currently both http and https proxies use the http CONNECT method. for https this method must be supported, but for http it's not a requirement and proxies may be implemented without this support. we should do some research and see if it's better for us to switch to a simple tunnel for http.

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

The following code is slightly suspect. If written as intended, it could use a comment.

Due to the way once works, this expression throws an Array containing a single Error instead of the probably intended Error.

This code creates a non-resolving promise (maybe instead of an immediately-resolving Promise?).

Initially reported when trying to figure out the root cause behind: npm/cli#6763

Expected Behavior

No response

Steps To Reproduce

1. In this environment...
2. With this config...
3. Run '...'
4. See error...

Environment

• npm:
• Node:
• OS:
• platform:

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Overview

I’ve noticed a behavior change in npm/agent v2.2.0 that shipped as part of npm/cli v10.2.0.

npm install appears to always use HttpProxyAgent instead of selecting between HttpProxyAgent and HttpsProxyAgent depending on the requested URL's protocol.

Observations

I think I've isolated the behavior change to #59.

Prior to #59, it looks like the library would select an HttpAgent or HttpsAgent based on the url.protocol of the request.

After #59, the library selects an HttpProxyAgent or HttpsProxyAgent based on an options.secureEndpoint property, but this appears to (always?) be undefined and not based on the url.protocol of the request.

Expected Behavior

• I would expect npm install to use HttpProxyAgent when the requested url has an http protocol.
• I would expect npm install to use HttpsProxyAgent when the requested url has an https protocol.

Steps To Reproduce

1. Use the latest node and npm, for example: node v21.3.0 (npm v10.2.4)
2. Configure .npmrc to use a proxy, for example:

https-proxy=<some proxy>
http-proxy=<some proxy>

3. Ensure an empty cache and install a package like uuid

$ npm cache clean --force
$ npm install -g uuid

4. Observe HttpProxyAgent is used to fetch an https url: 'https://registry.npmjs.org/uuid'
5. Observe the request's path is modified when using an HttpProxyAgent to setRequestProps for an https url. For example, the request.path is modified from '/uuid' to 'http://registry.npmjs.org:443/uuid'.

6. Note that the installation succeeds in the example above, but other registries appear to be less forgiving of the path change and this can cause installation issues in some cases.

Environment

• npm: 10.2.4
• Node: 21.3.0
• OS: macOS 14.1.1
• platform: macOS

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

I try to fetch a http:// webpage using HttpAgent (or getAgent()) initialized with https:// proxy url:

const agent = new HttpAgent({proxy:'https://some-proxy-domain:8888'}) 
const response = await fetch('http://some-url', {...opts, agent})

But this fails with InvalidProxyResponseError:

{
  code: 'EINVALIDRESPONSE',
  status: 403,
  errno: 'EINVALIDRESPONSE',

It seems that something wrong is being sent to proxy, so I'm getting such headers from it:

rawHeaders: [
    'Server',
    'squid/4.10',
...
    'X-Squid-Error',
    'ERR_ACCESS_DENIED 0',
...
    'Connection',
    'close'
  ]

Expected Behavior

I can successfully access "http://some-url" via browser or curl using the same proxy.

I tried different agents, and found that http-proxy-agent works fine.

Expected, that agent can do it too.

Steps To Reproduce

See above...

Environment

• "@npmcli/agent": "^1.1.0"
• npm: -
• Node: v16.20.1
• OS: macos 10.15
• platform: mac mini

this is the more logical place to cache dns lookups, and where that logic really belongs. let's remove it from make-fetch-happen and implement it here instead

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

No response

Expected Behavior

No response

Steps To Reproduce

1. In this environment...
2. With this config...
3. Run '...'
4. See error...

Environment

• npm:
• Node:
• OS:
• platform:

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

No response

Expected Behavior

No response

Steps To Reproduce

1. In this environment...
2. With this config...
3. Run '...'
4. See error...

Environment

• npm:
• Node:
• OS:
• platform:

Implement the following timeout types:

Connection - socket

Starts when connection is initially attempted (the call to net/tls.connect()), ends when the connection is established (the connect event). When timeout occurs, the socket is destroyed and removed from the pool. Default value should be something relatively small.

Idle - socket

Starts when data flow stops, ends when data flow resumes. When timeout occurs, the socket is destroyed and removed from the pool. Default value should be something relatively small. This one just uses the node native timeout property on the socket as that is an idle timeout.

Response - request

Starts after the request has been sent (the finish event, specifically), ends when the first chunk of data is received (the response event). When timeout occurs, the request errors and the socket is returned to the pool. Default value will be 0.

Total transfer - request

Starts when the first data chunk is received (the response event), ends when the response has been completely received (the close event). When timeout occurs, the request errors and the socket is returned to the pool. Default value will be 0.

we currently lack a socks proxy entirely causing us to fall back to socks-proxy-agent which has the same pitfalls we're trying to move away from. in order to eliminate our usage on this module, we need to implement our own socks support

What

getAgent() in agent.js serializes the proxy based only on the proxy protocol, hostname, and port, disregarding the credentials (username and password). This causes a bug that prevents the library from using the same proxy multiple times with different credentials.

How

Current Behavior

agent.js, lines 30-42:

  const key = [
    `https:${isHttps}`,
    pxuri
      ? `proxy:${pxuri.protocol}//${pxuri.host}:${pxuri.port}`
      : '>no-proxy<',
    `local-address:${opts.localAddress || '>no-local-address<'}`,
    `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
    `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
    `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
    `key:${(isHttps && opts.key) || '>no-key<'}`,
    `timeout:${agentTimeout}`,
    `maxSockets:${agentMaxSockets}`
  ].join(':')

Steps to Reproduce

fetch(url, {proxy: "https://user1:[email protected]:1234"}); // uses https://user1:[email protected]:1234
fetch(url, {proxy: "https://user2:[email protected]:1234"}); // ALSO uses https://user1:[email protected]:1234

Expected Behavior

fetch(url, {proxy: "https://user1:[email protected]:1234"}); // uses https://user1:[email protected]:1234
fetch(url, {proxy: "https://user2:[email protected]:1234"}); // uses https://user2:[email protected]:1234

Recommended Patch

  const key = [
    `https:${isHttps}`,
    pxuri
      ? `proxy:${pxuri.href}` // or 
      : '>no-proxy<',
    `local-address:${opts.localAddress || '>no-local-address<'}`,
    `strict-ssl:${isHttps ? !!opts.strictSSL : '>no-strict-ssl<'}`,
    `ca:${(isHttps && opts.ca) || '>no-ca<'}`,
    `cert:${(isHttps && opts.cert) || '>no-cert<'}`,
    `key:${(isHttps && opts.key) || '>no-key<'}`,
    `timeout:${agentTimeout}`,
    `maxSockets:${agentMaxSockets}`
  ].join(':')

If it is a security risk to include the username and password in the agent cache key, then a hashed version of pxuri.href can be used instead.

This will need TooTallNate/proxy-agents#241 to be released first