Comparing axios@1.15.0...axios@1.15.1 • npm-diff.app 📦🔃

   | 'Content-Length'
   | 'User-Agent'
   | 'Content-Encoding'
+  | 'Authorization';
+  | 'Authorization'
+  | 'Location';
 type ContentType =
   | axios.AxiosHeaderValue
   | 'Cache-Control'
   | 'Content-Encoding';
+type CommonResponseHeaderKey = CommonResponseHeadersList | Lowercase<CommonResponseHeadersList>;
 type BrowserProgressEvent = any;
 declare class AxiosHeaders {
   static readonly ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT';
   static readonly ERR_INVALID_URL = 'ERR_INVALID_URL';
   static readonly ERR_CANCELED = 'ERR_CANCELED';
+  static readonly ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
   static readonly ECONNABORTED = 'ECONNABORTED';
   static readonly ETIMEDOUT = 'ETIMEDOUT';
+}
   type AxiosHeaderValue = AxiosHeaders | string | string[] | number | boolean | null;
   type RawCommonResponseHeaders = {
+    [Key in CommonResponseHeadersList]: AxiosHeaderValue;
+    [Key in CommonResponseHeaderKey]: AxiosHeaderValue;
   } & {
     'set-cookie': string[];
   };
     protocol?: string;
+  }
+  type Method =
+    | 'get'
+  type UppercaseMethod =
     | 'GET'
+    | 'delete'
     | 'DELETE'
+    | 'head'
     | 'HEAD'
+    | 'options'
     | 'OPTIONS'
+    | 'post'
     | 'POST'
+    | 'put'
     | 'PUT'
+    | 'patch'
     | 'PATCH'
+    | 'purge'
     | 'PURGE'
+    | 'link'
     | 'LINK'
+    | 'unlink'
     | 'UNLINK';
+  type Method = (UppercaseMethod | Lowercase<UppercaseMethod>) & {};
   type ResponseType = 'arraybuffer' | 'blob' | 'document' | 'json' | 'text' | 'stream' | 'formdata';
+  type responseEncoding =
+    | 'ascii'
+  type UppercaseResponseEncoding =
     | 'ASCII'
+    | 'ansi'
     | 'ANSI'
+    | 'binary'
     | 'BINARY'
+    | 'base64'
     | 'BASE64'
+    | 'base64url'
     | 'BASE64URL'
+    | 'hex'
     | 'HEX'
+    | 'latin1'
     | 'LATIN1'
+    | 'ucs-2'
     | 'UCS-2'
+    | 'ucs2'
     | 'UCS2'
+    | 'utf-8'
     | 'UTF-8'
+    | 'utf8'
     | 'UTF8'
+    | 'utf16le'
     | 'UTF16LE';
+  type responseEncoding = (UppercaseResponseEncoding | Lowercase<UppercaseResponseEncoding>) & {};
   interface TransitionalOptions {
     silentJSONParsing?: boolean;
     forcedJSONParsing?: boolean;
   interface AxiosInterceptorOptions {
     synchronous?: boolean;
+    runWhen?: (config: InternalAxiosRequestConfig) => boolean;
+    runWhen?: ((config: InternalAxiosRequestConfig) => boolean) | null;
+  }
   type AxiosInterceptorFulfilled<T> = (value: T) => T | Promise<T>;
     fulfilled: AxiosInterceptorFulfilled<T>;
     rejected?: AxiosInterceptorRejected;
     synchronous: boolean;
+    runWhen?: (config: AxiosRequestConfig) => boolean;
+    runWhen?: ((config: InternalAxiosRequestConfig) => boolean) | null;
+  }
   interface AxiosInterceptorManager<V> {

     return axiosError;
+  }
+    /**
+     * Create an Error with the specified message, config, error code, request and response.
+     *
+     * @param {string} message The error message.
+     * @param {string} [code] The error code (for example, 'ECONNABORTED').
+     * @param {Object} [config] The config.
+     * @param {Object} [request] The request.
+     * @param {Object} [response] The response.
+     *
+     * @returns {Error} The created error.
+     */
+    constructor(message, code, config, request, response) {
+      super(message);
+      // Make message enumerable to maintain backward compatibility
+      // The native Error constructor sets message as non-enumerable,
+      // but axios < v1.13.3 had it as enumerable
+      Object.defineProperty(this, 'message', {
+          value: message,
+          enumerable: true,
+          writable: true,
+          configurable: true
+      });
+      this.name = 'AxiosError';
+      this.isAxiosError = true;
+      code && (this.code = code);
+      config && (this.config = config);
+      request && (this.request = request);
+      if (response) {
+          this.response = response;
+          this.status = response.status;
+      }
+  /**
+   * Create an Error with the specified message, config, error code, request and response.
+   *
+   * @param {string} message The error message.
+   * @param {string} [code] The error code (for example, 'ECONNABORTED').
+   * @param {Object} [config] The config.
+   * @param {Object} [request] The request.
+   * @param {Object} [response] The response.
+   *
+   * @returns {Error} The created error.
+   */
+  constructor(message, code, config, request, response) {
+    super(message);
+    // Make message enumerable to maintain backward compatibility
+    // The native Error constructor sets message as non-enumerable,
+    // but axios < v1.13.3 had it as enumerable
+    Object.defineProperty(this, 'message', {
+      value: message,
+      enumerable: true,
+      writable: true,
+      configurable: true,
+    });
+    this.name = 'AxiosError';
+    this.isAxiosError = true;
+    code && (this.code = code);
+    config && (this.config = config);
+    request && (this.request = request);
+    if (response) {
+      this.response = response;
+      this.status = response.status;
+    }
+  }
   toJSON() {
     return {
 AxiosError.ERR_CANCELED = 'ERR_CANCELED';
 AxiosError.ERR_NOT_SUPPORT = 'ERR_NOT_SUPPORT';
 AxiosError.ERR_INVALID_URL = 'ERR_INVALID_URL';
+AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = 'ERR_FORM_DATA_DEPTH_EXCEEDED';
 export default AxiosError;

 const $internals = Symbol('internals');
+const isValidHeaderValue = (value) => !/[\r\n]/.test(value);
+const INVALID_HEADER_VALUE_CHARS_RE = /[^\x09\x20-\x7E\x80-\xFF]/g;
+function assertValidHeaderValue(value, header) {
+  if (value === false || value == null) {
+    return;
+  }
+function trimSPorHTAB(str) {
+  let start = 0;
+  let end = str.length;
+  if (utils.isArray(value)) {
+    value.forEach((v) => assertValidHeaderValue(v, header));
+    return;
+  }
+  while (start < end) {
+    const code = str.charCodeAt(start);
+  if (!isValidHeaderValue(String(value))) {
+    throw new Error(`Invalid character in header content ["${header}"]`);
+    if (code !== 0x09 && code !== 0x20) {
+      break;
+    }
+    start += 1;
+  }
+}
+function normalizeHeader(header) {
+  return header && String(header).trim().toLowerCase();
+}
+  while (end > start) {
+    const code = str.charCodeAt(end - 1);
+function stripTrailingCRLF(str) {
+  let end = str.length;
+  while (end > 0) {
+    const charCode = str.charCodeAt(end - 1);
+    if (charCode !== 10 && charCode !== 13) {
+    if (code !== 0x09 && code !== 0x20) {
       break;
+    }
     end -= 1;
+  }
+  return end === str.length ? str : str.slice(0, end);
+  return start === 0 && end === str.length ? str : str.slice(start, end);
+}
+function normalizeHeader(header) {
+  return header && String(header).trim().toLowerCase();
+}
+function sanitizeHeaderValue(str) {
+  return trimSPorHTAB(str.replace(INVALID_HEADER_VALUE_CHARS_RE, ''));
+}
 function normalizeValue(value) {
   if (value === false || value == null) {
     return value;
+  }
+  return utils.isArray(value) ? value.map(normalizeValue) : stripTrailingCRLF(String(value));
+  return utils.isArray(value) ? value.map(normalizeValue) : sanitizeHeaderValue(String(value));
+}
 function parseTokens(str) {
         _rewrite === true ||
         (_rewrite === undefined && self[key] !== false)
       ) {
+        assertValidHeaderValue(_value, _header);
         self[key || _header] = normalizeValue(_value);
+      }
+    }

     ')': '%29',
     '~': '%7E',
     '%20': '+',
+    '%00': '\x00',
   };
+  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {
+  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {
     return charMap[match];
   });
+}

  */
 export default function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
   let isRelativeUrl = !isAbsoluteURL(requestedURL);
+  if (baseURL && (isRelativeUrl || allowAbsoluteUrls == false)) {
+  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
     return combineURLs(baseURL, requestedURL);
+  }
   return requestedURL;

@@ -1,1 +1,1 @@
1		export const VERSION = "1.15.0";
	1	export const VERSION = "1.15.1";

     test(() => {
       let duplexAccessed = false;
+      const body = new ReadableStream();
+      const hasContentType = new Request(platform.origin, {
+        body,
+      const request = new Request(platform.origin, {
+        body: new ReadableStream(),
         method: 'POST',
         get duplex() {
           duplexAccessed = true;
           return 'half';
         },
+      }).headers.has('Content-Type');
+      });
+      body.cancel();
+      const hasContentType = request.headers.has('Content-Type');
+      if (request.body != null) {
+        request.body.cancel();
+      }
       return duplexAccessed && !hasContentType;
     });
       // see https://github.com/cloudflare/workerd/issues/902
       const isCredentialsSupported = isRequestSupported && 'credentials' in Request.prototype;
+      // If data is FormData and Content-Type is multipart/form-data without boundary,
+      // delete it so fetch can set it correctly with the boundary
+      if (utils.isFormData(data)) {
+        const contentType = headers.getContentType();
+        if (
+          contentType &&
+          /^multipart\/form-data/i.test(contentType) &&
+          !/boundary=/i.test(contentType)
+        ) {
+          headers.delete('content-type');
+        }
+      }
       const resolvedOptions = {
         ...fetchOptions,
         signal: composedSignal,

     if (isLast) {
       if (utils.hasOwnProp(target, name)) {
+        target[name] = [target[name], value];
+        target[name] = utils.isArray(target[name])
+          ? target[name].concat(value)
+          : [target[name], value];
       } else {
         target[name] = value;
+      }

     if (isStringValue) {
       value = textEncoder.encode(String(value).replace(/\r?\n|\r\n?/g, CRLF));
     } else {
+      headers += `Content-Type: ${value.type || 'application/octet-stream'}${CRLF}`;
+      const safeType = String(value.type || 'application/octet-stream').replace(/[\r\n]/g, '');
+      headers += `Content-Type: ${safeType}${CRLF}`;
+    }
     this.headers = textEncoder.encode(headers + CRLF);

 import platform from '../platform/index.js';
 import formDataToJSON from '../helpers/formDataToJSON.js';
+const own = (obj, key) => (obj != null && utils.hasOwnProp(obj, key) ? obj[key] : undefined);
 /**
  * It takes a string, tries to parse it, and if it fails, it returns the stringified version
  * of the input
       let isFileList;
       if (isObjectPayload) {
+        const formSerializer = own(this, 'formSerializer');
         if (contentType.indexOf('application/x-www-form-urlencoded') > -1) {
+          return toURLEncodedForm(data, this.formSerializer).toString();
+          return toURLEncodedForm(data, formSerializer).toString();
+        }
         if (
           (isFileList = utils.isFileList(data)) ||
           contentType.indexOf('multipart/form-data') > -1
         ) {
+          const _FormData = this.env && this.env.FormData;
+          const env = own(this, 'env');
+          const _FormData = env && env.FormData;
           return toFormData(
             isFileList ? { 'files[]': data } : data,
             _FormData && new _FormData(),
+            this.formSerializer
+            formSerializer
           );
+        }
+      }
   transformResponse: [
     function transformResponse(data) {
+      const transitional = this.transitional || defaults.transitional;
+      const transitional = own(this, 'transitional') || defaults.transitional;
       const forcedJSONParsing = transitional && transitional.forcedJSONParsing;
+      const JSONRequested = this.responseType === 'json';
+      const responseType = own(this, 'responseType');
+      const JSONRequested = responseType === 'json';
       if (utils.isResponse(data) || utils.isReadableStream(data)) {
         return data;
       if (
         data &&
         utils.isString(data) &&
+        ((forcedJSONParsing && !this.responseType) || JSONRequested)
+        ((forcedJSONParsing && !responseType) || JSONRequested)
       ) {
         const silentJSONParsing = transitional && transitional.silentJSONParsing;
         const strictJSONParsing = !silentJSONParsing && JSONRequested;
         try {
+          return JSON.parse(data, this.parseReviver);
+          return JSON.parse(data, own(this, 'parseReviver'));
         } catch (e) {
           if (strictJSONParsing) {
             if (e.name === 'SyntaxError') {
+              throw AxiosError.from(e, AxiosError.ERR_BAD_RESPONSE, this, null, this.response);
+              throw AxiosError.from(e, AxiosError.ERR_BAD_RESPONSE, this, null, own(this, 'response'));
+            }
             throw e;
+          }

   // eslint-disable-next-line consistent-return
   function mergeDirectKeys(a, b, prop) {
+    if (prop in config2) {
+    if (utils.hasOwnProp(config2, prop)) {
       return getMergedValue(a, b);
+    } else if (prop in config1) {
+    } else if (utils.hasOwnProp(config1, prop)) {
       return getMergedValue(undefined, a);
+    }
+  }
   utils.forEach(Object.keys({ ...config1, ...config2 }), function computeConfigValue(prop) {
     if (prop === '__proto__' || prop === 'constructor' || prop === 'prototype') return;
     const merge = utils.hasOwnProp(mergeMap, prop) ? mergeMap[prop] : mergeDeepProperties;
+    const configValue = merge(config1[prop], config2[prop], prop);
+    const a = utils.hasOwnProp(config1, prop) ? config1[prop] : undefined;
+    const b = utils.hasOwnProp(config2, prop) ? config2[prop] : undefined;
+    const configValue = merge(a, b, prop);
     (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue);
   });

   const _speedometer = speedometer(50, 250);
   return throttle((e) => {
+    const loaded = e.loaded;
+    const rawLoaded = e.loaded;
     const total = e.lengthComputable ? e.total : undefined;
+    const progressBytes = loaded - bytesNotified;
+    const loaded = total != null ? Math.min(rawLoaded, total) : rawLoaded;
+    const progressBytes = Math.max(0, loaded - bytesNotified);
     const rate = _speedometer(progressBytes);
+    const inRange = loaded <= total;
+    bytesNotified = loaded;
+    bytesNotified = Math.max(bytesNotified, loaded);
     const data = {
       loaded,
       progress: total ? loaded / total : undefined,
       bytes: progressBytes,
       rate: rate ? rate : undefined,
+      estimated: rate && total && inRange ? (total - loaded) / rate : undefined,
+      estimated: rate && total ? (total - loaded) / rate : undefined,
       event: e,
       lengthComputable: total != null,
       [isDownloadStream ? 'download' : 'upload']: true,

   // Specifically not if we're in a web worker, or react-native.
   if (platform.hasStandardBrowserEnv) {
+    withXSRFToken && utils.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig));
+    if (utils.isFunction(withXSRFToken)) {
+      withXSRFToken = withXSRFToken(newConfig);
+    }
+    if (withXSRFToken || (withXSRFToken !== false && isURLSameOrigin(newConfig.url))) {
+      // Add xsrf header
+    // Strict boolean check — prevents proto-pollution gadgets (e.g. Object.prototype.withXSRFToken = 1)
+    // and misconfigurations (e.g. "false") from short-circuiting the same-origin check and leaking
+    // the XSRF token cross-origin. See GHSA-xx6v-rp6x-q39c.
+    const shouldSendXSRF =
+      withXSRFToken === true ||
+      (withXSRFToken == null && isURLSameOrigin(newConfig.url));
+    if (shouldSendXSRF) {
       const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies.read(xsrfCookieName);
       if (xsrfValue) {

+const LOOPBACK_HOSTNAMES = new Set(['localhost']);
+const isIPv4Loopback = (host) => {
+  const parts = host.split('.');
+  if (parts.length !== 4) return false;
+  if (parts[0] !== '127') return false;
+  return parts.every((p) => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
+};
+const isIPv6Loopback = (host) => {
+  // Collapse all-zero groups: any form of ::1 / 0:0:...:0:1
+  // First, strip any leading "::" by normalising with Set lookup of common forms,
+  // then fall back to structural check.
+  if (host === '::1') return true;
+  // Check IPv4-mapped IPv6 loopback: ::ffff:<v4-loopback> or ::ffff:<hex-v4-loopback>
+  // Node's URL parser normalises ::ffff:127.0.0.1 → ::ffff:7f00:1
+  const v4MappedDotted = host.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/i);
+  if (v4MappedDotted) return isIPv4Loopback(v4MappedDotted[1]);
+  const v4MappedHex = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+  if (v4MappedHex) {
+    const high = parseInt(v4MappedHex[1], 16);
+    // High 16 bits must start with 127 (0x7f) — i.e. 0x7f00..0x7fff
+    return high >= 0x7f00 && high <= 0x7fff;
+  }
+  // Full-form ::1 variants: any number of zero groups followed by trailing 1
+  // e.g. 0:0:0:0:0:0:0:1, 0000:...:0001
+  const groups = host.split(':');
+  if (groups.length === 8) {
+    for (let i = 0; i < 7; i++) {
+      if (!/^0+$/.test(groups[i])) return false;
+    }
+    return /^0*1$/.test(groups[7]);
+  }
+  return false;
+};
+const isLoopback = (host) => {
+  if (!host) return false;
+  if (LOOPBACK_HOSTNAMES.has(host)) return true;
+  if (isIPv4Loopback(host)) return true;
+  return isIPv6Loopback(host);
+};
 const DEFAULT_PORTS = {
   http: 80,
   https: 443,
       return hostname.endsWith(entryHost);
+    }
+    return hostname === entryHost;
+    return hostname === entryHost || (isLoopback(hostname) && isLoopback(entryHost));
   });
+}

   const dots = options.dots;
   const indexes = options.indexes;
   const _Blob = options.Blob || (typeof Blob !== 'undefined' && Blob);
+  const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
   const useBlob = _Blob && utils.isSpecCompliantForm(formData);
   if (!utils.isFunction(visitor)) {
     isVisitable,
   });
+  function build(value, path) {
+  function build(value, path, depth = 0) {
     if (utils.isUndefined(value)) return;
+    if (depth > maxDepth) {
+      throw new AxiosError(
+        'Object is too deeply nested (' + depth + ' levels). Max depth: ' + maxDepth,
+        AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED
+      );
+    }
     if (stack.indexOf(value) !== -1) {
       throw Error('Circular reference detected in ' + path.join('.'));
+    }
         visitor.call(formData, el, utils.isString(key) ? key.trim() : key, path, exposedHelpers);
       if (result === true) {
+        build(el, path ? path.concat(key) : [key]);
+        build(el, path ? path.concat(key) : [key], depth + 1);
+      }
     });

 const FormDataCtor = typeof G.FormData !== 'undefined' ? G.FormData : undefined;
 const isFormData = (thing) => {
+  let kind;
+  return thing && (
+    (FormDataCtor && thing instanceof FormDataCtor) || (
+      isFunction(thing.append) && (
+        (kind = kindOf(thing)) === 'formdata' ||
+        // detect form-data instance
+        (kind === 'object' && isFunction(thing.toString) && thing.toString() === '[object FormData]')
+      )
+    )
+  );
+  if (!thing) return false;
+  if (FormDataCtor && thing instanceof FormDataCtor) return true;
+  // Reject plain objects inheriting directly from Object.prototype so prototype-pollution gadgets can't spoof FormData (GHSA-6chq-wfr3-2hj9).
+  const proto = getPrototypeOf(thing);
+  if (!proto || proto === Object.prototype) return false;
+  if (!isFunction(thing.append)) return false;
+  const kind = kindOf(thing);
+  return kind === 'formdata' ||
+    // detect form-data instance
+    (kind === 'object' && isFunction(thing.toString) && thing.toString() === '[object FormData]');
 };
 /**

+{
   "name": "axios",
+  "version": "1.15.0",
+  "version": "1.15.1",
   "description": "Promise based HTTP client for the browser and node.js",
   "main": "./dist/node/axios.cjs",
   "module": "./index.js",
     "Dmitriy Mozgovoy (https://github.com/DigitalBrainJS)",
     "Nick Uraltsev (https://github.com/nickuraltsev)",
     "Emily Morehouse (https://github.com/emilyemorehouse)",
+    "Justin Beckwith (https://github.com/JustinBeckwith)",
     "Rubén Norte (https://github.com/rubennorte)",
+    "Justin Beckwith (https://github.com/JustinBeckwith)",
     "Martti Laine (https://github.com/codeclown)",
     "Xianming Zhong (https://github.com/chinesedfan)",
     "Remco Haszing (https://github.com/remcohaszing)",
+    "Shaan Majid (https://github.com/shaanmajid)",
     "Willian Agostini (https://github.com/WillianAgostini)",
+    "Rikki Gibson (https://github.com/RikkiGibson)",
+    "Ben Carp (https://github.com/carpben)"
+    "Rikki Gibson (https://github.com/RikkiGibson)"
   ],
   "sideEffects": false,
   "license": "MIT",

Comparingaxios@1.15.0

Comparingaxios@1.15.0

Source

Source

npm diff

Options

Bundlephobia

Bundlephobia

Packagephobia

Packagephobia

dist/browser/axios.cjs +++140---101

dist/node/axios.cjs +++199---75

index.d.cts +++14---28

dist/axios.js +++92---63

dist/esm/axios.js +++140---101

lib/core/AxiosError.js +++34---33

lib/core/AxiosHeaders.js +++24---25

lib/helpers/AxiosURLSearchParams.js +++1---2

lib/core/buildFullPath.js +++1---1

lib/env/data.js +++1---1

lib/adapters/fetch.js +++21---6

lib/helpers/formDataToJSON.js +++3---1

lib/helpers/formDataToStream.js +++2---1

lib/adapters/http.js +++88---6

lib/defaults/index.js +++13---8

lib/core/mergeConfig.js +++5---3

lib/helpers/progressEventReducer.js +++5---5

lib/helpers/resolveConfig.js +++11---3

lib/helpers/shouldBypassProxy.js +++48---1

lib/helpers/toFormData.js +++10---2

lib/utils.js +++10---10

package.json +++4---4

CHANGELOG.md +++166---0

README.md +++210---204

index.d.ts +++131---225

+++0---0

Bundlephobia

Packagephobia

dist/browser/axios.cjs +++140---101

dist/node/axios.cjs +++199---75

index.d.cts +++14---28

dist/axios.js +++92---63

dist/esm/axios.js +++140---101

lib/core/AxiosError.js +++34---33

lib/core/AxiosHeaders.js +++24---25

lib/helpers/AxiosURLSearchParams.js +++1---2

lib/core/buildFullPath.js +++1---1

lib/env/data.js +++1---1

lib/adapters/fetch.js +++21---6

lib/helpers/formDataToJSON.js +++3---1

lib/helpers/formDataToStream.js +++2---1

lib/adapters/http.js +++88---6

lib/defaults/index.js +++13---8

lib/core/mergeConfig.js +++5---3

lib/helpers/progressEventReducer.js +++5---5

lib/helpers/resolveConfig.js +++11---3

lib/helpers/shouldBypassProxy.js +++48---1

lib/helpers/toFormData.js +++10---2

lib/utils.js +++10---10

package.json +++4---4

CHANGELOG.md +++166---0

README.md +++210---204

index.d.ts +++131---225

Source

Source

Comparing
`axios@1.15.0`

Comparing
`axios@1.15.0`