Node.js/TypeScript HTTP client with browser TLS fingerprint impersonation (JA3/JA4). Bypass Cloudflare, DataDome, and other anti-bot TLS fingerprinting. Rust-powered via wreq.
- Bypass anti-bot TLS detection (Cloudflare, DataDome, Akamai, etc.)
- Native Rust performance (no browser/process spawning)
- Real browser TLS fingerprints (JA3/JA4)
- HTTP/2 impersonation (SETTINGS/PRIORITY/header ordering)
- Multiple browser profiles (Chrome/Firefox/Safari/Edge/Opera/OkHttp)
fetch()-compatible API with sessions, cookies, and proxies- WebSocket support with fingerprint consistency
- Prebuilt native binaries for macOS/Linux/Windows
- TypeScript-first with generated definitions
| Library | Approach | Maintained | API | Performance | Fingerprint profiles |
|---|---|---|---|---|---|
| wreq-js | Rust native bindings (wreq) | Yes | fetch()-compatible, TypeScript-first |
Native Rust, no subprocess overhead | Built-in, kept current via wreq-util |
| CycleTLS | Go subprocess | Sporadic | Promise-based | IPC overhead (Go subprocess) | BYO (manual JA3 strings) |
| got-scraping | Pure JS header tweaking | Yes | got-based |
JS-only, no real TLS spoofing | N/A (header-level only) |
| node-tls-client | Go shared lib (bogdanfinn) | Sporadic | Custom | FFI overhead | Depends on upstream |
| curl-impersonate | Modified curl binary | Inactive (last release Mar 2024) | CLI/bindings | Subprocess | Stale |
All guides, concepts, and API reference live at:
(If you're looking for examples, sessions/cookies, proxy usage, streaming, WebSockets, or the full API surface - it's all there.)
npm install wreq-js
# or
yarn add wreq-js
pnpm add wreq-js
bun add wreq-jsPrebuilt binaries are provided for:
- macOS (Intel & Apple Silicon)
- Linux (x64 & ARM64, glibc & musl)
- Windows (x64)
If a prebuilt binary for your platform/commit is unavailable, the package will build from source (requires a Rust toolchain).
import { fetch } from 'wreq-js';
const res = await fetch('https://example.com/api', {
browser: 'chrome_142',
os: 'windows',
});
console.log(await res.json());For most real-world workloads, start with a session and reuse it across requests. This keeps TLS/cookies warm and avoids paying setup costs on every call.
import { createSession } from 'wreq-js';
const session = await createSession({ browser: 'chrome_142', os: 'windows' });
try {
const a = await session.fetch('https://example.com/a');
const b = await session.fetch('https://example.com/b');
console.log(a.status, b.status);
} finally {
await session.close();
}More session patterns: https://wreq.sqdsh.win
Use wreq-js when you need to make HTTP requests that pass Cloudflare, DataDome, or other anti-bot TLS fingerprinting checks without spinning up a real browser. It's a drop-in fetch() replacement that impersonates real browser TLS/HTTP2 fingerprints at the network level.
If you need DOM/JS execution, CAPTCHA solving, or full browser automation, use Playwright/Puppeteer instead.
See CONTRIBUTING.md.
This is a maintained fork of will-work-for-meal/node-wreq (originally named node-wreq), with ongoing updates, compatibility fixes, and performance work.