Me happily using Guzzle.
I get a notification like that probably twice a day and 99 times out of 100 it’s a vuln that only exists if you pass unsanitized input to the library.
I’m not ja JS or TS developer, but I’ve never saw the appeal axios has over the standard
fetch.Axios existed before
fetch(and iircfetchwas designed with axios in mind) and comes with bells and whistles that you’d want to have when building against JSON-based API servers. It’s popular for a good reason, which tbf is a rare rnough phenomenon these days in general.If you just use it as a substitute for fetch, then yeah, there’s no point.
Axios has some extra error handling stuff, automatically parses JSON, has interceptor hooks to create “request loadouts”, throws on 4xx and 5xx errors, has a builtin way of timing out requests, and can even do some nonstandard stuff like sending a body on GET requests.
