[falkensmaize]

The fetch api has been widely available in browsers for a decade now. And in node since 18. A competent developer could whip up a more axios-like library with fetch in a day easily. You can do all the cool things like interceptors with fetch too.

Yet most developers I work with just use it reflexively. This seems like one of the biggest issues with the npm ecosystem - the complete lack of motivation to write even trivial things yourself.

[neya]

> A competent developer could whip up a more axios-like library with fetch in a day easily.

Then you would have created just an axios clone. AKA re-inventing the wheel. The issue isn't the library itself, but rather the fact that it's popular and provided a large enough attack surface.

You can actually just clone the axios package and use it as is from your private repo and you would not have been affected.

[darepublic]

You would have created a smaller axios that only does what you needed it to. Even better

[neya]

Absolutely.

[bensyverson]

I think we're entering an era where "re-inventing the wheel" is actually a completely valid defensive posture. The cost is so low relative to the reduction in risk.

[littlestymaar]

> AKA re-inventing the wheel.

The wheel is the native fetch API, nobody needs to reinvent it.

All you'd do in that scenario is make your own hubcap to put on top.

[kro]

I really don't get this either, I've always removed axios when it was preinstalled in a framework.

I use "xhr" via fetch extensively, it can do everything in day to day business for years with minimal boilerplate.

(The only exception known to me being upload progress/status indication)

[port11]

Axios really does a lot of other great things. I would argue that Fetch could’ve easily been Axios-lite. Axios handles errors better, has interceptors, parses JSON for you, etc.

The multiple supply chain attacks against NPM packages would, of course, be solved if we simply stop using third-party libraries.

[falkensmaize]

I guess the point I’m making is that a lot of popular JavaScript libraries were created to address deficiencies in the core api that don’t exist anymore, but we keep using these libraries mostly because of entropy and familiarity.

[port11]

True. In my case it’s also out of general tiredness and disinterest. A good newsletter that catches up on useful things in the ecosystem might help, otherwise I can’t be bothered anymore to keep up. 5 years ago that still seemed like a good way to spend my time. I wonder if other developers are just as jaded.

[schindlabua]

parse json?

const x = await fetch(...); await x.json();

"intercept" code that runs before every request?

const withAuth = (res, options) => fetch(res, { ... do stuff here });

[agumonkey]

Maybe people are too comfy with axios base path url and interceptor api ? or maybe fetch handles that as well ? (through a shim ?)

[timcobb]

Fetch can't do a lot of table stakes stuff...

[paustint]

Ok, well have AI write some table stakes for you in 10 minutes with 100% test coverage and only provide exactly what "table stakes" you are missing without any bells and whistles.

[dkdbejwi383]

Such as?

[Xenoamorphous]

One I’ve noticed is download/upload progress.

[jabr]

You’ve been able to do download/upload progress using the Streams API with fetch for more than seven years now. https://developer.mozilla.org/en-US/docs/Web/API/Streams_API

[timcobb]

on the FE?

[jedwards1211]

The streams API exists on the FE, you can pipe an upload or download through a TransformStream to monitor progress