NodeJS 的“https”package 是否使“http”变得多余？

Question

When I learned NodeJS a few years ago, 'http' module had been introduced. But I suppose, it's not the best native module from the viewpoint of security and other functionality in 2021. The first that one that attracts the most attention is https .

I know that the HTTPS protocol is an essential of web development for the 2020's. But does the https package fully substitute the http module, and will it work if no https domain is available in a certain project?

Answer 1

But does https package fully substitutes the http and will it work if no https domain available in specific project?

https does not substitute http , because https specifically expects communication under the HTTPS protocol.

const req = require('https').request('http://www.example.com');

TypeError [ERR_INVALID_PROTOCOL]: Protocol "http:" not supported. Expected "https:"
    at new ClientRequest (_http_client.js:152:11)
    at Object.request (https.js:314:10)
    at repl:1:17
    at Script.runInThisContext (vm.js:120:20)
    at REPLServer.defaultEval (repl.js:433:29)
    at bound (domain.js:426:14)
    at REPLServer.runBound [as eval] (domain.js:439:12)
    at REPLServer.onLine (repl.js:760:10)
    at REPLServer.emit (events.js:327:22)
    at REPLServer.EventEmitter.emit (domain.js:482:12) {
  code: 'ERR_INVALID_PROTOCOL'
}

Whether there is ever interest in making the https module sufficiently flexible to also work with HTTP (with the purpose of making the http module redundant), regardless of the security implications, is a matter of opinion and eventual design decisions of Node.js, but seems too unlikely. Heavy changes to the Node.js standard library would affect a major portion of the JavaScript ecosystem, and those projects would not stop depending on http so soon, even with such a change.

In practice, one is better off using one of the many user-friendly HTTP client libraries out there , most of which handle both protocols automatically.