Back to Explore

nodejs/undici

GitHub
14 updates · last 90 days2 watchersOpen source

Last release:

Undici is an HTTP/1.1 client written from scratch for Node.js. It is useful for making HTTP requests, and it also provides APIs like fetch, request, streaming helpers, and connection pooling configuration.

Project status

  • Actively maintained: The upstream GitHub push was 2026-07-09, and recent updates are coming in over consecutive weeks (v8.4.1 in 2026-06-08, v8.5.0 around 2026-06-15, v8.6.0 in 2026-07-02, v8.7.0 in 2026-07-04). This indicates ongoing active development rather than maintenance mode.
  • Update cadence: The pattern from late June through early July shows frequent, small-to-medium updates (roughly every few days to a week, with some clusters), with continued attention to HTTP/1, HTTP/2 robustness, and proxy behavior.

AI summary generated

AI-generated from public sources. May be inaccurate. Report

Recent updates

  • v8.7.0

    undici v8.7.0 focuses on HTTP/2 robustness and proxy behavior fixes, alongside several correctness fixes (Range, cookies, EventSource credential handling). It also includes a TypeScript type definition enhancement for RedirectHandler and multiple test/docs improvements.

    Features
  • v8.6.0

    v8.6.0 focuses on correctness fixes across fetch, HTTP/1 and HTTP/2 handling, and proxy CONNECT behavior, plus one functional addition: support for the HTTP QUERY method (RFC 10008). The release notes also include multiple documentation updates, including a migration to doc-kit and expanded API reference pages.

    Features
  • v6.27.0

    v6.27.0 includes targeted fixes for idle socket validation and a backport of WebSocket maxPayloadSize behavior. The code diff shows additional functional and security-related changes beyond the two brief release notes, including stricter request header validation and changes to HTTP fetch decoding and streaming error handling.

    BreakingSecurityFeatures
  • v7.28.0

    v7.28.0 release notes list a small set of bug fixes related to timer validation, SOCKS5 proxy TLS option handling, and a backport for WebSocket maxPayloadSize. However, the provided diff shows additional substantial internal HTTP parsing changes (via llhttp) and API documentation changes for Agent options and stats that are not mentioned in the release notes.

  • v8.5.0

    undici v8.5.0 adds a couple of API/documentation improvements, and includes multiple HTTP/2 related bug fixes focused on stream multiplexing, session cleanup, and idle timer validation. Release notes also mention EventSource spec alignment and a new body stream helper (bodymixin.textStream()).

    Features
  • v8.4.1

    v8.4.1 is a maintenance release focused on correctness fixes in the HTTP/2 client, DNS interceptor behavior, and resilience against a paused parser crash. It also includes test improvements and documentation updates (including a new Getting Started guide).

  • v8.4.0

    v8.4.0 includes a collection of fixes and test stabilizations, plus two user-facing option additions: a redirect option to strip headers on redirect, and a connect option (preferH2) to influence ALPN negotiation. The release notes mostly focus on HTTP/2 behavior and reliability, but the code diff shows additional API and default-behavior changes that are not called out.

    Features
  • v7.27.2

    v7.27.2 contains a targeted fix related to how undici selects the global dispatcher in Node.js v7. The code now routes global dispatcher resolution through a legacy (v1) dispatcher symbol.

  • v7.27.1

    v7.27.1 adds support for preserving raw HTTP headers (and trailers) when bridging dispatch handlers, ensuring Node.js global fetch behavior matches expectations when using an undici Agent dispatcher. The change also extends the Dispatcher controller typing to expose these raw values to handler callbacks.

  • v7.27.0

    v7.27.0 includes a fix intended to make Undici work with Node.js 26, specifically around how Node’s global fetch interacts with Undici’s global dispatcher. The documented change focuses on supporting the legacy global dispatcher behavior.

  • v6.26.0

    Release v6.26.0 documents a fix for validating EOF for chunked HTTP/1 (h1) responses. The actual code diff shows additional, substantial behavioral changes in HTTP response decoding (Content-Encoding handling), request header validation, dispatcher timeout mechanics, HTTP/2 GOAWAY handling, and new WebSocket and DNS related APIs.

    SecurityFeatures
  • v7.26.0

    v7.26.0 contains backported fixes from main, primarily around HTTP/1 parsing edge cases. The release notes mention EOF validation for chunked h1 responses and an additional EOF-related fix.

  • v8.3.0

    v8.3.0 is a large update focused on HTTP/2 and pool behavior improvements, along with multiple SOCKS5, retry, and fetch/mocking correctness fixes. It also adds SnapshotAgent request matching normalization helpers and extends undici's global installation docs to cover additional web API classes.

    SecurityFeatures
  • v8.2.0

    Undici v8.2.0 release notes focus on a broad set of bug fixes across fetch, http2, websocket, caching, socks5, pooling/connection management, and client stream lifecycle handling, plus multiple performance improvements. It also includes one documented feature, ProxyAgent support for username-only proxy authentication, and dependency bumps (llhttp and uWebSockets.js). The notes do not call out any explicit breaking API changes.

    Features
  • v6.25.0

    v6.25.0 adds a new DNS caching interceptor export and introduces WebSocket configuration support via a default maxPayloadSize limit of 128 MB. The code diff also tightens HTTP request header validation, changes fetch content-decoding behavior with a new safeguard against excessive Content-Encoding layers, and refines connection, timeout, and error propagation logic.

    SecurityFeatures
  • v7.25.0

    v7.25.0 does not include any specific release note entries beyond a link to the compare view. The actual diff shows targeted changes inside undici's fetch implementation around how 401 responses trigger credential retry logic, plus related test coverage and some release automation workflow updates.

  • v8.1.0

    Release v8.1.0 is described as adding a configurable WebSocket maxPayloadSize option. However, the actual code diff shows several major, behavior-changing internal and public API adjustments (including a large dispatcher handler API migration and a change to HTTP/2 defaults) that are not mentioned in the release notes.

    Features
  • v8.0.3

    v8.0.3 includes mostly internal refactors and test/docs updates, plus several dependency bumps (esbuild, proxy, got). The release notes mention a few behavior-oriented fixes (for request body 401 issues, connect timeout respect, cache dedup collision prevention), but the code diff also shows some larger behavioral changes that are not clearly called out.

    BreakingFeatures
  • v7.24.8

    v7.24.8 is presented as a backport of an Undici fix for handling HTTP 401 responses without getting stuck in an infinite retry loop when the request body is stream-backed. The code changes confirm this, but they also adjust related credential handling logic for 401 retries in additional edge cases.