{"id":16737,"library":"npm-request","title":"npm-request","description":"npm-request is a utility library (current stable version 1.0.0) designed to facilitate authenticated HTTP requests by automatically utilizing credentials found in a user's `.npmrc` file. This package wraps the functionality of the widely used, but now deprecated, `request` library to handle the actual network communication. Its primary differentiator is the seamless integration with npm's authentication mechanism, simplifying access to private registries or authenticated npm endpoints. However, it has not seen updates since March 2016, and its core dependency, the `request` library, was officially deprecated in February 2020 and is no longer actively maintained. Consequently, `npm-request` is considered an abandoned project, lacking modern features, security patches, or compatibility with contemporary JavaScript practices, and should not be used for new development. Its release cadence was effectively halted years ago with its last update.","status":"abandoned","version":"1.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/repo-utils/npm-request","tags":["javascript","npm","request","auth"],"install":[{"cmd":"npm install npm-request","lang":"bash","label":"npm"},{"cmd":"yarn add npm-request","lang":"bash","label":"yarn"},{"cmd":"pnpm add npm-request","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"Core dependency for making HTTP requests. The 'request' package is deprecated and unmaintained, making this package also effectively abandoned and insecure.","package":"request","optional":false}],"imports":[{"note":"This package primarily uses CommonJS `require` syntax as it was last updated in 2016, predating widespread ESM adoption in Node.js.","wrong":"import npmRequest from 'npm-request';","symbol":"npmRequest","correct":"const npmRequest = require('npm-request');"},{"note":"The API is callback-based, mirroring the underlying 'request' library. Direct promise-based usage is not supported without promisification.","wrong":"npmRequest.get(options, callback);","symbol":"requestOptions","correct":"npmRequest(options, callback);"}],"quickstart":{"code":"const npmRequest = require('npm-request');\nconst fs = require('fs');\nconst path = require('path');\n\n// Emulate .npmrc content for demonstration. \n// In a real scenario, this would be read from your actual ~/.npmrc or project-level .npmrc.\n// For a private registry, ensure your .npmrc has an auth token, e.g., \n// `//registry.example.com/:_authToken=\"YOUR_NPM_TOKEN\"`\n// Or for basic auth: `//registry.example.com/:_auth=BASE64_USERNAME_PASSWORD`\nconst registryUrl = process.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org/';\nconst packageName = 'some-private-package'; // Replace with a real package you have access to\n\nconst options = {\n  url: `${registryUrl}${packageName}`,\n  json: true, // Expect JSON response\n  // npm-request automatically reads .npmrc for auth, no manual headers needed for basic cases\n  // However, you might need to specify strictSSL for private registries if not globally configured\n  // strictSSL: false, // Use with caution in development for self-signed certs\n};\n\nconsole.log(`Attempting to fetch ${packageName} from ${registryUrl} with npmrc auth...\\n`);\n\nnpmRequest(options, (error, response, body) => {\n  if (error) {\n    console.error('Request failed:', error.message);\n    console.error('Stack:', error.stack);\n    return;\n  }\n\n  if (response.statusCode === 200) {\n    console.log(`Successfully fetched metadata for ${packageName}.`);\n    console.log('Partial response body (first 200 chars):', JSON.stringify(body, null, 2).substring(0, 200), '...');\n  } else if (response.statusCode === 401 || response.statusCode === 403) {\n    console.error(`Authentication failed for ${packageName}. Status: ${response.statusCode}`);\n    console.error('Please ensure your .npmrc has valid authentication for', registryUrl);\n    console.error('Response headers:', response.headers);\n  } else if (response.statusCode === 404) {\n    console.error(`Package '${packageName}' not found on ${registryUrl}. Status: ${response.statusCode}`);\n  } else {\n    console.error(`Unexpected status code: ${response.statusCode}`);\n    console.error('Response body:', body);\n  }\n});\n\n// Example of how npm login typically updates .npmrc for a private registry:\n// `npm config set registry https://my-private-registry.com/`\n// `npm login --registry https://my-private-registry.com/`\n// This will typically add an entry like `//my-private-registry.com/:_authToken=\"your-token\"`\n","lang":"javascript","description":"Demonstrates making an authenticated GET request to an npm registry endpoint using credentials automatically sourced from the user's `.npmrc` file, and handling various response scenarios."},"warnings":[{"fix":"Migrate to modern HTTP clients like `node-fetch`, `axios`, or Node.js's built-in `http`/`https` modules, and manually handle `.npmrc` parsing for authentication if needed, or use libraries designed for npm registry interaction.","message":"The underlying 'request' library, which 'npm-request' depends on, was deprecated on Feb 11, 2020, and is no longer maintained. This means 'npm-request' also effectively ceased maintenance at that time and will not receive updates or security fixes.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Refactor existing code to use actively maintained HTTP clients. For npm-specific authentication, consider dedicated registry clients or manual parsing of `.npmrc` with a robust HTTP client.","message":"Using 'npm-request' in new projects is highly discouraged due to its abandoned status and reliance on a deprecated, potentially insecure dependency. Continued use may introduce security vulnerabilities and compatibility issues with newer Node.js versions.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Wrap `npmRequest` calls in a Promise constructor or use `util.promisify` (Node.js 8+) for better integration with modern async patterns, though full migration away is recommended. Example: `const promisifiedNpmRequest = util.promisify(npmRequest);`","message":"The package primarily uses callback-based APIs, which can be cumbersome in modern asynchronous JavaScript codebases. It does not natively support Promises or async/await syntax.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure `request` is listed as a direct dependency or manually install it: `npm install request`.","cause":"The underlying 'request' package is not installed or resolved correctly, possibly due to `npm-request`'s outdated dependency declaration or issues with `npm install`.","error":"Error: Cannot find module 'request'"},{"fix":"Use the correct CommonJS `require` syntax: `const npmRequest = require('npm-request');` Ensure you are calling the main exported function or object correctly, typically `npmRequest(options, callback)`.","cause":"Attempting to use `npm-request` with ES module `import` syntax or an incorrect CommonJS `require` call, or expecting a different export structure.","error":"TypeError: npmRequest is not a function"}],"ecosystem":"npm"}