I drag a tiny fetch wrapper around with error/json handling, timeouts and basic interceptor support. It doesn't cover everything axios does but it's nice enough and I haven't had to touch it in a couple years.
I often do similar... though most of the time the past couple years, I'm generating the client from OpenAPI integration on the backend that uses fetch as its' base.
When the vulnerability was announced, it took me two minutes to one-shot convert an entire legacy project from axios to fetch (it already wrapped api calls neatly), react cra to vite, update all dependencies, convert to deep imports to reduce bundle size and get zero npm warnings while fetching coffee. There is just no excuse to use it.
Move from a tested library where when a vulnerability is discovered everyone in the world is made aware to an untested one shot llm output that if a vulnerability is discovered will never come to light .
What's the reason to switch to something less stable short/long term? Because its older and newer code is always better?
That's like saying rpad is well tested. Axios isn't exactly rocket science, it is trivial to replace. So much so that even a SOTA llm does it reliably. I'd say good riddance.
For reference: https://github.com/sampullman/fetch-api/blob/main/lib/fetchA...