Node-fetch is a lightweight module that brings the window.fetch API familiar to browser-side JavaScript developers to the Node.js environment. Comparing versions 2.6.5 and 2.6.6, the core functionality and dependency structure remain remarkably consistent, ensuring a stable experience for users. Both versions maintain the same core dependency on whatwg-url at version ^5.0.0, indicating a continued reliance on a consistent URL parsing mechanism.
The developer dependencies, crucial for testing and building the library, are also identical between the two versions, suggesting that the development workflow and testing methodologies haven't undergone significant changes. This includes tools like chai for assertions, mocha for test running, rollup for bundling, and babel for transpilation.
The most noticeable difference lies in the dist section, specifically the unpackedSize and releaseDate. Version 2.6.6 has a slightly larger unpacked size (149298 bytes) compared to 2.6.5(149265 bytes) reflecting a potential increase in the library's overall footprint with version 2.6.6. And version 2.6.6 was released later (2021-10-31) than version 2.6.5 (2021-09-22). This points to possible bug fixes, performance tweaks, or minor feature enhancements incorporated into the newer release. Developers should consider upgrading to version 2.6.6 to benefit from these potential improvements, even though the core API and dependencies appear unchanged. The license remains MIT in both versions, offering flexibility for integration into various projects.
All the vulnerabilities related to the version 2.6.6 of the package
node-fetch forwards secure headers to untrusted sites
node-fetch forwards secure headers such as authorization, www-authenticate, cookie, & cookie2 when redirecting to a untrusted site.
