undefined | Better HN

0 pointsdanscan18d ago0 comments

Axios, like Express, is something I'm shocked to see used in any modern codebase. I loved both in the 2010s. In JS/TS-land there are much simpler and better options these days. Depending on Axios suggests the devs don't know how to use fetch. I can't think of another reason it would be a necessary dependency

0 comments

zarzavat18d ago

> Depending on Axios suggests the devs don't know how to use fetch.

You could equally say that using fetch means that the developers don't know how to use axios.

They do the same thing, except axios does it a little better, when it doesn't pwn you.

Axios predates the availability of fetch in node by 2 years, and fetch has never caught up with axios so there was no reason to switch to fetch, unless you need to run on both client and server then of course you use fetch.

TranquilMarmot18d ago

I usually reach for ky these days since it's an extremely lightweight wrapper over `fetch` - basically just adds a few niceties

https://github.com/sindresorhus/ky

From the readme:

- Simpler API

- Method shortcuts (ky.post())

- Treats non-2xx status codes as errors (after redirects)

- Retries failed requests

- JSON option

- Timeout support

- Upload and download progress

- Base URL option

- Instances with custom defaults

- Hooks

- Response validation with Standard Schema (Zod, Valibot, etc.)

- TypeScript niceties (e.g., .json() supports generics and defaults to unknown, not any)

Of course, this is only for projects where I have to make a lot of HTTP requests to a lot of different places where these niceties make sense. In most cases, we're usually using a library generated from an OpenAPI specification and fall back to `fetch` only as an escape hatch.

kamranjon18d ago

In what ways has fetch never caught up to axios? I have not encountered a situation where I could not use fetch in the last 5 years so I'm just curious what killer features axios has that are still missing in fetch (I certainly remember using axios many moons ago).

junon18d ago

Missing a lot of event hooks that axios/ky give you.

mattmanser18d ago

Simple examples are interceptors and error handling.

Fetch is one of those things I keep trying to use, but then sorely regret doing so because it's a bit rubbish.

You're probably reinventing axios functionality, badly, in your code.

It's especially useful when you want consistent behaviour across a large codebase, say you want to detect 401s from your API and redirect to a login page. But you don't want to write that on every page.

Now you can do monkey patching shenanigans, or make your own version of fetch like myCompanyFetch and enforce everyone uses it in your linter, or some other rubbish solution.

Or you can just use axios and an interceptor. Clean, elegant.

And every project gets to a size where you need that functionality, or it was a toy and who cares what you use.

1 more reply

worble18d ago

> when it doesn't pwn you.

That's a pretty big asterisk though. Taking on a supply chain risk in exchange for reducing developer friction is not worth it in a lot of situations. Every dependency you take increases your risk of getting pwned (especially when it pulls in it's own dependencies), and you seriously need to consider whether it's worth that when you install it.

Don't get me wrong, sometimes it is; I'm certainly not going to create my own web framework from scratch, but a web request helper? Maybe not so much.

zarzavat18d ago

What the axios attack shows is that even if you stick to sensible, popular packages you can still get pwned if you are not following best practices: set a min age, don't npm install except from a lock file, preferably work in a VM, etc.

Yesterday it's axios, tomorrow it could be react, vite, or typescript. Sticking to only "required" packages won't save you, you have to fix the problem at the root by improving your own security practices. Make the attack impossible, not just unlikely.

samtrack201918d ago

I compare this to the request and httplib in python, request library is vastly superior in usability but both do the same..

tommy_axle18d ago

I wouldn't go that far. Right tool for the job as always. Axios offers a lot over fetch for all but the simplest use cases plus you get to take advantage of the ecosystem. Need offline, axios-cache-interceptor already exists. Sure you can do all of those things with fetch but you need more to go with it taking you right back to just using axios. Also is no one annoyed that you can't replay fetch like the xhr? Same with express: solves a problem reliably.

danpalmer18d ago

If you want a fully built out network layer, with auth, logging, monitoring, policies, etc, then `fetch` doesn't really help. Axios and other libraries provide much more for building that sort of framework.

internetter18d ago

Any sufficiently competent typescript developer can build out an adhoc wrapper (that just inherits the type definition and passes along whatever it is passed after altering it however needed) in under a hour. It doesn't scale in the sense that you don't expose a configuration, but config as code is king.

(Source: have built out much more scuffed variants of this than the one I just described like https://github.com/boehs/ajar)

I guess a LLM can do as well. Although that's not something I'm quite ready to admit.

8n4vidtmkvmk18d ago

I've wrapped fetch a few times but i don't think I'd blame someone if they got tired of wrapping it and wanted a consistent interface across all the projects they work on.

whattheheckheck18d ago

Keep developing it. Your taste and judgement matter

interstice18d ago

Ah yes ad hoc, the best way to write fundamental utilities underpinning every fetch your app makes.

1 more reply

jwilliams18d ago

I do "just use fetch" nowadays -- but I have to say, axios definitely has better ergonomics than fetch, especially for calling APIs.

sampullman18d ago

I drag a tiny fetch wrapper around with error/json handling, timeouts and basic interceptor support. It doesn't cover everything axios does but it's nice enough and I haven't had to touch it in a couple years.

For reference: https://github.com/sampullman/fetch-api/blob/main/lib/fetchA...

tracker118d ago

I often do similar... though most of the time the past couple years, I'm generating the client from OpenAPI integration on the backend that uses fetch as its' base.

nurettin18d ago

When the vulnerability was announced, it took me two minutes to one-shot convert an entire legacy project from axios to fetch (it already wrapped api calls neatly), react cra to vite, update all dependencies, convert to deep imports to reduce bundle size and get zero npm warnings while fetching coffee. There is just no excuse to use it.

ipaddr18d ago

Move from a tested library where when a vulnerability is discovered everyone in the world is made aware to an untested one shot llm output that if a vulnerability is discovered will never come to light .

What's the reason to switch to something less stable short/long term? Because its older and newer code is always better?

1 more reply

azangru18d ago

> Axios, like Express, is something I'm shocked to see used in any modern codebase

I am totally with you on axios; but why is express shocking, and what do you expect to see in its place? Fastify? Hono? Node:http?

Chyzwar18d ago

Because your fetch most likely mishandle errors, lack retries, fail on redirects and is unnecessary verbose for both people and agents.

ariwilson18d ago

What's wrong with Express?

rozenmd18d ago

Several newer alternatives that outperform it on Node, like Hono

internetter18d ago

Just slow and convoluted internals due to the accumulation of cruft over time

koolba18d ago

What’s wrong with express?

dheerajvs18d ago

Annoyingly, fetch does not support progress events and HTML / XML Document parsing, which are both supported by XMLHttpRequest, which Axios is based on.

chvid18d ago

ChatGPT in general recommends axios over fetch. (At least it did about 2 months ago)

toraway18d ago

Yep, Claude made an executive decision to use Axios when it built one of my projects 9 months ago or so.

... and would then forget to use it 1/5 times and break auth/sessions in new code handling by using plain fetch.

internetter18d ago

This is why people still need to know how to write code and why it is asinine to have an LLM write code without a human reading it. Good developers should know what good code looks like and push back when what they're fed is wrong.

1 more reply

seanp2k218d ago

jQuery is still useful too. May you never work in heathcare / government / defense where you need to support legacy browsers far past their expiration date.

j / k navigate · click thread line to collapse

0 comments

zarzavat18d ago

> Depending on Axios suggests the devs don't know how to use fetch.

You could equally say that using fetch means that the developers don't know how to use axios.

They do the same thing, except axios does it a little better, when it doesn't pwn you.

TranquilMarmot18d ago

I usually reach for ky these days since it's an extremely lightweight wrapper over `fetch` - basically just adds a few niceties

https://github.com/sindresorhus/ky

From the readme:

- Simpler API

- Method shortcuts (ky.post())

- Treats non-2xx status codes as errors (after redirects)

- Retries failed requests

- JSON option

- Timeout support

- Upload and download progress

- Base URL option

- Instances with custom defaults

- Hooks

- Response validation with Standard Schema (Zod, Valibot, etc.)

- TypeScript niceties (e.g., .json() supports generics and defaults to unknown, not any)

kamranjon18d ago

junon18d ago

Missing a lot of event hooks that axios/ky give you.

mattmanser18d ago

Simple examples are interceptors and error handling.

Fetch is one of those things I keep trying to use, but then sorely regret doing so because it's a bit rubbish.

You're probably reinventing axios functionality, badly, in your code.

Now you can do monkey patching shenanigans, or make your own version of fetch like myCompanyFetch and enforce everyone uses it in your linter, or some other rubbish solution.

Or you can just use axios and an interceptor. Clean, elegant.

And every project gets to a size where you need that functionality, or it was a toy and who cares what you use.

1 more reply

worble18d ago

> when it doesn't pwn you.

Don't get me wrong, sometimes it is; I'm certainly not going to create my own web framework from scratch, but a web request helper? Maybe not so much.

zarzavat18d ago

samtrack201918d ago

I compare this to the request and httplib in python, request library is vastly superior in usability but both do the same..

tommy_axle18d ago

danpalmer18d ago

internetter18d ago

(Source: have built out much more scuffed variants of this than the one I just described like https://github.com/boehs/ajar)

I guess a LLM can do as well. Although that's not something I'm quite ready to admit.

8n4vidtmkvmk18d ago

I've wrapped fetch a few times but i don't think I'd blame someone if they got tired of wrapping it and wanted a consistent interface across all the projects they work on.

whattheheckheck18d ago

Keep developing it. Your taste and judgement matter

interstice18d ago

Ah yes ad hoc, the best way to write fundamental utilities underpinning every fetch your app makes.

1 more reply

jwilliams18d ago

I do "just use fetch" nowadays -- but I have to say, axios definitely has better ergonomics than fetch, especially for calling APIs.

sampullman18d ago

For reference: https://github.com/sampullman/fetch-api/blob/main/lib/fetchA...

tracker118d ago

I often do similar... though most of the time the past couple years, I'm generating the client from OpenAPI integration on the backend that uses fetch as its' base.

nurettin18d ago

ipaddr18d ago

What's the reason to switch to something less stable short/long term? Because its older and newer code is always better?

1 more reply

azangru18d ago

> Axios, like Express, is something I'm shocked to see used in any modern codebase

I am totally with you on axios; but why is express shocking, and what do you expect to see in its place? Fastify? Hono? Node:http?

Chyzwar18d ago

Because your fetch most likely mishandle errors, lack retries, fail on redirects and is unnecessary verbose for both people and agents.

ariwilson18d ago

What's wrong with Express?

rozenmd18d ago

Several newer alternatives that outperform it on Node, like Hono

internetter18d ago

Just slow and convoluted internals due to the accumulation of cruft over time

koolba18d ago

What’s wrong with express?

dheerajvs18d ago

Annoyingly, fetch does not support progress events and HTML / XML Document parsing, which are both supported by XMLHttpRequest, which Axios is based on.

chvid18d ago

ChatGPT in general recommends axios over fetch. (At least it did about 2 months ago)

toraway18d ago

Yep, Claude made an executive decision to use Axios when it built one of my projects 9 months ago or so.

... and would then forget to use it 1/5 times and break auth/sessions in new code handling by using plain fetch.

internetter18d ago

1 more reply

seanp2k218d ago

jQuery is still useful too. May you never work in heathcare / government / defense where you need to support legacy browsers far past their expiration date.

j / k navigate · click thread line to collapse