{"id":26502849,"url":"https://github.com/grassator/safe-fetch","last_synced_at":"2025-07-29T00:35:17.401Z","repository":{"id":65374019,"uuid":"43756612","full_name":"grassator/safe-fetch","owner":"grassator","description":"A fetch() wrapper that automatically takes care of CSRF protection","archived":false,"fork":false,"pushed_at":"2016-01-14T13:51:08.000Z","size":6,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-06T11:01:51.869Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/grassator.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-10-06T14:39:02.000Z","updated_at":"2018-03-20T18:25:03.000Z","dependencies_parsed_at":"2023-01-20T00:41:21.718Z","dependency_job_id":null,"html_url":"https://github.com/grassator/safe-fetch","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/grassator/safe-fetch","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grassator%2Fsafe-fetch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grassator%2Fsafe-fetch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grassator%2Fsafe-fetch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grassator%2Fsafe-fetch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/grassator","download_url":"https://codeload.github.com/grassator/safe-fetch/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/grassator%2Fsafe-fetch/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267610454,"owners_count":24115437,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-28T02:00:09.689Z","response_time":68,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-03-20T18:35:53.173Z","updated_at":"2025-07-29T00:35:17.375Z","avatar_url":"https://github.com/grassator.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# safe-fetch\n\n[![NPM version](https://badge.fury.io/js/safe-fetch.svg)](https://npmjs.org/package/safe-fetch)\n[![Build Status][travis-image]][travis-url]\n\n[project-url]: https://github.com/grassator/safe-fetch\n[travis-url]: https://travis-ci.org/grassator/safe-fetch\n[travis-image]: https://travis-ci.org/grassator/safe-fetch.svg?branch=master\n\nA `fetch()` wrapper that implements [Double Submit Cookies CSRF protection](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookies).\n\n## Requirements\n\n* `fetch()`-compatible environment (or with a polyfill)\n* Server-set randomly generated cookie XSRF cookie (by default named `csrf-token`), that is then compared with a header (`x-csrf-token` by default) set on every request by `save-fetch`.\n\n## Basic Usage\n\n```js\nimport fetch from 'safe-fetch';\n\nfetch('/some-url').then(console.log.bind(console));\n```\n\n## Advanced Options\n\n`safe-fetch` supports all the options `fetch()` does, but by default sets `credentials: 'same-origin'` option to send the cookies required for the CSRF security. You can still override this and set it to `omit` or `include` in which case the header will not be set.\n\nYou can also modify cookie an header name using global options:\n\n```js\nimport fetch from 'safe-fetch';\nfetch.cookieName = 'my-cookie-name';\nfetch.headerName = 'x-my-header-name';\nfetch('/some-url').then(console.log.bind(console));\n```\n\n## License\n\nCopyright 2015 Dmitriy Kubyshkin\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrassator%2Fsafe-fetch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgrassator%2Fsafe-fetch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgrassator%2Fsafe-fetch/lists"}