Got
Human-friendly and powerful HTTP client library for Node.js. Built on Node.js streams with automatic retry support, timeout handling, JSON parsing, hooks system, caching, and TypeScript support. Got v12+ is ESM-only, supporting modern JavaScript module systems. Offers a rich feature set over native fetch: automatic retry with backoff, request/response hooks for middleware patterns, pagination helpers, Unix domain socket support, and RFC-compliant redirect handling.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
TLS verification enabled by default. No auto-credential storage. Hook system allows secure credential injection. Redirect following is configurable to prevent SSRF-like redirect attacks.
⚡ Reliability
Best When
You're building Node.js applications or agents that make many outbound HTTP requests and need retry logic, streaming, pagination, or a hook-based middleware system.
Avoid When
You need browser/universal HTTP (use axios), are on CJS without ESM support (use axios or node-fetch v2), or need only basic fetch functionality (use native fetch).
Use Cases
- • Make HTTP API calls from Node.js with automatic retry on network errors and configurable backoff using got.extend() configured instances
- • Stream large HTTP responses directly to disk or other streams without buffering entire responses in memory
- • Build robust HTTP client wrappers with got.extend() to add authentication headers, base URLs, and request interceptors
- • Implement pagination over REST APIs using Got's got.paginate() helper that handles cursor/page-based pagination
- • Make authenticated API calls with automatic token refresh via Got's hooks (beforeRequest, afterResponse) for middleware patterns
Not For
- • Browser-side HTTP — Got is Node.js only; use native fetch or axios for browser/universal code
- • Simple one-off requests where native fetch suffices — if you're on Node 18+, built-in fetch is adequate for basic use cases
- • CommonJS projects requiring CJS imports — Got v12+ is ESM-only; use axios or node-fetch v2 for CJS
Interface
Authentication
No built-in auth — configure via headers option or beforeRequest hooks. Got instances can be extended with default auth headers. Supports all auth schemes via header configuration.
Pricing
Fully free and open source, MIT licensed.
Agent Metadata
Known Gotchas
- ⚠ Got v12+ is ESM-only — cannot be require()'d in CommonJS modules; must use dynamic import() or migrate to ESM, or use Got v11 for CJS compatibility
- ⚠ got.extend() creates a new instance with merged defaults — use this pattern for configuring base URLs and auth headers; don't pass options object to every call
- ⚠ Automatic retry is enabled by default for network errors — set retry: { limit: 0 } to disable if calling non-idempotent endpoints where retrying could cause duplicate operations
- ⚠ Streams and JSON response parsing are mutually exclusive — use responseType: 'json' for JSON or got.stream() for streaming, not both
- ⚠ Timeout option has separate fields for connect, send, response — 'timeout: 5000' sets all; set individually with timeout: { connect: 1000, response: 30000 } for fine-grained control
- ⚠ Got hooks (beforeRequest, afterResponse) run in registration order — when multiple hooks modify request/response, order matters; use hook index carefully
Alternatives
Full Evaluation Report
Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Got.
Scores are editorial opinions as of 2026-03-06.