{"id":17838,"library":"node-ntlm-client","title":"Node.js NTLM Client (Legacy)","description":"This package, `node-ntlm-client` at version 0.1.2, provides a client-side implementation for NTLM and NTLMv2 authentication in Node.js environments. It exposes functions for generating NTLM Type 1 and Type 3 messages, and decoding Type 2 messages, enabling developers to implement the NTLM handshake manually. It also includes a `request` convenience function that relies on the now-deprecated `request` HTTP client library. This package has seen no updates in approximately ten years and is considered abandoned, making it unsuitable for new projects. Modern alternatives typically use native Node.js `http`/`https` modules or other maintained HTTP clients, often with fewer external dependencies and better support for contemporary Node.js versions and language features like ESM.","status":"abandoned","version":"0.1.2","language":"javascript","source_language":"en","source_url":"https://github.com/gautamsi/node-ntlm-client","tags":["javascript","ntlm","ntlmv2","client","authentication"],"install":[{"cmd":"npm install node-ntlm-client","lang":"bash","label":"npm"},{"cmd":"yarn add node-ntlm-client","lang":"bash","label":"yarn"},{"cmd":"pnpm add node-ntlm-client","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Used by the convenience `request(options)` function for making authenticated HTTP calls. This dependency is now deprecated.","package":"request","optional":false}],"imports":[{"note":"Package is CommonJS-only; direct ESM imports are not supported.","wrong":"import { createType1Message } from 'ntlm-client';","symbol":"createType1Message","correct":"const { createType1Message } = require('ntlm-client');"},{"note":"Package is CommonJS-only and exports named functions.","wrong":"import decodeType2Message from 'ntlm-client';","symbol":"decodeType2Message","correct":"const { decodeType2Message } = require('ntlm-client');"},{"note":"Access named exports directly from the CommonJS module.","wrong":"import * as ntlmClient from 'ntlm-client';","symbol":"createType3Message","correct":"const { createType3Message } = require('ntlm-client');"}],"quickstart":{"code":"const { createType1Message, decodeType2Message, createType3Message } = require('ntlm-client');\nconst http = require('http'); // Using native http for demonstration\n\nconst NTLM_SERVER_URL = process.env.NTLM_SERVER_URL ?? 'http://localhost:8080/protected';\nconst USERNAME = process.env.NTLM_USERNAME ?? 'user';\nconst PASSWORD = process.env.NTLM_PASSWORD ?? 'pass';\nconst WORKSTATION = process.env.NTLM_WORKSTATION ?? require('os').hostname();\nconst DOMAIN = process.env.NTLM_DOMAIN ?? '';\n\nasync function performNtlmHandshake() {\n  let type1Msg = createType1Message(WORKSTATION, DOMAIN);\n  console.log('Sending Type 1 message...');\n\n  // Step 1: Send Type 1 message\n  let response1 = await sendHttpRequest(NTLM_SERVER_URL, 'GET', { 'Authorization': `NTLM ${type1Msg}` });\n\n  if (response1.statusCode === 401 && response1.headers['www-authenticate']) {\n    const wwwAuthenticateHeader = response1.headers['www-authenticate'];\n    const type2Match = wwwAuthenticateHeader.match(/NTLM (.*)$/);\n\n    if (type2Match && type2Match[1]) {\n      console.log('Received Type 2 message. Decoding...');\n      let type2Msg = decodeType2Message(type2Match[1]);\n      let type3Msg = createType3Message(type2Msg, USERNAME, PASSWORD, WORKSTATION, DOMAIN);\n      console.log('Sending Type 3 message...');\n\n      // Step 2: Send Type 3 message\n      let response2 = await sendHttpRequest(NTLM_SERVER_URL, 'GET', { 'Authorization': `NTLM ${type3Msg}` });\n\n      if (response2.statusCode === 200) {\n        console.log('NTLM authentication successful!');\n        console.log('Response body:', response2.body.toString().substring(0, 100) + '...');\n      } else {\n        console.error('NTLM authentication failed at Type 3 stage. Status:', response2.statusCode);\n      }\n    } else {\n      console.error('No NTLM Type 2 message found in WWW-Authenticate header.');\n    }\n  } else if (response1.statusCode === 200) {\n    console.log('No NTLM authentication required. Request successful.');\n    console.log('Response body:', response1.body.toString().substring(0, 100) + '...');\n  } else {\n    console.error('Initial request failed or NTLM not initiated. Status:', response1.statusCode);\n  }\n}\n\nfunction sendHttpRequest(url, method, headers) {\n  return new Promise((resolve, reject) => {\n    const client = http.request(url, { method, headers }, (res) => {\n      let body = [];\n      res.on('data', (chunk) => body.push(chunk));\n      res.on('end', () => {\n        resolve({ statusCode: res.statusCode, headers: res.headers, body: Buffer.concat(body) });\n      });\n    });\n    client.on('error', reject);\n    client.end();\n  });\n}\n\nperformNtlmHandshake().catch(console.error);","lang":"javascript","description":"This example demonstrates a conceptual NTLM Type 1, Type 2, and Type 3 message exchange using the core functions, simulating interaction with an NTLM-protected server using native Node.js `http` module. Set NTLM_SERVER_URL, NTLM_USERNAME, NTLM_PASSWORD environment variables for a real NTLM server."},"warnings":[{"fix":"Avoid using the `request(options)` convenience function. Instead, manually implement the NTLM handshake using `createType1Message`, `decodeType2Message`, and `createType3Message` with a modern HTTP client like `axios`, `node-fetch`, or Node.js's native `http`/`https` module.","message":"The package includes a convenience `request` function that internally uses the `request` npm package, which has been deprecated since 2019 and is no longer maintained. Using this function may lead to security vulnerabilities or compatibility issues with newer Node.js versions.","severity":"breaking","affected_versions":">=0.1.0"},{"fix":"Consider migrating to actively maintained NTLM client libraries for Node.js, such as `node-client-ntlm` or `node-http-ntlm`, which offer better compatibility and security.","message":"The `node-ntlm-client` package appears to be abandoned, with no updates in approximately a decade. This means it likely lacks support for newer Node.js features, security patches, or bug fixes, making it a poor choice for ongoing development.","severity":"deprecated","affected_versions":">=0.1.2"},{"fix":"Prioritize authentication methods like Kerberos or OAuth when interacting with Windows-based services. If NTLM is unavoidable, ensure all network communication is secured with HTTPS.","message":"NTLM authentication itself is considered less secure than Kerberos and is being phased out by Microsoft. Relying on NTLM may introduce security risks and compatibility challenges with modern enterprise environments.","severity":"gotcha","affected_versions":"*"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"Install the `request` dependency explicitly: `npm install request`. However, it is highly recommended to avoid the deprecated `request` function and instead use the core NTLM message functions with a modern HTTP client.","cause":"The package's `request` convenience function depends on the `request` npm module, which must be installed separately, or was not resolved correctly by the package manager.","error":"Cannot find module 'request'"},{"fix":"Ensure you are using CommonJS `require` syntax: `const { createType1Message } = require('ntlm-client');`.","cause":"This error typically occurs when attempting to use ES Module `import` syntax with a CommonJS-only package, or when trying to destructure a module that exports functions directly rather than as named exports from a default object.","error":"TypeError: createType1Message is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}