Security advisories coming from bhttp

[XhmikosR]

  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > form-data2 > lodash

  More info       https://nodesecurity.io/advisories/577


  Low             Prototype Pollution

  Package         lodash

  Patched in      >=4.17.5

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > lodash

  More info       https://nodesecurity.io/advisories/577


  High            Regular Expression Denial of Service

  Package         string

  Patched in      No patch available

  Dependency of   broken-link-checker [dev]

  Path            broken-link-checker > bhttp > string

  More info       https://nodesecurity.io/advisories/536

bhttp doesn't seem well maintained.

[stevenvachon]

It isn't, and it will be replaced when something better becomes available. Last I checked, everything was insufficient.

[XhmikosR]

So, https://github.com/request/request is insufficient? Just wondering how so.

[stevenvachon]

It's bloated and complicated under the hood.

Edit: request/request#3142

[XhmikosR]

Here's a list of projects I found by quickly searching my stars. It might help you find a simple replacement :)

https://github.com/axios/axios
https://github.com/sindresorhus/got
https://github.com/tomas/needle
https://github.com/Kong/unirest-nodejs
https://github.com/feross/simple-get
https://github.com/ForbesLindesay/http-basic

I hope all of the above are relevant, I filtered out some, but as you know GitHub stars search functionality isn't the best.

[stevenvachon]

Fixed in v0.8.0 branch. Closing.