Ky
Tiny, elegant HTTP client built on the Fetch API for browsers and Node.js 18+. Ky adds retry logic, timeout, JSON convenience methods, hooks (beforeRequest, afterResponse), error handling for 4xx/5xx, and status-based error throwing on top of native fetch — all in ~2KB. The modern, fetch-native alternative to axios for applications targeting modern browsers and Node.js 18+.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Built on native fetch — inherits browser/Node.js TLS security. Tiny codebase reduces attack surface. No dependencies beyond native fetch. HTTPS enforced by default.
⚡ Reliability
Best When
You're targeting modern browsers or Node.js 18+ and want a lightweight fetch wrapper with retry, hooks, and error handling in ~2KB.
Avoid When
You need Node.js 14/16 support, complex stream handling, or advanced server-side HTTP features — use Got instead.
Use Cases
- • Make HTTP requests in modern browser-based agent apps with retry, timeout, and error handling without the axios bundle weight
- • Build Node.js 18+ agent HTTP clients where native fetch is available and you want automatic retry and error handling additions
- • Create pre-configured API clients using ky.extend() with base URL, headers, and hooks for consistent agent API interaction
- • Add request/response hooks to existing fetch-based code without rewriting — ky hooks add auth injection and logging transparently
- • Handle 4xx/5xx HTTP errors automatically (ky throws on non-2xx) without manual response.ok checks in every agent request
Not For
- • Node.js < 18 — Ky requires native fetch (Node.js 18+); use Got or axios for older Node.js
- • Complex server-side HTTP needs — Got has more features for Node.js-specific requirements (streams, pagination, proxy)
- • Environments without fetch — if you're polyfilling fetch, Got or axios with explicit XMLHttpRequest support may be more reliable
Interface
Authentication
No built-in auth — HTTP client. Use hooks.beforeRequest to inject auth headers consistently across all requests.
Pricing
Ky is open source and free.
Agent Metadata
Known Gotchas
- ⚠ Ky is ESM-only — require('ky') fails in CommonJS; bundlers handle this but pure CJS Node.js scripts need dynamic import() or switch to Got
- ⚠ Timeout is per-request total, not per-retry — if retry.limit is 3 and timeout is 5s, each retry attempt gets a fresh 5s timeout, not 5s/3 retries
- ⚠ ky.extend() creates a new instance — mutations to the original instance after extend() don't affect the extended instance
- ⚠ Error response body must be consumed — call await error.response.json() or await error.response.text() to get the error body; uncaught reads hang
- ⚠ Hooks afterResponse can modify the response — returning a new Response from afterResponse replaces the original; accidental returns can lose response data
- ⚠ ky has no streaming support — for large responses or file downloads, use native fetch or Got's stream interface
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Ky.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-07.