npm-request

1.0.0 · abandoned · verified Wed Apr 22

npm-request is a utility library (current stable version 1.0.0) designed to facilitate authenticated HTTP requests by automatically utilizing credentials found in a user's `.npmrc` file. This package wraps the functionality of the widely used, but now deprecated, `request` library to handle the actual network communication. Its primary differentiator is the seamless integration with npm's authentication mechanism, simplifying access to private registries or authenticated npm endpoints. However, it has not seen updates since March 2016, and its core dependency, the `request` library, was officially deprecated in February 2020 and is no longer actively maintained. Consequently, `npm-request` is considered an abandoned project, lacking modern features, security patches, or compatibility with contemporary JavaScript practices, and should not be used for new development. Its release cadence was effectively halted years ago with its last update.

Common errors

```
Error: Cannot find module 'request'
```
cause The underlying 'request' package is not installed or resolved correctly, possibly due to `npm-request`'s outdated dependency declaration or issues with `npm install`.

fix Ensure `request` is listed as a direct dependency or manually install it: `npm install request`.
```
TypeError: npmRequest is not a function
```
cause Attempting to use `npm-request` with ES module `import` syntax or an incorrect CommonJS `require` call, or expecting a different export structure.

fix Use the correct CommonJS `require` syntax: `const npmRequest = require('npm-request');` Ensure you are calling the main exported function or object correctly, typically `npmRequest(options, callback)`.

Warnings

breaking The underlying 'request' library, which 'npm-request' depends on, was deprecated on Feb 11, 2020, and is no longer maintained. This means 'npm-request' also effectively ceased maintenance at that time and will not receive updates or security fixes.
Fix: Migrate to modern HTTP clients like `node-fetch`, `axios`, or Node.js's built-in `http`/`https` modules, and manually handle `.npmrc` parsing for authentication if needed, or use libraries designed for npm registry interaction.
gotcha Using 'npm-request' in new projects is highly discouraged due to its abandoned status and reliance on a deprecated, potentially insecure dependency. Continued use may introduce security vulnerabilities and compatibility issues with newer Node.js versions.
Fix: Refactor existing code to use actively maintained HTTP clients. For npm-specific authentication, consider dedicated registry clients or manual parsing of `.npmrc` with a robust HTTP client.
gotcha The package primarily uses callback-based APIs, which can be cumbersome in modern asynchronous JavaScript codebases. It does not natively support Promises or async/await syntax.
Fix: Wrap `npmRequest` calls in a Promise constructor or use `util.promisify` (Node.js 8+) for better integration with modern async patterns, though full migration away is recommended. Example: `const promisifiedNpmRequest = util.promisify(npmRequest);`

Install

npm install npm-request npm
yarn add npm-request yarn
pnpm add npm-request pnpm

Imports

npmRequest
wrong:
```
import npmRequest from 'npm-request';
```
correct:
```
const npmRequest = require('npm-request');
```
This package primarily uses CommonJS `require` syntax as it was last updated in 2016, predating widespread ESM adoption in Node.js.
requestOptions
wrong:
```
npmRequest.get(options, callback);
```
correct:
```
npmRequest(options, callback);
```
The API is callback-based, mirroring the underlying 'request' library. Direct promise-based usage is not supported without promisification.

Quickstart

Demonstrates making an authenticated GET request to an npm registry endpoint using credentials automatically sourced from the user's `.npmrc` file, and handling various response scenarios.

const npmRequest = require('npm-request');
const fs = require('fs');
const path = require('path');

// Emulate .npmrc content for demonstration. 
// In a real scenario, this would be read from your actual ~/.npmrc or project-level .npmrc.
// For a private registry, ensure your .npmrc has an auth token, e.g., 
// `//registry.example.com/:_authToken="YOUR_NPM_TOKEN"`
// Or for basic auth: `//registry.example.com/:_auth=BASE64_USERNAME_PASSWORD`
const registryUrl = process.env.NPM_REGISTRY_URL || 'https://registry.npmjs.org/';
const packageName = 'some-private-package'; // Replace with a real package you have access to

const options = {
  url: `${registryUrl}${packageName}`,
  json: true, // Expect JSON response
  // npm-request automatically reads .npmrc for auth, no manual headers needed for basic cases
  // However, you might need to specify strictSSL for private registries if not globally configured
  // strictSSL: false, // Use with caution in development for self-signed certs
};

console.log(`Attempting to fetch ${packageName} from ${registryUrl} with npmrc auth...\n`);

npmRequest(options, (error, response, body) => {
  if (error) {
    console.error('Request failed:', error.message);
    console.error('Stack:', error.stack);
    return;
  }

  if (response.statusCode === 200) {
    console.log(`Successfully fetched metadata for ${packageName}.`);
    console.log('Partial response body (first 200 chars):', JSON.stringify(body, null, 2).substring(0, 200), '...');
  } else if (response.statusCode === 401 || response.statusCode === 403) {
    console.error(`Authentication failed for ${packageName}. Status: ${response.statusCode}`);
    console.error('Please ensure your .npmrc has valid authentication for', registryUrl);
    console.error('Response headers:', response.headers);
  } else if (response.statusCode === 404) {
    console.error(`Package '${packageName}' not found on ${registryUrl}. Status: ${response.statusCode}`);
  } else {
    console.error(`Unexpected status code: ${response.statusCode}`);
    console.error('Response body:', body);
  }
});

// Example of how npm login typically updates .npmrc for a private registry:
// `npm config set registry https://my-private-registry.com/`
// `npm login --registry https://my-private-registry.com/`
// This will typically add an entry like `//my-private-registry.com/:_authToken="your-token"`

view raw JSON →