node-fetch

A light-weight module that brings the browser's Fetch API to Node.js. Implements the WHATWG Fetch specification so browser-written fetch() code runs unchanged in Node.js. Note: Node.js 18+ includes native global fetch() — node-fetch is primarily useful for Node.js 16 and below, or when you need the exact WHATWG Fetch behavior with additional options. v3 is ESM-only; v2 supports CommonJS.

Evaluated Mar 06, 2026 (0d ago) v3.x

Homepage ↗ Repo ↗ Developer Tools http fetch node browser-compatible whatwg streams typescript

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

100

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

TLS verification enabled by default. No credential management. Redirect following is automatic — agents must handle redirect policy for SSRF prevention.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You need the browser-compatible fetch API on Node.js 16 and earlier, or need CommonJS-compatible fetch via v2.

Avoid When

You're on Node.js 18+ where native fetch is available, or need advanced features like retry, pagination, or hooks — use Got or axios instead.

Use Cases

• Polyfill browser fetch() API in Node.js 16 and earlier applications where native fetch is not available
• Port browser-side fetch code to Node.js servers with minimal changes to maintain isomorphic code patterns
• Make HTTP requests in environments that don't yet have native fetch with browser-compatible API
• Use as the underlying HTTP client for libraries requiring fetch-compatible API on Node.js
• CJS Node.js projects needing fetch API: use node-fetch v2 which supports require() unlike the native Fetch polyfills

Not For

• Node.js 18+ — use native global fetch() instead; node-fetch adds unnecessary dependency
• Complex HTTP scenarios with retry/streaming — use Got or axios for richer feature sets
• High-performance production HTTP — undici (which powers native Node.js fetch) is faster

Interface

REST API

GraphQL

gRPC

MCP Server

SDK

Yes

Webhooks

Authentication

Methods: none

OAuth: No Scopes: No

No built-in auth — configure via headers option same as browser fetch. All auth schemes supported via headers.

Pricing

Model: open_source

Free tier: Yes

Requires CC: No

Fully free and open source, MIT licensed.

Agent Metadata

Pagination

none

Idempotent

Full

Retry Guidance

Not documented

Known Gotchas

⚠ node-fetch v3 is ESM-only — cannot require() it in CJS; use v2 for CommonJS or migrate to ESM; Node.js 18+ has native fetch making v3 mostly redundant
⚠ Non-2xx responses do NOT throw — must check response.ok or response.status; this is browser-compatible behavior but surprises developers expecting automatic error throwing
⚠ Response body can only be consumed once — calling response.json() then response.text() on same response throws; clone() the response if you need to consume body multiple times
⚠ Redirects are followed automatically by default — use redirect: 'manual' or 'error' to control redirect behavior, especially important for agent SSRF prevention
⚠ Timeout is not built-in (unlike Got) — must use AbortController with setTimeout to implement request timeouts; easy to accidentally create hanging requests
⚠ On Node.js 18+, native fetch is available globally — adding node-fetch as a dependency adds bundle weight for no benefit; prefer native fetch on modern Node.js

Alternatives

got-api axios-api undici-api

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for node-fetch.

$99

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.