HTTP Deceiver (with fixes)

1.2.8 verified Thu Apr 23 auth: no javascript maintenance

http-deceiver-fixes is a maintenance fork of the http-deceiver module, which provides a low-level interface to Node.js's internal HTTP parser. Its primary function is to enable "deception" or advanced manipulation of raw HTTP streams and parsed messages, often used in sophisticated networking scenarios like implementing alternative HTTP protocols (e.g., SPDY, HTTP2) or handling specific parser edge cases. The original http-deceiver (last published in 2016, v1.2.7) has been largely unmaintained, leading to DeprecationWarning's and potential runtime errors in modern Node.js environments due to its reliance on process.binding('http_parser'). This http-deceiver-fixes package, currently at v1.2.8, aims to integrate critical bug fixes (e.g., for handling multiple body chunks) that were unmerged in the original project, providing continued compatibility for systems dependent on this functionality. Its release cadence is irregular, driven by necessary patches, and it serves as a stop-gap solution for projects facing issues with the abandoned upstream.

Common errors

error (node:XXXX) [DEP0111] DeprecationWarning: Access to process.binding('http_parser') is deprecated. ↓

cause The `http-deceiver` library attempts to access Node.js's internal HTTP parser using a deprecated API (`process.binding('http_parser')`), triggering a warning in newer Node.js versions.

fix

This is a warning and might not immediately stop execution. While there's no direct userland fix, the long-term solution involves ensuring the library (or a replacement) correctly falls back to http-parser-js or uses modern Node.js http module APIs. Consider pinning to an older Node.js version if this warning is critical, or migrating away from this library.

error Error: No such module: http_parser ↓

cause In very recent Node.js versions, the internal `http_parser` module might be entirely removed or fundamentally changed, preventing `http-deceiver` from accessing it and causing a runtime error.

fix

This indicates a hard incompatibility with your current Node.js version. You must either downgrade your Node.js runtime to a version compatible with the library's internal API usage (typically Node.js < 12) or replace http-deceiver-fixes with a different library that provides similar functionality without relying on deprecated Node.js internals.

Warnings

breaking The `http-deceiver` (and its fork `http-deceiver-fixes`) package relies on `process.binding('http_parser')` to access Node.js's internal HTTP parser. This internal API has been deprecated since Node.js 12 and later removed, leading to `DeprecationWarning`s or runtime errors in modern Node.js versions. ↓

fix There is no direct fix within user code. This typically requires the library itself to be updated to use publicly available APIs or a robust fallback to `http-parser-js` for compatibility. For critical applications, consider migrating to alternative, actively maintained HTTP parsing or proxying solutions that do not rely on deprecated Node.js internals.

gotcha Both the original `http-deceiver` and this `http-deceiver-fixes` fork provide minimal official API documentation and usage examples (the README states 'soon™'). Developers must often infer usage patterns directly from the source code, particularly the test files, which significantly increases the learning curve and the potential for incorrect implementation. ↓

fix Review the `test/` directory within the package's source code for examples of how the `Deceiver` class is instantiated and used with Node.js `http` and `net` modules. Understand the underlying `http_parser` concepts for effective manipulation.

gotcha The `http-deceiver-fixes` package is a fork created to address unmerged pull requests in the original `http-deceiver` repository, which has been unmaintained since 2016. While this fork provides critical bug fixes, it does not guarantee ongoing, proactive maintenance or feature development in line with evolving HTTP standards or future Node.js changes. ↓

fix Before adopting, assess the long-term maintenance needs of your project. Be prepared to contribute patches or consider alternative solutions if active development or support for new Node.js versions becomes critical.

Install

npm install http-deceiver-fixes

yarn add http-deceiver-fixes

pnpm add http-deceiver-fixes

Imports

Deceiver
wrong
```
import Deceiver from 'http-deceiver-fixes';
```
correct
```
const Deceiver = require('http-deceiver-fixes');
```
This package is a CommonJS module and primarily used with `require()`. It does not provide ESM exports.

Quickstart

This quickstart demonstrates how to initialize `http-deceiver-fixes` by wrapping an internal HTTP parser (obtained from `http.IncomingMessage`) and then feeding raw HTTP data to it, showing its low-level parsing interception capabilities.

const net = require('net');
const http = require('http');
const Deceiver = require('http-deceiver-fixes');

// Mock a socket for the HTTP parser to attach to
const mockSocket = new net.Socket({ readable: true, writable: true });
mockSocket.write = () => true; // Suppress actual writing
mockSocket.resume(); // Ensure data flows for parsing

// Create an http.IncomingMessage instance, which internally initializes an HTTP parser
const incoming = new http.IncomingMessage(mockSocket);

// Create a Deceiver instance, wrapping the internal parser of the IncomingMessage.
// The Deceiver intercepts and allows manipulation of the parsing process.
// Note: `incoming._parser` relies on Node.js internals and might change.
const deceiver = new Deceiver(incoming._parser);

// Example raw HTTP request string, potentially containing multiple messages
// or data that requires custom parsing logic.
const rawHttpRequest = [
  'GET /path1 HTTP/1.1',
  'Host: localhost',
  'Content-Length: 0',
  '',
  'POST /path2 HTTP/1.1', // A second, potentially pipelined or unexpected request
  'Host: localhost',
  'Content-Length: 7',
  'User-Agent: DeceiverAgent',
  '',
  'PAYLOAD',
].join('\r\n');

let parsedMessages = 0;

deceiver.on('headers', () => {
  parsedMessages++;
  console.log(`\n--- Parsed Message #${parsedMessages} ---`);
  console.log(`Method: ${incoming.method}`);
  console.log(`URL: ${incoming.url}`);
  console.log(`Headers: ${JSON.stringify(incoming.headers, null, 2)}`);
});

deceiver.on('body', (chunk) => {
  console.log(`Body (chunk): ${chunk.toString()}`);
});

deceiver.on('messageComplete', () => {
  console.log(`Message #${parsedMessages} complete.`);
});

// Feed the raw HTTP data through the deceiver for processing
deceiver.execute(Buffer.from(rawHttpRequest));

console.log('\nDeceiver processing complete.');