{"id":16297,"library":"axios-ntlm","title":"Axios NTLM Authentication Helper","description":"axios-ntlm is a helper library designed to integrate NTLM (NT LAN Manager) authentication into the popular Axios HTTP client, specifically for Node.js environments. It achieves this by attaching interceptors to an Axios instance, allowing seamless NTLM authentication for resources that require it. The current stable version is `1.4.6`. The package generally maintains a moderate release cadence, primarily focusing on dependency updates, bug fixes, and minor enhancements. Its key differentiator lies in its direct integration with Axios, providing a familiar API for developers already using Axios, and simplifying the often complex process of NTLM authentication in JavaScript applications interacting with Windows-authenticated services. It is particularly useful in enterprise settings where NTLM remains prevalent.","status":"active","version":"1.4.6","language":"javascript","source_language":"en","source_url":"https://github.com/catbuttes/axios-ntlm","tags":["javascript","axios","ntlm","authentication","windows authentication","windows","auth","typescript"],"install":[{"cmd":"npm install axios-ntlm","lang":"bash","label":"npm"},{"cmd":"yarn add axios-ntlm","lang":"bash","label":"yarn"},{"cmd":"pnpm add axios-ntlm","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core HTTP client dependency; `axios-ntlm` extends its functionality via interceptors.","package":"axios","optional":false},{"reason":"Cryptography library used for NTLM hash generation, introduced as a replacement in v1.4.0.","package":"des.js","optional":false}],"imports":[{"note":"This is the primary factory function for creating Axios instances configured with NTLM authentication.","wrong":"const NtlmClient = require('axios-ntlm').NtlmClient;","symbol":"NtlmClient","correct":"import { NtlmClient } from 'axios-ntlm';"},{"note":"This is a TypeScript interface defining the structure for NTLM authentication credentials (username, password, domain).","wrong":"import NtlmCredentials from 'axios-ntlm';","symbol":"NtlmCredentials","correct":"import { NtlmCredentials } from 'axios-ntlm';"},{"note":"While used extensively with `axios-ntlm`, `AxiosRequestConfig` is exported directly from the `axios` package, not `axios-ntlm`.","wrong":"import { AxiosRequestConfig } from 'axios-ntlm';","symbol":"AxiosRequestConfig","correct":"import { AxiosRequestConfig } from 'axios';"}],"quickstart":{"code":"import { NtlmClient } from 'axios-ntlm';\n\n(async () => {\n\n    let credentials = {\n        username: 'username',\n        password: \"password\",\n        domain: 'domain'\n    };\n\n    let client = NtlmClient(credentials);\n\n    try {\n        let resp = await client({\n            url: 'https://protected.site.example.com',\n            method: 'get'\n        });\n        console.log(resp.data);\n    }\n    catch (err) {\n        console.log(err);\n        console.log(\"Failed\");\n    }\n\n})();","lang":"typescript","description":"This example demonstrates how to create an NTLM-enabled Axios client using provided credentials and perform a simple GET request to a protected resource."},"warnings":[{"fix":"Immediately upgrade to `axios-ntlm@1.2.2` or later to mitigate potential security risks and ensure application security.","message":"A critical security vulnerability (CVE-2022-0155) related to an underlying dependency was patched in version `1.2.2`.","severity":"breaking","affected_versions":"<1.2.2"},{"fix":"Upgrade to `axios-ntlm@1.4.1` or later to resolve the infinite retry bug. If using an older version, avoid sending `X-retry: false` headers.","message":"Prior to `v1.4.1`, requests involving an `X-retry: false` header could inadvertently enter an infinite retry loop, leading to resource exhaustion or indefinite hangs.","severity":"breaking","affected_versions":"<1.4.1"},{"fix":"Ensure your custom `AxiosRequestConfig` correctly sets `httpAgent` and `httpsAgent` with `keepAlive: true` for optimal performance with NTLM authenticated endpoints.","message":"When providing a custom `AxiosRequestConfig` to `NtlmClient`, explicitly configure `httpAgent` and `httpsAgent` for connection pooling and keep-alive if you are overriding the default agents. The library will add agents if none are present, but your custom configuration might override this.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Upgrade your `axios-ntlm` package to version `1.4.1` or higher. If an upgrade is not immediately possible, avoid sending `X-retry: false` headers when making requests.","cause":"In versions prior to `1.4.1`, setting an `X-retry` header to `false` could trigger an infinite retry loop, causing requests to never complete and your application to appear unresponsive.","error":"Request hangs indefinitely with no response or error."}],"ecosystem":"npm"}