Package detail

@orangeopensource/hurl

Orange-OpenSource10.1kApache-2.06.1.1

Run and Test HTTP Requests with plain text and curl

cli, http, curl, integration-testing, http-client, testing-tools, api-testing

readme

Hurl

Hurl is a command line tool written in Rust that runs HTTP requests defined in a simple plain text format.

The @orangeopensource/hurl package allows JavaScript developers to use Hurl in npm scripts.

It can chain requests, capture values and evaluate queries on headers and body response. Hurl is very versatile, it can be used for fetching data and testing HTTP sessions: HTML content, REST / SOAP / GraphQL APIs, or any other XML / JSON based APIs.

# Get home:
GET https://example.net
HTTP 200
[Captures]
csrf_token: xpath "string(//meta[@name='_csrf_token']/@content)"


# Do login!
POST https://example.net/login?user=toto&password=1234
X-CSRF-TOKEN: {{csrf_token}}
HTTP 302

Hurl can run HTTP requests but can also be used to test HTTP responses. Different types of queries and predicates are supported, from XPath and JSONPath on body response, to assert on status code and response headers.

It is well adapted for REST / JSON APIs

POST https://example.org/api/tests
{
    "id": "4568",
    "evaluate": true
}
HTTP 200
[Asserts]
header "X-Frame-Options" == "SAMEORIGIN"
jsonpath "$.status" == "RUNNING"    # Check the status code
jsonpath "$.tests" count == 25      # Check the number of items
jsonpath "$.id" matches /\d{4}/     # Check the format of the id

HTML content

GET https://example.org
HTTP 200
[Asserts]
xpath "normalize-space(//head/title)" == "Hello world!"

GraphQL

POST https://example.org/graphql
```graphql
{
  human(id: "1000") {
    name
    height(unit: FOOT)
  }
}
```
HTTP 200

and even SOAP APIs

POST https://example.org/InStock
Content-Type: application/soap+xml; charset=utf-8
SOAPAction: "http://www.w3.org/2003/05/soap-envelope"
<?xml version="1.0" encoding="UTF-8"?>
<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:m="https://example.org">
  <soap:Header></soap:Header>
  <soap:Body>
    <m:GetStockPrice>
      <m:StockName>GOOG</m:StockName>
    </m:GetStockPrice>
  </soap:Body>
</soap:Envelope>
HTTP 200

Installation

npm install --save-dev @orangeopensource/hurl

This will download the appropriate Hurl binaries for your platform. hurlmft binary is also installed, which you can use for exporting Hurl files to JSON files.

Usage

In your package.json file:

{
  "name": "sample-app",
  "scripts": {
    "test": "hurl --test --glob test/*.hurl",
    ...
  },
  ...

Documentation

See https://hurl.dev

Samples

See https://hurl.dev/docs/samples.html

changelog

6.1.1 (2025-03-19)

Thanks to @lu-zero, @andrejohansson, @demostanis, @techfg,

Bugs Fixed:

Fix hurlfmt spacing #3839
Fix filename parsing #3848
Fix jsonpath array wildcard with missing attribute #3859 #3869
Fix predicate contains with none input #3868

6.1.0 (2025-03-12)

Thanks to @lilyhuang-github, @ashishajr, @kidbrax, @theoforger, @smokedlinq, @docwhat, @glb-cblin, @Enoz, @ikorason, @uday-rana, @lu-zero, @nghiab1906724, @overbyte,

Breaking Changes:

Remove deprecated predicates (notEquals, greaterThan etc...) in favor of operators #3532
Remove deprecated keyword HTTP/* for HTTP #3697

Enhancements:

Removed limitation for --cookie-jar to use only one hurl file #2537
Add HTTP version query #1706
Add curl -H/--header option to globally add headers to all requests #1905 #2144
Add toString Filter #2035 #3798
Add base64 decode filter #2145
Add base64 encode filter #2145
Redacts secrets from JUnit reports #2947 #2972
Redacts secrets from JSON report #2947 #2972
Redact secret in HTML report #2947 #2972
Redact secrets from curl export #2947 #2972
Redact secrets from cookies export #2947 #2972
Add IP address query #3106
Add isIpv4 / isIpv6 asserts on IP versions #3106
Allow sending empty HTTP header #3536
Redact dynamic values from logs #3543
Add header option per request #3575
Fix invalid escape in hurlfmt parse func #3615
hurlfmt: Use Hurl predicates identifiers for Hurl to JSON file export #3662
Add aarch64 deb package #3829

Bugs Fixed:

Fix missing request line errors in HTML report #3534
Eval template in JSON object key #3593
Show error message if format is invalid in format filter #3613
Create parent folders if missing when using --cookie-jar FILE #3637
Remove lint errors and Fix non-zero exit code in case of error #3648
Support BigInteger in variable #3656
fix hurlfmt html export loosing some whitespaces #3675
Fix template to source #3675
Fix changing HTTP version per request sometimes not effective #3719
Add bash file completion for hurl/hurlfmt #3750
Fix multilines HTML export #3768
Change parsing file content type in multipart form data #3796

Deprecations:

Deprecate includes in favor of contains predicate #1896
Warn for deprecated multilines string attributes #3622
Warn for --interactive deprecation #3763

6.0.0 (2024-12-03)

Thanks to @cemoktra, @zikani03, @lambrospetrou, @jmvargas, @quantonganh, @sandeshbhusal, @thePanz, @niklasweimann, @infogulch, @orlandow, @bp7968h,

Breaking Changes:

Check that variables do not conflict with existing functions #3229
Remove deprecated --fail-at-end option #3430
Change API for setting variable in hurl::runner::run #3440
Remove hurlfmt deprecated --format option #3445
Rename feature flag from vendored-openssl to static-openssl #3460

Enhancements:

Implement function newUuid #973
Implement --limit-rate from curl #1222
Add --curl option to export executed requests to curl commands #2679
Configure --connect-timeout per request #3163
Support short name for sections [QueryStringParams] => [Query], [FormParams] => [Form], [MultipartFormData] => [Multipart] #3238
Remove url-specific parser (align with grammar) #3244
Remove the crate float-cmp #3247
Jsonpath / Add filter on boolean value #3252
Jsonpath / Add non-equal filter on string and number value #3261
Add support for backtick strings in predicates values #3317
Categorise options in --help #3339
Support more JSON / XML "like" mimetypes with debug output #3343
Add curl debug command to --json and JSON report #3374
Add curl debug command to HTML report #3386
Render Date value #3431
Add newDate generator #3443

Bugs Fixed:

Fix reading standard input multiple times #3216
Fix filename parsing (used by cert option) #3242
Add additional check for --max-filesize option #3245
Support case-insensitive Cookie Attributes #3265
Allow any string in Location Header when not following redirection #3293
Fix graceful shutdown of workers threads in --test #3297
Fix missing space in variable option HTML export #3412

5.0.1 (2024-08-30)

Bugs Fixed:

Fix regression in --output when output file doesn't exist #3195

5.0.0 (2024-08-29)

Thanks to @lambrospetrou, @OverkillGuy, @badboy, @DenuxPlays, @linkdd, @nkback, @claytonneal,

Breaking Changes:

Encode oneline string only with one backtick #3113

Enhancements:

Create intermediary directories if necessary when producing TAP report #2860
Expose request comments in --out json (hurlfmt) #2850
Create intermediary directories if necessary when producing JUnit report #2842
Add global requests count in test summary #2832
Replace output warnings by errors #2815
Fix inconsistent case for fields queryString and httpVersion in --json #2804
Run tests in parallel #2753
Add support for importing curl url option in hurlfmt #2750
Add JSON report #2738
Add repeat option to repeat a sequence of Hurl file #2680
Add repeat option per request #2680
Add optional duration unit #2653
Apply delay only once per entry, no matter how many retry #1973
Add toFloat filter #1732
Accept directory as Hurl arguments for processing file #1446

Bugs Fixed:

Get SSL certificates info on reused connections, from a cache #3031
Fix max-redirs: -1 in [Options] section #3023
Fix error displayed in double with bad option #2920
Fix hurlfmt exit code with lint error #2919
Truncate file then append it when dumping response with --output. #2886
Fix crash with --json option when capturing 'HttpOnly' and 'Secure' cookie attribute #2871
Fix crash when capturing 'Expires' cookie attribute #2870
Fix empty JSON key parsing #2836
Do not filter 'Authorization' header if host doesn't change while following redirect #2823
Fix sending 'Authorization' header from --user when following redirect #2812
Fix URL when following redirect for certain 'Location' header #2783
Fix powershell completion file #2729

4.3.0 (2024-04-23)

Thanks to @tarampampam, @CMiksche, @CodeMan99, @OverkillGuy, @hsanson, @jaminalder, @teto, @humphd, @mohammed90,

Enhancements:

Support --user option per request #2585
Add isNumber predicate #2538
Create intermediate directory when using --report-html #2531
Use '-' to read Hurl file from standard input #2523
Add --from-entry option to execute a file from a given entry #2500
Add isIsoDate predicate (take a string, checks YYYY-MM-DDTHH:mm:sssZ) #2427
Add completion files in Linux/MacOS packages #2401
Fix tarball layout to Linux filesystem #2401
Add --max-filesize option to limit HTTP response #2353
Display source request when there are asserts/runtime errors #2351
Using explicit stdout output #2312
Prevent raw binary response to be displayed on standard output #2306
Add --netrc, --netrc-file and --netrc-optional options #2094
Generate bash completion for hurl/hurlfmt #1864
Generate powershell completion for hurl/hurlfmt #1864
Generate fish completion for hurl/hurlfmt #1864
Generate zsh completion for hurl/hurlfmt #1864
Add experimental --parallel / --jobs options #88 #87

Bugs Fixed:

Export begin_call, end_call timings fields to RFC3339 (microseconds) #2699
Fix standalone css for regex #2693
Fix charset parsing logic of Content-Type header #2540
Fix filename templatization bug under certain conditions #2533
Fix empty glob not always returning an error #2517
Fix hurlfmt query certificate for hurl output format #2511
Fix --test progress bar not displayed when verbose is used #2506
Per request output takes file-root into account for path resolving #2445
Fix silent error when verbose option use unset variable #2444
Fix Content-type header override when used in lowercase #2416

Security Issues Fixed:

Prevent script injection in HTML report #2719

4.2.0 (2024-01-11)

Thanks to @hi2code, @lambrospetrou, @glb-cblin, @moono, @gmetal, @mihirn, @humphd, @RickMoynihan, @pit1sIBM, @janwytze, @kingluo, @teto, @khimaros, @iredmail, @andres-lowrie, @nikeee, @ztittle, @legzo

Enhancements:

Add --location-trusted option #2296
Add --unix-socket option #2291
Export entry source line number in JSON output #2273
Use Template for filename type #2259 #1731 #464
Add dark mode support for HTML report #2254
Add --output option per request #2184 #1326
Add filter jsonpath #2134 #1632 #440
Improve JSON body parsing error reporting #2056
Support template in option values #2041
Support conda-forge installation #2018
Add timestamps to the HTML reports #1983
Log only non-default options in verbose mode #1927
Support template in key string #1877 #1710 #898
Add skip option #1815
Add --ipv4/--ipv6 option #1727
Add --http3 option #1155
Add --http2 option #1155
Add --http1.0/-0 option #1155
Add --http1.1 option #1155

Bugs Fixed:

Add short name -v for verbose option #2310
Fix unicode surrogate pair decoding in JSON request body #2235
Better error description for some parse error #2187
Fix undefined error for various I/O error using --output. #2156
TAP reports can't be appended if there are failed tests #2099
Support HTTP/2 on Windows #2072
Support key password in --cert option (certificate[:password]) #2047
Keep initial request headers when following redirects #1990

4.1.0 (2023-09-21)

Thanks to @danielzfranklin, @apparentorder, @ppaulweber, @taigrr, @kallelindqvist, @jlazic, @Lythenas, @Jayshua, @chenrui333, @nikeee, @jasonkarns, @humphd,

Breaking Changes:

Fix published release packages names #1951

Enhancements:

Print host architecture with --version #1893
Add the aws-sigv4 option to generate AWS SigV4 signed requests #1840
Add delay CLI option #1832
Add --delay Option #1832
Support RFC-7807 application/problem+json for response body logging as text #1766
Rename fail-at-end option with continue-on-error option #1739
Add connect-to per request option #1736
Add support for --resolve option per request #1711
Add TAP report #1666 #601
Implement isDate predicate #1520
Add docker arm64 build #536

Bugs Fixed:

IsEmpty doesn't seem to work on object collections #1788
Fix Cookie Query Parsing error #1784
Support empty BasicAuth section #1772
Fix standalone option for hurlfmt HTML output #1759
Support IPv4/IPv6 address in proxy [Options] #1756
Reuse same HTTP method on redirect for appropriate HTTP status codes #1719
Fix URL runtime evaluation #1716

4.0.0 (2023-06-28)

Thanks to @elbart, @dross-carve, @kaala, @phaza, @FiloSottile, @linker3000, @pfeiferj, @devnoname120, @jasonkarns,

Breaking Changes:

The option --retry now takes a number that specifies the explicit number of retries (same behaviour than curl)
The jsonpath query/filter does not coerce single-entry collection any more #1469
hurl crate: LoggerOptionsBuilder replaces LoggerOption, retry option from RunnerOptionsBuilder have changed, and verbose option have been moved from RunnerOptionsBuilder to LoggerOptionsBuilder

Enhancements:

Add xpath filter #1698
Introduce curl --path-as-is option #1669
Deprecate word predicate when operator is available #1662
Make hurlfmt support several input files (like Hurl) #1650
Add timings info to very verbose mode #1644
Add waterfall to HTML report for a Hurl file #1613
Add proxy in Options section #1602
Add decode filter #1560
Add --error-format option to output HTTP context on errors #1542
Update --retry option to match curl option #1475
Add support for LINK, UNLINK, PURGE, LOCK, UNLOCK, PROPFIND and VIEW HTTP method #967
Support arbitrary HTTP methods #967

Bugs Fixed:

Export [Options] to JSON #1673
Use --data-binary for log curl command when posting file #1654
Fix extra request headers logs with large body. #1651
Print error message when no file is found with --glob option #1638
Support additional dot in jsonpath expression #1555
Make Call, Certificate, Cookie, Header, Request, Response, Timings, Version public #1548
Add quotes around certificate attribute in HTML export #1515
Change API in jsonpath / remove single-entry coercion #1469

3.0.1 (2023-06-01)

Thanks to @RWDai, @plul,

Bugs Fixed:

Do not parse key/value in certificate subject/issue any more #1583
Fix hurlfmt less predicate #1577
Patch encoding issue with xpath and libxml 2.11.1+ #1535

3.0.0 (2023-05-03)

Thanks to @DannyBen, @dermetfan, @joesantos418

3.0.0 is a major update because of breaking changes in Hurl crates.

Enhancements:

Add test attributes to JUnit XML #1460
Add certificate query #1384
Add daysAfterNow / daysBeforeNow filters #1309
Add errors in HTML report #1286
Use long options for curl command #1236
Add progress bar for tests #1224
Add date value/filters #1206
Implement isEmpty predicate #849
Add curl input to hurlfmt #316

Bugs Fixed:

Fix performance issue in Reader remaining method #1456
Parse empty JSON array body #1424
Add meta utf-8 charset to HTML report #1366
Use an uuid as identifier for the HTML Hurl file run report #1285 #1283
Improve HTML export #1059

2.0.1 (2023-02-01)

Thanks to @softprops,

Bugs Fixed:

Fix GraphQL query with variables to HTTP body request #1218

2.0.0 (2023-01-25)

Thanks to @imsVLC, @ad8lmondy, @jlecour, @ako, @jmoore34, @robjtede, @devnoname120, @dalejefferson-rnf, @dnsmichi,

Enhancements:

Add option ssl-no-revoke #1163
Add client cert/key to command line args and options #1129
Add connect-to option #1079
Add name attribute to JUnit report #1078
Check HTTP version and status first, then other asserts #1072
Support new one line string #1041
Add filters for htmlEscape and htmlUnescape #1038
Add toInt filter #1029
Use HTTP instead of HTTP/* for any HTTP version match #975
Add RunnerOptionsBuilder to create instance of RunnerOptions #972
Add support for LINK, UNLINK, PURGE, LOCK, UNLOCK, PROPFIND and VIEW HTTP method #967
Accept multiple --variables-file options #532
Add GraphQL support #504
Add --resolve option #379

Bugs Fixed:

Support '-' in JSONPath dot notation #1174
Fix cargo test --doc on Alpine #1124
Do not add newline at eof with --no-format option #1058
Fix variables update #1037
Fix querystring key parsing #1027

1.8.0 (2022-11-02)

Thanks to @chenrui333, @Jiehong, @Goffen,

Enhancements:

Add curl logs #899
Add query url #895
Make compact help #861
List all libcurl features with --version #836
Add --retry and --retry-interval option to retry request until asserts and captures are ok #525

Bugs Fixed:

Fix hurlfmt --color crash #957
Fix missing line in HTML output #924
Fix HTTP HEAD #903
Fix relative redirect #875

1.7.0 (2022-09-13)

Thanks to @danielbprice, @fourjay, @datamuc, @bdmorin, @humphd, @kautsig, @Karrq, @balroggg,

Enhancements:

Add string comparison predicates #798
Improve text summary #779 #593
Support NO_COLOR env variable (https://no-color.org) #713
Improve URL parsing error message #662
Display deprecated warning when using --progress and --summary option #637
Log body request in very verbose #628
Add options section #612
Install Hurl with npm #544
Add very verbose option #499
Add support for XML namespaces in XPath query #493
Use Template type for cookie value #473

Bugs Fixed:

Accept expression in comparison predicate #799
Fix file access authorization #674
Fix body file access #674
Fix implicit body asserts on compressed response body #567
Fix Brotli response body decoding #564
Fix sha256, md5, bytes query on compressed body #563
Fix redirection not followed #552
Encode string variables in JSON body #530
Fix curl export shell escape #530
Allow different types in JSON array #495

1.6.1 (2022-03-25)

Thanks to @humphd

Bugs Fixes:

Support @ for the username in [BasicAuth] section #513
Fix panicking while processing expected Regex value #514

1.6.0 (2022-02-10)

Thanks to @linjan, @adworacz, @humphd, @jpluscplusm,

Changes:

Add -A/--user-agent curl option to specify a User Agent for all requests of a file #452
Support filter with nested object in jsonpath expression #423
Add BasicAuth section #360
Add next request in interactive mode #268
Improving pattern for regex capture and matches predicates #4

Bugs Fixes: