fix: use 'node-fetch' as Octokit's fetch

In v6.1.0 Octokit started using Node.js's built-in `fetch`[^1] (provided by [undici][1]. Unfortunately, it is not 100% compatible with `node-fetch`, and notably it doesn't support `HTTP_PROXY` environment variables[^2]. This change switches `osv-offline` to explicitly use `node-fetch`. Closes #252 [1]: https://github.com/nodejs/undici [^1]: octokit/request.js@d000a0a [^2]: nodejs/undici#1650
renovatebot · Mar 27, 2023 · 277ee49 · 277ee49
1 parent d33b020
commit 277ee49
Show file tree

Hide file tree

Showing 3 changed files with 90 additions and 5 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/osv-offline/package.json b/packages/osv-offline/package.json
@@ -13,7 +13,8 @@
     "adm-zip": "~0.5.10",
     "fs-extra": "^11.1.0",
     "got": "^11.8.6",
-    "luxon": "^3.3.0"
+    "luxon": "^3.3.0",
+    "node-fetch": "^2.6.9"
   },
   "devDependencies": {
     "@types/adm-zip": "0.5.0",

diff --git a/packages/osv-offline/src/lib/download.ts b/packages/osv-offline/src/lib/download.ts
@@ -1,4 +1,5 @@
 import fs from 'fs-extra';
+import fetch from 'node-fetch';
 import { Octokit } from '@octokit/rest';
 import got from 'got';
 import { Stream } from 'stream';
@@ -34,9 +35,7 @@ export async function tryDownloadDb(): Promise<boolean> {
     return true;
   }
 
-  const octokitOptions = process.env.GITHUB_COM_TOKEN
-    ? { auth: process.env.GITHUB_COM_TOKEN }
-    : undefined;
+  const octokitOptions = { auth: process.env.GITHUB_COM_TOKEN, request: { fetch } };
 
   let latestRelease = null;
   try {