impit-node@0.14.1

Changelog

All notable changes to this project will be documented in this file.

js-0.14.1 - 2026-05-29

Bug Fixes

• Handle missing APIFY_HTTPBIN_TOKEN in musllinux aarch64 Python tests (#444)

  • Third-party PRs run without repository secrets, and the musllinux aarch64 Python job was passing APIFY_HTTPBIN_TOKEN to run-on-arch-action in a way that produced a non-flat env value. That caused the job to fail before tests could use their existing fallback behavior. ---------

• Migrate http3 DNS lookup from hickory-client to hickory-resolver (#454)

  • impit/src/http3.rs only used hickory to fire a single HTTPS-record DNS query against a hard-coded 8.8.8.8:53 for h3 discovery. Migrated that to hickory-resolver 0.26.1, which: - pulls in the patched hickory-proto 0.26.1, - uses the system DNS config instead of hard-coding Google's resolver, - drops the manual background-task plumbing and Drop impl since the resolver manages its own connections. API shifts handled along the way: Record::data() → Record.data (now a public field), SVCB::svc_params() → SVCB.svc_params (public field).

• Drop only-allow preinstall from the published package (#464)

js-0.14.0 - 2026-05-07

Features

• Return the vanillaFallback option as an alternative for failing requests (#441)
  • The vanillaFallback option has been noop in a few of the latest versions of impit. The changes from this PR return this feature to support, e.g., servers with old TLS stacks that uncover some of the emulation discrepancies and cause the requests to fail.

js-0.13.1 - 2026-04-22

Bug Fixes

• Decode non-ASCII response header values as ISO-8859-1 (#434)

• Use browser-matching multipart boundary format (#435)

  • Moves multipart boundary generation from JS to Rust where the browser fingerprint is available. Each browser profile now produces boundaries matching the real browser format: - Chrome: ----WebKitFormBoundary + 16 alphanumeric chars - Firefox: ----geckoformboundary + two random uint64 hex values - OkHttp: UUID v4 (xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx) - No fingerprint: ----formdata-impit-* (default, unchanged) The boundary is generated lazily — the NAPI call only happens when the body is actually a FormData instance. The method is not exposed in public types.

js-0.13.0 - 2026-03-26

Features

• Add new OkHTTP fingerprints (#416)
  • Adds profiles for emulating the fingerprints of the OkHTTP library (JVM / Android HTTP client).

js-0.12.0 - 2026-03-24

Features

• Add per-request redirect option to RequestInit (#418)

  • Summary Adds standard Fetch API redirect option to RequestInit, allowing per-request override of the instance-level followRedirects setting. - 'follow' — follow redirects (default, matches instance behavior) - 'manual' — return the 3xx response as-is - 'error' — throw TypeError on redirect When set, overrides the instance-level followRedirects for that request. When omitted, instance-level followRedirects / maxRedirects are used as before. Also extracts Request.redirect when a Request object is passed — but only for non-default values ('manual', 'error'), since Request.redirect defaults to 'follow' per the Fetch API spec and would otherwise silently override instance-level followRedirects: false. ## Changes - index.wrapper.js — extract redirect in parseFetchOptions, thread through fetch() → #fetchWithRedirectHandling(), override instance-level followRedirects / throw on 'error' - dts-header.d.ts — add redirect to RequestInit via interface merging - test/basics.test.ts — replace skipped httpbin-based redirect tests with 15 local server tests covering all modes, overrides, Request objects, status codes - test/mock.server.ts — add /redirect/:n, /redirect-to, /get routes - README.md — add per-request redirect usage example ---------

• Add clone() support to ImpitResponse (#419)

  • Summary Implements Response.clone() on ImpitResponse using ReadableStream.tee(), making impit compatible with libraries like ky that call response.clone() internally. ## Approach When .clone() is called: 1. this.body.tee() splits the underlying ReadableStream into two independent streams (synchronous, no eager buffering) 2. The original response's .body getter and body methods (text, json, arrayBuffer, bytes) are re-patched to read from one stream 3. A standard Response is returned as the clone, backed by the other stream Multiple clones are supported (matching the Fetch spec) — each call tees the current branch, so the original and all clones can be read independently. Charset-aware text() decoding is preserved on the original via decodeBuffer. The clone uses standard Response.text() (UTF-8). Throws TypeError on clone after body consumption, matching Fetch API semantics. ## Changes - index.wrapper.js — add clone() in #wrapResponse, re-patch .body getter and body methods with configurable: true so subsequent clones work - dts-header.d.ts — add clone(): Response to ImpitResponse via declaration merging - test/basics.test.ts — tests covering: return type, url/header preservation, independent body reads, text() on both, multiple clones, body streaming after clone, clone-after-consume error, arrayBuffer on both, read ordering, non-200 status ---------

js-0.11.0 - 2026-03-13

Features

• Support timeout=None to disable timeout (#402)

  • Updates the timeout handling in Python. The default behaviour stays the same, but passing timeout=None now disables the timeout (either client-wide or for the current request). This aligns impit with how httpx handles timeouts. ---------

• Better errors for Node.JS bindings (#406)

  • Closes #397.

Refactor

• Replace scraper with lol_html for HTML charset prescanning (#398)
  • Replaces scraper dependency with a more lightweight HTML parser from lol_html. Adds regression tests to ensure the behaviour stays the same. ---------

js-0.10.1 - 2026-03-02

Bug Fixes

• Keep content-length header in compressed responses (#395)

js-0.10.0 - 2026-03-02

Bug Fixes

• Clean up AbortSignal listeners after fetch() completes (#394)
  • Drops AbortSignal listeners in Node.JS bindings to prevent memory leaks on AbortSignal reuse. ---------

Features

• Add HTTP/2 SETTINGS fingerprinting (#386)
  • Adds custom HTTP2 profiles to the emulated browser fingerprints. ---------

js-0.9.2 - 2026-02-10

Bug Fixes

• Allow removing impersonated headers by passing empty string (#382)
  • Users can now remove impersonated headers (like Sec-Fetch-User) from requests by passing an empty string as the header value. When an empty string is provided, the header is filtered out before the request is sent. This enables users, e.g., to manually control which Sec-Fetch-* headers should be included in their requests, addressing use cases where the default impersonated headers don't match the actual request context.

js-0.9.1 - 2026-02-02

Bug Fixes

• Handle redirects/cookies in the JS layer (#375)
  • Solves high-concurrency segmentation faults, processes cookies and handles redirects fully in JS instead of Rust.

js-0.9.0 - 2026-01-29

Bug Fixes

• Prevent double free on Buffer by passing a BufferSlice (#369)

  • As a non-async function, decode_buffer doesn't require owning the Buffer and can do with only a BufferSlice. This takes the cleanup responsibility from napi-rs and should prevent the double free scenarios, as the Buffer is now Node runtime-managed.

• Use the rustls Verifier / CryptoProvider cache with custom fingerprints (#371)

  • Speeds up repeated client instantiation and lowers the memory footprint if the custom fingerprints are used. Related to #370

• Call adjust_external_memory on Impit instantiation (#372)

  • Large wrapped objects should adjust_external_memory to guide the native GC scheduler (docs). The size of 500kB is eyeballed (experiments show values around ~120kB), so this should give us enough leeway for the future.

Features

• Use rustls-platform-verifier for system CA support (#357)

  • Replaces the static webpki-roots dependency with rustls-platform-verifier to enable impit to rely on the operating system's trust store. ---------

• Custom fingerprint support (#366)

  • Extracts all fingerprinting logic (from e.g. the rustls patch) to impit. Prepares the codebase for new, non-hardcoded browser fingerprints. Related to #99

• Add more Chrome and Firefox fingerprints (#367)

  • Adds more browser fingerprints and passes these to the Node.JS and Python bindings.

js-0.8.2 - 2026-01-12

Bug Fixes

• Avoid excessive wait on a non-aborted Response (#355)
  • Replaces the thread polling the AbortSignal for a channel.

js-0.8.1 - 2026-01-09

Bug Fixes

• Add signal to the RequestInit type (#351)
  • Fixes an omission from #349

js-0.8.0 - 2026-01-09

Bug Fixes

• Don't leak memory on failed requests (#350)
  • Related to napi-rs/napi-rs#3086

Features

• Add support for JS AbortSignal (#349)

js-0.7.6 - 2026-01-05

Bug Fixes

• Do not panic on missing attributes for encoding-related meta elements (#346)

  • Ignores encoding-related meta elements with missing content or charset attributes. Related to #344

• Throw Error on invalid header value (do not panic) (#347)

  • Unparseable response header values now only return Error in the Node bindings instead of panicking and killing the proce...

impit-node@0.14.0

js-0.14.0 - 2026-05-07

Features

• Return the vanillaFallback option as an alternative for failing requests (#441)
  • The vanillaFallback option has been noop in a few of the latest versions of impit. The changes from this PR return this feature to support, e.g., servers with old TLS stacks that uncover some of the emulation discrepancies and cause the requests to fail.

impit-node@0.13.1

Bug Fixes

• Decode non-ASCII response header values as ISO-8859-1 (#434)

• Use browser-matching multipart boundary format (#435)

impit-node@0.13.0

Features

• Add new OkHTTP fingerprints (#416)
  • Adds profiles for emulating the fingerprints of the OkHTTP library (JVM / Android HTTP client).

impit-node@0.12.0

Features

• Add per-request redirect option to RequestInit (#418)

  • Adds standard Fetch API redirect option to RequestInit, allowing per-request override of the instance-level followRedirects setting.

• Add clone() support to ImpitResponse (#419)

  • Implements Response.clone() on ImpitResponse using ReadableStream.tee(), making impit compatible with libraries like ky that call response.clone() internally.

js-0.11.0

What's Changed

• feat: better errors for Node.JS bindings by @barjin in #406

Full Changelog: js-0.10.1...js-0.11.0

impit-python@0.12.0

Features

• Add HTTP/2 SETTINGS fingerprinting (#386)

  • Adds custom HTTP2 profiles to the emulated browser fingerprints.

• Support timeout=None to disable timeout (#402)

  • Updates the timeout handling in Python. The default behaviour stays the same, but passing timeout=None now disables the timeout (either client-wide or for the current request). This aligns impit with how httpx handles timeouts.

Refactor

• Replace scraper with lol_html for HTML charset prescanning (#398)
  • Replaces scraper dependency with a more lightweight HTML parser from lol_html. Adds regression tests to ensure the behaviour stays the same.

impit-node@0.10.1

Bug Fixes

• Keep content-length header in compressed responses (#395)

impit-node@0.10.0

Bug Fixes

• Clean up AbortSignal listeners after fetch() completes (#394)
  • Drops AbortSignal listeners in Node.JS bindings to prevent memory leaks on AbortSignal reuse.

Features

• Add HTTP/2 SETTINGS fingerprinting (#386)
  • Adds custom HTTP2 profiles to the emulated browser fingerprints.

impit-python@0.11.0

Bug Fixes

• Proxy authenticates with empty password (#327)

• Authenticate with HTTPS proxy and HTTP target (#333)

  • Propagates upstream fixes from reqwest.

• Do not panic on missing attributes for encoding-related meta elements (#346)

  • Ignores encoding-related meta elements with missing content or charset attributes. Related to #344

• Use the rustls Verifier / CryptoProvider cache with custom fingerprints (#371)

  • Speeds up repeated client instantiation and lowers the memory footprint if the custom fingerprints are used. Related to #370

• Allow removing impersonated headers by passing empty string (#382)

  • Users can now remove impersonated headers (like Sec-Fetch-User) from requests by passing an empty string as the header value. When an empty string is provided, the header is filtered out before the request is sent. This enables users, e.g., to manually control which Sec-Fetch-* headers should be included in their requests, addressing use cases where the default impersonated headers don't match the actual request context.

Features

• Enable TRACE method in the bindings (#328)

  • Unifies all clients by enabling the trace method in all of them. Required for type parity (HttpMethod) in downstream repositories - Crawlee et al.

• Use rustls-platform-verifier for system CA support (#357)

  • Replaces the static webpki-roots dependency with rustls-platform-verifier to enable impit to rely on the operating system's trust store. ---------

• Custom fingerprint support (#366)

  • Extracts all fingerprinting logic (from e.g. the rustls patch) to impit. Prepares the codebase for new, non-hardcoded browser fingerprints. Related to #99

• Add more Chrome and Firefox fingerprints (#367)

  • Adds more browser fingerprints and passes these to the Node.JS and Python bindings.