You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 7, 2026. It is now read-only.
This fork is 59 commits ahead and 133 commits behind upstream nodevault/node-vault. The two codebases have significantly diverged.
Why this fork exists
Replace request with got (c3bb5ba, Paul Siedler, Sep 2021) — the request library was deprecated, so it was swapped for got
Fix clear-text logging (da3a7d0, Sebastian Mendel, Dec 2025) — redacted sensitive request body data from debug output
The problem
The fork was written against the got v9 API in 2021, but automated dependency bumps (snyk/dependabot) have upgraded got to v14 without updating the API calls. Got v11+ is ESM-only and v11+ changed its API significantly. This means:
The fork is broken out of the box with its own declared dependencies.
Drop the fork, use upstream — Switch consumers to nodevault/node-vault@0.10.9. It uses postman-request (CJS, maintained). Contribute the clear-text logging fix upstream as a PR. This eliminates all ESM/API compatibility issues.
Fix the fork — Update all got v9 API calls in src/index.js to got v14, sync with 133 upstream commits, and publish a proper release. Significant effort for a thin wrapper library.
Replace node-vault entirely — Vault has a straightforward REST API. A few direct fetch() calls could replace the entire dependency.
Recommendation
Option 1 (drop the fork) is the most pragmatic path. The got migration was done to avoid request deprecation, but upstream solved this with postman-request. The only unique value in this fork is the clear-text logging fix, which should be contributed upstream.
Current state
This fork is 59 commits ahead and 133 commits behind upstream
nodevault/node-vault. The two codebases have significantly diverged.Why this fork exists
requestwithgot(c3bb5ba, Paul Siedler, Sep 2021) — therequestlibrary was deprecated, so it was swapped forgotda3a7d0, Sebastian Mendel, Dec 2025) — redacted sensitive request body data from debug outputThe problem
The fork was written against the got v9 API in 2021, but automated dependency bumps (snyk/dependabot) have upgraded
gotto v14 without updating the API calls. Got v11+ is ESM-only and v11+ changed its API significantly. This means:The fork is broken out of the box with its own declared dependencies.
Consumers (e.g.
vault-read) need a postinstall hack to patch 5 incompatibilities at install time:const got = require('got')require()returns{ default: ... }resolveWithFullResponse: truesimple: falsethrowHttpErrors: falseoptions.uri = urlurinot a valid optionresponse.request.pathresponse.request.options.url.pathnameUpstream comparison
nodevault/node-vaultv0.10.9)postman-request(maintained fork ofrequest)gotv14 (with v9 API calls — broken)gotcauses interop issuesOptions to resolve
Drop the fork, use upstream — Switch consumers to
nodevault/node-vault@0.10.9. It usespostman-request(CJS, maintained). Contribute the clear-text logging fix upstream as a PR. This eliminates all ESM/API compatibility issues.Fix the fork — Update all got v9 API calls in
src/index.jsto got v14, sync with 133 upstream commits, and publish a proper release. Significant effort for a thin wrapper library.Replace node-vault entirely — Vault has a straightforward REST API. A few direct
fetch()calls could replace the entire dependency.Recommendation
Option 1 (drop the fork) is the most pragmatic path. The got migration was done to avoid
requestdeprecation, but upstream solved this withpostman-request. The only unique value in this fork is the clear-text logging fix, which should be contributed upstream.