{"id":17690,"library":"http-deceiver-fixes","title":"HTTP Deceiver (with fixes)","description":"http-deceiver-fixes is a maintenance fork of the http-deceiver module, which provides a low-level interface to Node.js's internal HTTP parser. Its primary function is to enable \"deception\" or advanced manipulation of raw HTTP streams and parsed messages, often used in sophisticated networking scenarios like implementing alternative HTTP protocols (e.g., SPDY, HTTP2) or handling specific parser edge cases. The original http-deceiver (last published in 2016, v1.2.7) has been largely unmaintained, leading to DeprecationWarning's and potential runtime errors in modern Node.js environments due to its reliance on process.binding('http_parser'). This http-deceiver-fixes package, currently at v1.2.8, aims to integrate critical bug fixes (e.g., for handling multiple body chunks) that were unmerged in the original project, providing continued compatibility for systems dependent on this functionality. Its release cadence is irregular, driven by necessary patches, and it serves as a stop-gap solution for projects facing issues with the abandoned upstream.","status":"maintenance","version":"1.2.8","language":"javascript","source_language":"en","source_url":"ssh://git@github.com/beenotung/http-deceiver","tags":["javascript","http","net","deceive"],"install":[{"cmd":"npm install http-deceiver-fixes","lang":"bash","label":"npm"},{"cmd":"yarn add http-deceiver-fixes","lang":"bash","label":"yarn"},{"cmd":"pnpm add http-deceiver-fixes","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is a CommonJS module and primarily used with `require()`. It does not provide ESM exports.","wrong":"import Deceiver from 'http-deceiver-fixes';","symbol":"Deceiver","correct":"const Deceiver = require('http-deceiver-fixes');"}],"quickstart":{"code":"const net = require('net');\nconst http = require('http');\nconst Deceiver = require('http-deceiver-fixes');\n\n// Mock a socket for the HTTP parser to attach to\nconst mockSocket = new net.Socket({ readable: true, writable: true });\nmockSocket.write = () => true; // Suppress actual writing\nmockSocket.resume(); // Ensure data flows for parsing\n\n// Create an http.IncomingMessage instance, which internally initializes an HTTP parser\nconst incoming = new http.IncomingMessage(mockSocket);\n\n// Create a Deceiver instance, wrapping the internal parser of the IncomingMessage.\n// The Deceiver intercepts and allows manipulation of the parsing process.\n// Note: `incoming._parser` relies on Node.js internals and might change.\nconst deceiver = new Deceiver(incoming._parser);\n\n// Example raw HTTP request string, potentially containing multiple messages\n// or data that requires custom parsing logic.\nconst rawHttpRequest = [\n  'GET /path1 HTTP/1.1',\n  'Host: localhost',\n  'Content-Length: 0',\n  '',\n  'POST /path2 HTTP/1.1', // A second, potentially pipelined or unexpected request\n  'Host: localhost',\n  'Content-Length: 7',\n  'User-Agent: DeceiverAgent',\n  '',\n  'PAYLOAD',\n].join('\\r\\n');\n\nlet parsedMessages = 0;\n\ndeceiver.on('headers', () => {\n  parsedMessages++;\n  console.log(`\\n--- Parsed Message #${parsedMessages} ---`);\n  console.log(`Method: ${incoming.method}`);\n  console.log(`URL: ${incoming.url}`);\n  console.log(`Headers: ${JSON.stringify(incoming.headers, null, 2)}`);\n});\n\ndeceiver.on('body', (chunk) => {\n  console.log(`Body (chunk): ${chunk.toString()}`);\n});\n\ndeceiver.on('messageComplete', () => {\n  console.log(`Message #${parsedMessages} complete.`);\n});\n\n// Feed the raw HTTP data through the deceiver for processing\ndeceiver.execute(Buffer.from(rawHttpRequest));\n\nconsole.log('\\nDeceiver processing complete.');","lang":"javascript","description":"This quickstart demonstrates how to initialize `http-deceiver-fixes` by wrapping an internal HTTP parser (obtained from `http.IncomingMessage`) and then feeding raw HTTP data to it, showing its low-level parsing interception capabilities."},"warnings":[{"fix":"There is no direct fix within user code. This typically requires the library itself to be updated to use publicly available APIs or a robust fallback to `http-parser-js` for compatibility. For critical applications, consider migrating to alternative, actively maintained HTTP parsing or proxying solutions that do not rely on deprecated Node.js internals.","message":"The `http-deceiver` (and its fork `http-deceiver-fixes`) package relies on `process.binding('http_parser')` to access Node.js's internal HTTP parser. This internal API has been deprecated since Node.js 12 and later removed, leading to `DeprecationWarning`s or runtime errors in modern Node.js versions.","severity":"breaking","affected_versions":">=12.0.0"},{"fix":"Review the `test/` directory within the package's source code for examples of how the `Deceiver` class is instantiated and used with Node.js `http` and `net` modules. Understand the underlying `http_parser` concepts for effective manipulation.","message":"Both the original `http-deceiver` and this `http-deceiver-fixes` fork provide minimal official API documentation and usage examples (the README states 'soon™'). Developers must often infer usage patterns directly from the source code, particularly the test files, which significantly increases the learning curve and the potential for incorrect implementation.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Before adopting, assess the long-term maintenance needs of your project. Be prepared to contribute patches or consider alternative solutions if active development or support for new Node.js versions becomes critical.","message":"The `http-deceiver-fixes` package is a fork created to address unmerged pull requests in the original `http-deceiver` repository, which has been unmaintained since 2016. While this fork provides critical bug fixes, it does not guarantee ongoing, proactive maintenance or feature development in line with evolving HTTP standards or future Node.js changes.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"This is a warning and might not immediately stop execution. While there's no direct userland fix, the long-term solution involves ensuring the library (or a replacement) correctly falls back to `http-parser-js` or uses modern Node.js `http` module APIs. Consider pinning to an older Node.js version if this warning is critical, or migrating away from this library.","cause":"The `http-deceiver` library attempts to access Node.js's internal HTTP parser using a deprecated API (`process.binding('http_parser')`), triggering a warning in newer Node.js versions.","error":"(node:XXXX) [DEP0111] DeprecationWarning: Access to process.binding('http_parser') is deprecated."},{"fix":"This indicates a hard incompatibility with your current Node.js version. You must either downgrade your Node.js runtime to a version compatible with the library's internal API usage (typically Node.js < 12) or replace `http-deceiver-fixes` with a different library that provides similar functionality without relying on deprecated Node.js internals.","cause":"In very recent Node.js versions, the internal `http_parser` module might be entirely removed or fundamentally changed, preventing `http-deceiver` from accessing it and causing a runtime error.","error":"Error: No such module: http_parser"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}