount of time, when it comes to JavaScript, a lot can happen in that amount of time. In today’s article we will go over why it has been deprecated and then we will start discussing how to replace it in your project without affecting it or doing any major refactoring using axios.
Since ‘request’ is a package that is still downloaded 10 million times a week, I cannot help but wonder, why are so many developers still downloading a package that is posing so many vulnerability threats for the future of any application that uses it? Those 10 million downloads are the reason of why I am writing this article.
Why is it deprecated…? The ‘request’ package is an HTTP caller like many other good ones you may or may not know. The thing about this particular package is that it is one of the first modules ever created for the Node.js ecosystem. That was in 2009 (A very long time in the JavaScript world), so obviously, even if it evolved across the years, its respectfully primitive or older code base has reached a spot where it must rest in maintenance until it slowly fades away from apps in development and production today. The main reason is that JavaScript evolved and changed at a much faster rate that anyone could expect, meaning that more HTTP calling packages have been developed on a more modern and secure code base. You can find a more detailed account on why ‘request’ is deprecating at an issue opened in its own GitHub repo.
How do we replace it…? Request’s deprecation becomes harmful to your app the longer it stays a part of it. Why? Simply because modern, constant changes to JavaScript mean more attack vectors opening up for cyber-criminals on older JavaScript code based apps and packages, that includes ‘request’ now that it has been deprecated.
There are several module options to replace ‘request’ without affecting the flow or structure of your application. My replacement choice is axios. Axios can do everything request can do and much more… And they look just about the same when written out.
Here’s a basic ‘request’ HTTP call example:

/const request = require('request');
request('http://www.google.com', function (error, response, body) {
console.error('error:', error); // Print the error if one occurred
console.log('statusCode:', response && response.statusCode); // Print the response status code if a response was received
console.log('body:', body); // Print the HTML for the Google homepage.
});

So very simple, we require 'request' after doing an npm install, then we call it the module while passing a URL and a function that handles the request, response life-cycle.
In Axios, we do just about the same…

// Github api url
const URL =
https://api.github.com/users/${request.params.username}/repos?per_page=5&sort=created:asc;
// Request's options
const OPTIONS = {
headers: { 'user-agent': 'node.js' },
client_id: CONFIG.get('githubClientID'),
client_secret: CONFIG.get('githubSecret')
};
// AXIOS request's response
const AXIOS_RESPONSE = await AXIOS.get(URL, OPTIONS);
// Response to client
response.json({
count: AXIOS_RESPONSE.data.length,
repos: AXIOS_RESPONSE.data
});

Simply install axios on your app and then use it to make API calls in the back or front end of your application, you can even set headers through options passed to the request function. In the example above, the axios request is running inside an asynchronous server request, response cycle for a user’s five most recent repositories and inside a trycatch an AXIOS_RESPONSE constant awaits to make a get request to the GitHub API using the previously instantiated URL and OPTIONS constants. Then, the returned promise in AXIOS_RESPONSE.data is sent as response to the client.
You could also do .then() and not use async/await… There is simply no limit… get started with axioss npm documentation and start replacing ‘request’ in order to secure your application.
If you want to consider other options to replace ‘request’, there is an issue open on GitHub for that as well. Just click here!
That was all for today, I hope you found valuable information in this article and keep your app secure thanks to it.

Any questions or feedback? Feel free to reach out to me…

Liked the article? Clap for it to reach others, share it on twitter and any other social media.

Stay relevant!

Top comments (2)

Collapse
 
khuongduybui profile image
Duy K. Bui

If you have a little bit of time to massage your code, check out "got":

github.com/sindresorhus/got#compar...

Collapse
 
diegotech profile image
Diego Gallovich

Thank you for the recommendation. Will take a look at that repo today!