-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
request has gone into maintenance mode. Maybe replace it. #2047
Comments
Yeah, thanks @Tchiller, it got deprecated last week after a long warning period (mind you, I didn't pick up on the fact that it would be properly deprecated in npm so this was a bit of a surprise). We don't have a plan to deal with this, maybe we'll follow what npm does (or is doing, I don't know status). This will take someone doing the work and making sure it's maximally compatible back to Node 10.x at least (yes 10 is going away soon but node-gyp can't be as aggessive as a lot of software since it's a piece of core infra). |
Yeah, maybe not, npm uses its own library that's a wrapper around a fork of node-fetch, not an ideal tangle to get involved in https://github.com/npm/make-fetch-happen We could consider Too hard to think about right now! Proposals are welcome! |
@rvagg are you saying that for node-gyp v7.x Node 6-9 are getting dropped? You could cage any calls to |
What version of Node we support is partly informed by npm. I don't have much insight into their current strategy but recent years suggest that they're being more aggressive with dropping older versions of Node from support as those versions get dropped upstream. I don't think there's any reason to consider supporting Node 6, it's roughly 1 year out of support. After my last post here I thought of a possible interim solution, switching to hyperquest. I still use it in many of my Node libraries and it still works great. It's much simpler than request but has a very similar API so doesn't suffer from many of the costs that request had with its bloated feature set and dependency tree. The challenge we'll have is that some of those missing features are required by our users, such as proper proxy detection. But we've already adopted a big chunk of request's proxy code here to do some custom work with it so that should be fairly simple to insert to hyperquest to bring parity. We're going to have this feature problem with whatever we switch to I think; there'll be some weird edges where request has certain behaviour that our users are relying on that we will no longer support when we switch http clients. |
hyperquest seems dated, though that means support for older Node versions would be a given.
What are the features that are needed? I can think of 2 (mostly due to my ignorance) streams and proxies |
I'm thinking more about the amount of change required on our end to adopt something new. We're still working on a thoroughily old-style Node codebase. Modernising is an option but a costly one that I don't see happening in the short term. Hence, hyperquest might be a good short-term fix, in many cases it's a drop-in replacement for request. |
Is it for visuals? I'd think request was updated last sometime since hyperquest has |
hyperquest is still "supported", it has many users who rely on it. It's not recently updated because it just works and is simple enough that it doesn't need constant curation. substack would consider it "finished" although he's handed over maintenance to others (Julian Gruber among others I believe). request is a beast of a codebase with a lot of dependencies, hyperquest is much more focused. also, |
agreed :) I think your logic is sound, so what has to be feature matched on top of hyperquest? |
The main one I can think of is proxy detection, but we've done the heavy lifting now (recent addition) in proxy.js, which is mostly copied out of request, so we should be able to leverage that for free! I can't think of anything else off the top of my head, I'm just a little afraid that there are some because of the wide variety of ways people are using node-gyp (behind weird firewalls, proxies, redirecting to alternate source locations - like for electron...). |
would it work to pin request to the version before it was deprecated? |
The package is entirely deprecated. npm prints a warning for any version. |
Just got it myself now, any update or... ? Thanks |
This would be great to be done, because other packages being required by
Hoisted from "sqlite3#node-gyp#request#har-validator"
|
As described in issue #RuntimeTools/appmetrics#647. The customer is supposed to fix the security in Feb. Is there any plan to replace the request package? thanks, |
The error is still present after upgrading node to 16.0.0 and upgrading all my packages. The @xPaw error is elicited for me running "The future is now, old man" but the messages are still here. No fix? |
|
Well, following your suggestion and then installing again npm-check-updates changed nothing. Maybe I'm doing something wrong.
Maybe the node-gyp I should update is the one under npm-check-updates/node_modules, tried but received a lot of errors. |
Dear team,
thanks for your work!
I would like to report that the package
request
which you are loading has went into maintenance mode request/request#3142Therefore, yarn is currently giving me:
Maybe you find time (and a good replacement) to replace it.
Thanks!
The text was updated successfully, but these errors were encountered: