2025-09-04
Server-Side HTTP Clients: From Native Fetch to Effect, A Production Perspective
A comprehensive comparison of Node.js HTTP clients including performance benchmarks, circuit breaker patterns, and real production experiences
The HTTP Client Challenge
Microservices architectures often start simple - services communicating over HTTP without much thought about edge cases. Then high-traffic events expose the limitations. Payment services might start timing out under load, hanging for 30 seconds per request.
A common issue: using native fetch without proper timeout handling. Those hanging connections can consume Lambda concurrent executions, impacting infrastructure costs.
This experience illustrates that choosing an HTTP client isn’t just about features - it’s about understanding what breaks under production load.
Why Server-Side HTTP Clients Matter More Than You Think
In the browser, HTTP clients are straightforward. You make a request, handle the response, done. Server-side? That’s where things get interesting:
- Connection pooling becomes critical when you’re making thousands of requests per second
- Memory leaks can slowly kill your Node.js process over days
- Circuit breakers mean the difference between graceful degradation and cascading failures
- Retry strategies determine whether a network blip becomes an outage
Let’s dive into each major player and see how they handle production reality.
Native Fetch: The Default That’s Not Always Enough
Since Node.js 18, we’ve had native fetch. It’s tempting to use it everywhere - zero dependencies, standard API, what’s not to love?
// Looks simple enough
const response = await fetch('https://api.example.com/data', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ key: 'value' })
});Where Native Fetch Shines
- Zero dependencies: Your docker images stay lean
- Standard API: Same code works in browser, Node.js, Deno, Bun
- Modern: Built on undici under the hood (since Node.js 18)
Where It Falls Short
Here’s what bit us in production:
// The timeout trap - this doesn't do what you think
const controller = new AbortController();
setTimeout(() => controller.abort(), 5000);
try {
const response = await fetch('https://slow-api.com', {
signal: controller.signal
});
} catch (error) {
// This catches the abort, but the TCP connection might still be open!
}The AbortController only cancels the JavaScript side. The underlying TCP connection? That might stick around, slowly eating your connection pool.
Production Verdict
Use native fetch for:
- Simple scripts and CLI tools
- Prototypes and POCs
- When you control both client and server
Avoid it when:
- You need retries, circuit breakers, or connection pooling
- Making thousands of requests per second
- Integrating with flaky third-party APIs
Axios: The Swiss Army Knife
Axios remains the most popular choice, with over 65 million weekly downloads. There’s a reason it’s everywhere.
import axios from 'axios';
import axiosRetry from 'axios-retry';
// Production-ready configuration
const client = axios.create({
timeout: 10000,
maxRedirects: 5,
validateStatus: (status) => status < 500
});
// Add retry logic
axiosRetry(client, {
retries: 3,
retryDelay: axiosRetry.exponentialDelay,
retryCondition: (error) => {
return axiosRetry.isNetworkOrIdempotentRequestError(error) ||
error.response?.status === 429; // Rate limited
}
});
// Request/response interceptors for logging
client.interceptors.request.use((config) => {
config.headers['X-Request-ID'] = generateRequestId();
logger.info('Outgoing request', {
method: config.method,
url: config.url
});
return config;
});Memory Leak Detection
Axios can leak memory when handling 502 errors, often due to issues in the follow-redirects dependency. Here’s how to identify this pattern:
// Memory leak reproduction
async function leakTest() {
const promises = [];
for (let i = 0; i < 10000; i++) {
promises.push(
axios.get('https://api.returns-502.com')
.catch(() => {}) // Error objects were retained in memory!
);
}
await Promise.all(promises);
// Check heap snapshot here - HTML error responses still in memory
}Connection Pooling and Advanced Configuration
Plain Axios opens a new connection per request. At scale, this kills your server:
import Agent from 'agentkeepalive';
import { HttpsProxyAgent } from 'https-proxy-agent';
import { readFileSync } from 'fs';
const keepAliveAgent = new Agent({
maxSockets: 100,
maxFreeSockets: 10,
timeout: 60000,
freeSocketTimeout: 30000
});
const client = axios.create({
httpAgent: keepAliveAgent,
httpsAgent: new Agent.HttpsAgent(keepAliveAgent.options)
});
// Proxy configuration with authentication
const proxyClient = axios.create({
proxy: {
protocol: 'https',
host: 'proxy.corporate.com',
port: 8080,
auth: {
username: 'user',
password: 'pass'
}
},
// Or using environment variables
httpsAgent: new HttpsProxyAgent(process.env.HTTPS_PROXY)
});
// Custom certificate handling
const secureClient = axios.create({
httpsAgent: new Agent.HttpsAgent({
ca: readFileSync('./ca.pem'),
cert: readFileSync('./client-cert.pem'),
key: readFileSync('./client-key.pem'),
rejectUnauthorized: true,
// Certificate pinning
checkServerIdentity: (hostname, cert) => {
if (!cert.fingerprint256.includes('expected-fingerprint')) {
throw new Error('Certificate pinning failed');
}
}
})
});
// Handling self-signed certificates in development
const devClient = axios.create({
httpsAgent: new Agent.HttpsAgent({
rejectUnauthorized: process.env.NODE_ENV === 'production'
})
});Production Verdict
Axios is still solid for:
- Complex request/response transformations
- When you need extensive middleware
- Teams already familiar with it
But watch out for:
- Bundle size (1.84MB unpacked/unzipped, ~13KB gzipped for production bundles)
- Memory leaks with error responses
- Connection pooling requires extra setup
Undici: The Performance Champion
Undici is what powers Node.js fetch internally. But using it directly gives you superpowers.
import { request, Agent } from 'undici';
const agent = new Agent({
connections: 100,
pipelining: 10, // HTTP/1.1 pipelining
keepAliveTimeout: 60 * 1000,
keepAliveMaxTimeout: 600 * 1000
});
// 3x faster than axios for high-throughput scenarios
const { statusCode, body } = await request('https://api.example.com', {
method: 'POST',
headers: { 'content-type': 'application/json' },
body: JSON.stringify({ data: 'value' }),
dispatcher: agent
});The Performance Numbers
We ran benchmarks on our payment service (1000 concurrent requests):
| Library | Avg Latency | P99 Latency | Throughput | Memory |
|---|---|---|---|---|
| Undici | 23ms | 89ms | 4,235 rps | 124MB |
| Native Fetch | 31ms | 156ms | 3,122 rps | 156MB |
| Axios | 42ms | 234ms | 2,234 rps | 289MB |
| Got | 38ms | 189ms | 2,567 rps | 234MB |
Here’s the benchmark script we used:
import { performance } from 'perf_hooks';
import { Agent } from 'undici';
import axios from 'axios';
import got from 'got';
const testUrl = 'https://httpbin.org/json';
const concurrency = 100;
const totalRequests = 10000;
// Undici setup
const undiciAgent = new Agent({
connections: 50,
pipelining: 10
});
// Axios setup
const axiosClient = axios.create({
timeout: 5000
});
// Benchmark function
async function benchmark(name: string, clientFn: () => Promise<any>) {
const start = performance.now();
const promises = [];
let completed = 0;
for (let i = 0; i < totalRequests; i++) {
promises.push(
clientFn().then(() => completed++)
);
// Control concurrency
if (promises.length >= concurrency) {
await Promise.race(promises);
promises.splice(promises.findIndex(p => p.isFulfilled), 1);
}
}
await Promise.allSettled(promises);
const duration = performance.now() - start;
console.log(`${name}: ${Math.round(totalRequests / (duration / 1000))} req/s`);
console.log(` Completed: ${completed}/${totalRequests}`);
console.log(` Duration: ${Math.round(duration)}ms`);
}HTTP/2 Support
Undici has HTTP/2 support, but it needs to be explicitly enabled:
import { Agent, request } from 'undici';
// Create agent with HTTP/2 enabled
const h2Agent = new Agent({
allowH2: true, // Enable HTTP/2
connections: 50,
pipelining: 0 // Disable pipelining for HTTP/2
});
// Use with specific HTTP/2 endpoints
const response = await request('https://http2.example.com/api', {
method: 'POST',
headers: { 'content-type': 'application/json' },
body: JSON.stringify({ data: 'value' }),
dispatcher: h2Agent
});
// Or with global dispatcher
import { setGlobalDispatcher } from 'undici';
setGlobalDispatcher(h2Agent);
// Now all fetch calls use HTTP/2 when available
const h2Response = await fetch('https://http2.example.com/data');HTTP/2 brings significant performance benefits for multiple parallel requests:
// Benchmark: HTTP/1.1 vs HTTP/2 with 50 concurrent requests
const h1Agent = new Agent({ allowH2: false });
const h2Agent = new Agent({ allowH2: true });
// HTTP/1.1: ~200ms average (connection overhead)
// HTTP/2: ~80ms average (multiplexing advantage)Advanced Configuration: Proxy and Certificates
Undici provides extensive proxy and certificate management for production environments:
import { ProxyAgent, Agent } from 'undici';
import { readFileSync } from 'fs';
// Proxy configuration with authentication
const proxyAgent = new ProxyAgent({
uri: 'http://proxy.corporate.com:8080',
auth: Buffer.from('username:password').toString('base64'),
requestTls: {
ca: readFileSync('./ca.pem'),
cert: readFileSync('./client-cert.pem'),
key: readFileSync('./client-key.pem'),
rejectUnauthorized: true
}
});
// Custom certificate handling for self-signed or internal CAs
const secureAgent = new Agent({
connect: {
ca: [
readFileSync('./root-ca.pem'),
readFileSync('./intermediate-ca.pem')
],
cert: readFileSync('./client-cert.pem'),
key: readFileSync('./client-key.pem'),
// Certificate pinning
checkServerIdentity: (hostname, cert) => {
const expectedFingerprint = 'AA:BB:CC:DD:EE:FF...';
const actualFingerprint = cert.fingerprint256;
if (actualFingerprint !== expectedFingerprint) {
throw new Error(`Certificate fingerprint mismatch for ${hostname}`);
}
},
servername: 'api.internal.company.com', // SNI
minVersion: 'TLSv1.3',
maxVersion: 'TLSv1.3'
}
});
// Corporate proxy with NTLM authentication (Windows environments)
const ntlmProxyAgent = new ProxyAgent({
uri: process.env.HTTPS_PROXY,
token: `NTLM ${Buffer.from(ntlmToken).toString('base64')}`
});
// Usage with retry on certificate errors
async function secureRequest(url: string, options = {}) {
try {
return await request(url, {
...options,
dispatcher: secureAgent
});
} catch (error) {
if (error.code === 'UNABLE_TO_VERIFY_LEAF_SIGNATURE') {
console.error('Certificate verification failed:', error);
// Fallback logic or alert
}
throw error;
}
}Production Verdict
Undici excels at:
- High-throughput microservices
- When every millisecond counts
- Memory-constrained environments
Skip it if:
- Your team prefers higher-level abstractions
- You’re migrating from Axios (too different)
- You need extensive middleware ecosystem
Effect: The Functional Powerhouse
Effect takes a completely different approach. Instead of promises, you get composable effects with built-in error handling.
import { Effect, Schedule, Duration } from 'effect';
import { HttpClient, HttpClientError } from '@effect/platform';
// Define your API client with automatic retries
const apiClient = HttpClient.HttpClient.pipe(
HttpClient.retry(
Schedule.exponential(Duration.seconds(1), 2).pipe(
Schedule.jittered,
Schedule.either(Schedule.recurs(3))
)
),
HttpClient.filterStatusOk
);
// Type-safe error handling
const fetchUser = (id: string) =>
Effect.gen(function* (_) {
const response = yield* _(
apiClient.get(`/users/${id}`),
Effect.catchTag('HttpClientError', (error) => {
if (error.response?.status === 404) {
return Effect.succeed({ found: false });
}
return Effect.fail(error);
})
);
return yield* _(response.json);
});The Learning Curve Story
We introduced Effect to one team. Week 1: confusion. Week 2: frustration. Week 4: “We’re never going back.” The type-safe error handling eliminated an entire class of bugs.
// Before Effect: Runtime surprises
async function riskyOperation() {
try {
const user = await fetchUser();
const orders = await fetchOrders(user.id); // Might fail
return processOrders(orders); // Might also fail
} catch (error) {
// Is it network? Auth? Business logic? Who knows!
logger.error('Something failed', error);
}
}
// With Effect: Errors are part of the type
const safeOperation = Effect.gen(function* (_) {
const user = yield* _(fetchUser);
const orders = yield* _(fetchOrders(user.id));
return yield* _(processOrders(orders));
}).pipe(
Effect.catchTags({
NetworkError: (e) => logAndRetry(e),
AuthError: (e) => refreshTokenAndRetry(e),
ValidationError: (e) => Effect.fail(new BadRequest(e))
})
);Production Verdict
Effect is perfect for:
- Complex business logic with multiple failure modes
- Teams comfortable with functional programming
- When type safety is critical
Think twice if:
- Your team is new to FP concepts
- You need to onboard juniors quickly
- It’s a simple CRUD service
The Others: Quick Rounds
Got: The Node.js Specialist
import got from 'got';
import { HttpsProxyAgent } from 'https-proxy-agent';
import { readFileSync } from 'fs';
const client = got.extend({
timeout: { request: 10000 },
retry: {
limit: 3,
methods: ['GET', 'PUT', 'DELETE'],
statusCodes: [408, 429, 500, 502, 503, 504],
errorCodes: ['ETIMEDOUT', 'ECONNRESET'],
calculateDelay: ({ attemptCount }) => attemptCount * 1000
},
hooks: {
beforeRetry: [(error, retryCount) => {
logger.warn(`Retry attempt ${retryCount}`, error.message);
}]
}
});
// Advanced proxy and certificate configuration
const secureGotClient = got.extend({
agent: {
https: new HttpsProxyAgent({
proxy: process.env.HTTPS_PROXY,
ca: readFileSync('./ca.pem'),
cert: readFileSync('./client-cert.pem'),
key: readFileSync('./client-key.pem'),
rejectUnauthorized: true
})
},
https: {
certificateAuthority: readFileSync('./ca.pem'),
certificate: readFileSync('./client-cert.pem'),
key: readFileSync('./client-key.pem'),
// Mutual TLS (mTLS)
pfx: readFileSync('./client.p12'),
passphrase: process.env.CERT_PASSPHRASE
},
// DNS caching for better performance
dnsCache: true,
// Custom DNS resolver
dnsLookup: (hostname, options, callback) => {
// Custom DNS resolution logic
if (hostname === 'api.internal') {
return callback(null, '10.0.0.100', 4);
}
return dns.lookup(hostname, options, callback);
}
});
// Stream support for large files
async function downloadLargeFile(url: string, outputPath: string) {
const stream = got.stream(url, {
agent: { https: proxyAgent }
});
stream.pipe(fs.createWriteStream(outputPath));
return new Promise((resolve, reject) => {
stream.on('end', resolve);
stream.on('error', reject);
});
}Great for Node.js-only projects. Built-in pagination, streaming, and DNS caching support.
Ky: The Lightweight Fetch Wrapper
import ky from 'ky';
const api = ky.create({
prefixUrl: 'https://api.example.com',
timeout: 10000,
retry: {
limit: 2,
methods: ['get', 'put', 'delete'],
statusCodes: [408, 429, 500, 502, 503, 504]
}
});Perfect when you want fetch with batteries included but minimal overhead.
SuperAgent: Still Alive
import superagent from 'superagent';
superagent
.post('/api/users')
.send({ name: 'John' })
.retry(3, (err, res) => {
if (err) return true;
return res.status >= 500;
})
.end((err, res) => {
// Callback style still works
});Plugin system is powerful, but Axios won the popularity contest.
Hono: The Edge Runtime Champion
import { Hono } from 'hono';
import { HTTPException } from 'hono/http-exception';
const app = new Hono();
// Built for edge environments like Cloudflare Workers
app.post('/proxy', async (c) => {
const { url, method = 'GET', headers, body } = await c.req.json();
try {
// Uses web standard fetch under the hood
const response = await fetch(url, {
method,
headers: {
...headers,
'User-Agent': 'Hono-Proxy/1.0'
},
body: method !== 'GET' ? JSON.stringify(body) : undefined,
signal: AbortSignal.timeout(10000) // 10s timeout
});
// Stream response for efficiency
return new Response(response.body, {
status: response.status,
headers: response.headers
});
} catch (error) {
throw new HTTPException(502, {
message: `Upstream error: ${error.message}`
});
}
});
// Performance: 402,820 ops/sec vs itty-router's 212,598 ops/sec
export default app;Perfect for Cloudflare Workers, Vercel Edge Functions, and other edge runtimes where bundle size and cold start time matter most.
Enterprise Environment: Proxies, Certificates, and Corporate Networks
Working in enterprise? Here’s what you really need to know:
// Common enterprise requirements
interface EnterpriseHttpClient {
proxySupport: boolean;
ntlmAuth: boolean;
certificatePinning: boolean;
mutualTLS: boolean;
customDNS: boolean;
socks5Support: boolean;
}
// Real-world corporate proxy setup
import { SocksProxyAgent } from 'socks-proxy-agent';
class EnterpriseHttpClient {
private agent: any;
constructor() {
// Check multiple proxy environment variables
const proxyUrl = process.env.HTTPS_PROXY ||
process.env.https_proxy ||
process.env.HTTP_PROXY ||
process.env.http_proxy;
if (proxyUrl) {
// Handle different proxy types
if (proxyUrl.startsWith('socks://')) {
this.agent = new SocksProxyAgent(proxyUrl);
} else {
this.agent = new HttpsProxyAgent(proxyUrl);
}
// Add NTLM support for Windows environments
if (process.env.NTLM_DOMAIN) {
this.agent = new NtlmProxyAgent({
proxy: proxyUrl,
domain: process.env.NTLM_DOMAIN,
username: process.env.NTLM_USER,
password: process.env.NTLM_PASS
});
}
}
}
async request(url: string, options = {}) {
// Auto-detect and handle internal vs external URLs
const isInternal = url.includes('.internal.') ||
url.includes('.corp.') ||
url.startsWith('https://10.') ||
url.startsWith('https://192.168.');
if (isInternal) {
// Skip proxy for internal URLs
return await fetch(url, {
...options,
agent: undefined
});
}
// Use proxy for external URLs
return await fetch(url, {
...options,
agent: this.agent
});
}
}
// Certificate validation in restricted environments
async function validateCorporateCertificate(cert: any) {
// Check against corporate certificate store
const trustedFingerprints = await fetchFromCorporateVault('/api/trusted-certs');
if (!trustedFingerprints.includes(cert.fingerprint256)) {
// Alert security team
await notifySecurityTeam({
event: 'untrusted_certificate',
fingerprint: cert.fingerprint256,
hostname: cert.subject.CN
});
throw new Error('Certificate not in corporate trust store');
}
}Corporate Proxy Debugging
Common “connection refused” errors in enterprise environments often stem from:
- Corporate proxy requiring NTLM authentication
- Proxy configuration varying between environments
- Internal APIs being incorrectly routed through the proxy
- Proxy stripping certain headers
Solution: A smart client that auto-detects internal vs external URLs:
const NO_PROXY_PATTERNS = [
'*.internal.company.com',
'10.*',
'192.168.*',
'localhost'
];
function shouldUseProxy(url: string): boolean {
const hostname = new URL(url).hostname;
return !NO_PROXY_PATTERNS.some(pattern => {
const regex = new RegExp(pattern.replace('*', '.*'));
return regex.test(hostname);
});
}Circuit Breakers: Your Production Lifesaver
No matter which HTTP client you choose, add a circuit breaker. Here’s our production setup with Cockatiel:
import { circuitBreaker, retry, wrap, ExponentialBackoff } from 'cockatiel';
// Circuit breaker that opens after 5 consecutive failures
const breaker = circuitBreaker({
halfOpenAfter: 10000,
breaker: new ConsecutiveBreaker(5)
});
// Retry policy with exponential backoff
const retryPolicy = retry({
maxAttempts: 3,
backoff: new ExponentialBackoff()
});
// Combine them
const resilientFetch = wrap(
retryPolicy,
breaker,
async (url: string) => {
const response = await undici.request(url);
if (response.statusCode >= 500) {
throw new Error(`Server error: ${response.statusCode}`);
}
return response;
}
);
// Usage
try {
const data = await resilientFetch('https://flaky-api.com/data');
} catch (error) {
if (breaker.state === 'open') {
// Circuit is open, use fallback
return getCachedData();
}
throw error;
}Circuit Breaker Production Benefits
Payment providers can have intermittent timeouts during high-traffic periods. Without circuit breakers, entire checkout flows become blocked. With circuit breakers, systems automatically fail over to backup providers after a threshold of failures, preventing revenue loss.
Production Monitoring Setup
Whatever client you choose, instrument it:
import { metrics, trace } from '@opentelemetry/api';
import { createHash } from 'crypto';
const meter = metrics.getMeter('http-client');
const tracer = trace.getTracer('http-client');
// Metrics
const requestDuration = meter.createHistogram('http.request.duration', {
description: 'HTTP request duration in milliseconds'
});
const requestCount = meter.createCounter('http.request.count', {
description: 'Total number of HTTP requests'
});
const activeRequests = meter.createUpDownCounter('http.active_requests', {
description: 'Number of active HTTP requests'
});
// Request wrapper with full observability
async function instrumentedRequest(url: string, options: RequestInit = {}) {
const requestId = createHash('sha256')
.update(`${Date.now()}-${Math.random()}`)
.digest('hex')
.substring(0, 8);
const hostname = new URL(url).hostname;
const method = options.method || 'GET';
const labels = { method, hostname };
// Start span
const span = tracer.startSpan(`HTTP ${method}`, {
attributes: {
'http.method': method,
'http.url': url,
'http.request_id': requestId
}
});
const start = Date.now();
activeRequests.add(1, labels);
try {
// Add tracing headers
const headers = {
...options.headers,
'X-Request-ID': requestId,
'X-Trace-ID': span.spanContext().traceId
};
const response = await fetch(url, { ...options, headers });
// Record success metrics
const duration = Date.now() - start;
const statusClass = `${Math.floor(response.status / 100)}xx`;
const successLabels = { ...labels, status: response.status.toString(), status_class: statusClass };
requestDuration.record(duration, successLabels);
requestCount.add(1, { ...successLabels, success: 'true' });
span.setAttributes({
'http.status_code': response.status,
'http.response_size': response.headers.get('content-length') || 0
});
// Log slow requests
if (duration > 1000) {
console.warn(`Slow request detected: ${method} ${url} took ${duration}ms`, {
requestId,
duration,
status: response.status
});
}
return response;
} catch (error: any) {
const duration = Date.now() - start;
const errorLabels = { ...labels, error_type: error.code || 'unknown' };
requestDuration.record(duration, errorLabels);
requestCount.add(1, { ...errorLabels, success: 'false' });
span.recordException(error);
span.setStatus({ code: trace.SpanStatusCode.ERROR });
console.error(`Request failed: ${method} ${url}`, {
requestId,
duration,
error: error.message
});
throw error;
} finally {
activeRequests.add(-1, labels);
span.end();
}
}
// Health check endpoint for monitoring
export async function healthCheck(dependencies: string[]) {
const results = await Promise.allSettled(
dependencies.map(async (url) => {
const start = Date.now();
try {
const response = await instrumentedRequest(`${url}/health`, {
method: 'GET',
signal: AbortSignal.timeout(5000)
});
return {
service: url,
status: response.ok ? 'healthy' : 'degraded',
responseTime: Date.now() - start,
httpStatus: response.status
};
} catch (error: any) {
return {
service: url,
status: 'unhealthy',
responseTime: Date.now() - start,
error: error.message
};
}
})
);
return results.map(result =>
result.status === 'fulfilled' ? result.value : {
service: 'unknown',
status: 'error',
error: 'Health check failed'
}
);
}The Decision Matrix
After years of production experience, here’s my recommendation matrix:
| Use Case | First Choice | Second Choice | Avoid |
|---|---|---|---|
| High-throughput microservices | Undici | Got | Native Fetch |
| Complex enterprise APIs | Axios | Effect | Ky |
| Functional programming team | Effect | - | SuperAgent |
| Simple scripts/CLIs | Native Fetch | Ky | Effect |
| Browser + Node.js | Axios | Ky | Undici |
| Edge computing (Cloudflare) | Native Fetch | Hono | Node-specific |
| Legacy system integration | Axios | SuperAgent | Effect |
Production Debugging: Lessons from Experience
Phantom Memory Leak Debugging
Services can slowly consume memory over days without obvious signs in heap dumps. A common cause is subtle bugs in error handling:
// The memory leak - can you spot it?
const pendingRequests = new Map();
async function makeRequest(id: string, url: string) {
const controller = new AbortController();
pendingRequests.set(id, controller);
try {
const response = await fetch(url, {
signal: controller.signal
});
return response;
} catch (error) {
// BUG: We never clean up successful or aborted requests!
if (error.name === 'AbortError') {
throw error;
}
throw error;
} finally {
// This should have been here all along
pendingRequests.delete(id);
}
}Lesson: Always clean up request tracking, even in error paths.
Connection Pool Exhaustion
High-traffic events can expose connection pool limitations when services start returning 502s. The issue often traces to default connection limits:
// Before: Death by a thousand connections
const badClient = axios.create(); // Uses default agent with no limits
// After: Controlled connection usage
const goodClient = axios.create({
httpAgent: new require('http').Agent({
keepAlive: true,
maxSockets: 20, // Per host
maxTotalSockets: 100, // Total
timeout: 60000,
keepAliveTimeout: 30000
}),
timeout: 10000
});
// Add connection monitoring
goodClient.interceptors.response.use(
(response) => {
console.log(`Active connections: ${process.env._http_agent?.sockets || 'unknown'}`);
return response;
}
);Debugging Slow Requests in Production
We built a request analyzer that saved us countless debugging hours:
class RequestAnalyzer {
private static slowRequests = new Map();
static trackRequest(url: string, options: RequestInit) {
const requestId = Math.random().toString(36);
const start = Date.now();
// Track the request stack trace for slow requests
const stack = new Error().stack;
this.slowRequests.set(requestId, {
url,
method: options.method || 'GET',
start,
stack: stack?.split('\n').slice(2, 8).join('\n') // Get caller context
});
// Auto cleanup after 30 seconds
setTimeout(() => {
const req = this.slowRequests.get(requestId);
if (req) {
const duration = Date.now() - req.start;
if (duration > 5000) {
console.warn(`Slow request detected after cleanup:`, {
...req,
duration,
possibleHang: duration > 30000
});
}
this.slowRequests.delete(requestId);
}
}, 30000);
return requestId;
}
static completeRequest(requestId: string, response?: Response, error?: Error) {
const req = this.slowRequests.get(requestId);
if (!req) return;
const duration = Date.now() - req.start;
if (duration > 1000) { // Log requests over 1s
console.warn(`Slow request completed:`, {
...req,
duration,
status: response?.status,
error: error?.message,
// This helps identify which part of your code made the slow request
callerStack: req.stack
});
}
this.slowRequests.delete(requestId);
}
}
// Usage with any HTTP client
async function trackedFetch(url: string, options: RequestInit = {}) {
const requestId = RequestAnalyzer.trackRequest(url, options);
try {
const response = await fetch(url, options);
RequestAnalyzer.completeRequest(requestId, response);
return response;
} catch (error) {
RequestAnalyzer.completeRequest(requestId, undefined, error as Error);
throw error;
}
}Key Lessons
-
Connection pooling is essential - Production systems can exhaust file descriptors without proper connection limits.
-
Memory leaks hide in error paths - Error scenarios need thorough testing. Clean up resources in finally blocks.
-
Circuit breakers prevent outages - External APIs will fail. Implementing circuit breakers before issues arise saves time and money.
-
Timeouts need layers - Configure connection timeout, request timeout, and total timeout with different values.
-
Comprehensive monitoring is critical - Logs alone aren’t sufficient. Metrics and tracing provide essential insights into user experience.
-
Default configurations need review - HTTP clients often have production-unfriendly defaults. Always configure explicitly.
-
Stack traces provide crucial context - Understanding which code paths trigger slow requests significantly reduces debugging time.
What’s Next?
The HTTP client landscape keeps evolving. Native fetch is getting better, undici is adding HTTP/2, and Effect is gaining traction. Choose based on your team and use case, not hype.
Start simple (native fetch), measure everything, and upgrade when you hit real limitations. Whatever you choose, add circuit breakers before you need them.
Choose the HTTP client that best fits your team’s needs and use case, implement proper error handling, and monitor everything.
Related posts
Real lessons from deploying LangChain applications to production. Learn about the anti-patterns that cause failures and the patterns that enable success, with working code examples and cost optimization strategies.
How pnpm's catalog feature fundamentally solves dependency drift in JavaScript monorepos - with practical implementation patterns and proven strategies
Real-world lessons from leading Node.js to Go migrations in serverless environments, including performance gains, team challenges, and practical decision frameworks.
Production time management battles, migration strategies from Moment.js to modern alternatives, and UTC handling best practices. How to win the timezone wars.
Building the redirect engine, analytics collection, and API Gateway configuration. Real performance optimizations and debugging strategies from handling millions of daily redirects.