Jump to solution
Details

urllib3 NodeJS + pyodide support (Fix)

Fixed
Spec
Package
urllib3
Fixed In
2.3.0
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.84
#3400 ai duplicates Updated: 2026-02-13
Issue #3400

The Fix

pip install urllib3==2.3.0

Based on closed urllib3/urllib3 issue #3400 · PR/commit linked

Production note: This usually shows up under retries/timeouts. Treat it as a side-effect risk until you can verify behavior with a canary + real traffic.

Open PR/Commit
@@ -75,6 +75,10 @@ jobs: experimental: false nox-session: test-3.9 + - python-version: "3.12" + os: ubuntu-latest + nox-session: emscripten(node)
fix.md
Option A — Upgrade to fixed release\npip install urllib3==2.3.0\nWhen NOT to use: This fix is not suitable for environments that do not support JavaScript Promise Integration.\n\n

Why This Fix Works in Production

  • Trigger: NodeJS + pyodide support
  • Mechanism: Added support for JavaScript Promise Integration in the emscripten/pyodide backend
  • Why the fix works: Adds support to the emscripten/pyodide backend for JavaScript Promise Integration, allowing urllib3 to work in Node.js and simplifying its use in browsers. (first fixed release: 2.3.0).
Production impact:
  • If left unfixed, retries/timeouts can trigger duplicate external side-effects (double charges, duplicate emails, repeated writes).

Why This Breaks in Prod

  • Added support for JavaScript Promise Integration in the emscripten/pyodide backend

Proof / Evidence

  • GitHub issue: #3400
  • Fix PR: https://github.com/urllib3/urllib3/pull/3427
  • First fixed release: 2.3.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.84

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“Done in https://github.com/urllib3/urllib3/pull/3427, closing, thank you!”
@pquentin · 2024-12-22 · confirmation · source
“Hey @joemarshall, nice to see you again! :) Happy to accept patches which makes urllib3 work better in those environments”
@sethmlarson · 2024-06-05 · source

Failure Signature (Search String)

  • NodeJS + pyodide support

Error Message

Signature-only (no traceback captured)
error.txt
Error Message ------------- NodeJS + pyodide support

Why It Broke

Added support for JavaScript Promise Integration in the emscripten/pyodide backend

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install urllib3==2.3.0

When NOT to use: This fix is not suitable for environments that do not support JavaScript Promise Integration.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Option D — Guard side-effects with OnceOnly Guardrail for side-effects

Mitigate duplicate external side-effects under retries/timeouts/agent loops by gating the operation before calling external systems.

  • Place OnceOnly between your code/agent and real side-effects (Stripe, emails, CRM, APIs).
  • Use a stable key per side-effect (e.g., customer_id + action + idempotency_key).
  • Fail-safe: configure fail-open vs fail-closed based on blast radius and spend risk.
  • This is most useful when retries/timeouts can re-trigger the same external call.
Show example snippet (optional)
onceonly.py
from onceonly import OnceOnly import os once = OnceOnly(api_key=os.environ["ONCEONLY_API_KEY"], fail_open=True) # Stable idempotency key per real side-effect. # Use a request id / job id / webhook delivery id / Stripe event id, etc. event_id = "evt_..." # replace key = f"stripe:webhook:{event_id}" res = once.check_lock(key=key, ttl=3600) if res.duplicate: return {"status": "already_processed"} # Safe to execute the side-effect exactly once. handle_event(event_id)

See OnceOnly SDK

When NOT to use: Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.

Fix reference: https://github.com/urllib3/urllib3/pull/3427

First fixed release: 2.3.0

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • This fix is not suitable for environments that do not support JavaScript Promise Integration.
  • Do not use this to hide logic bugs or data corruption. Use it to block duplicate external side-effects and enforce tool permissions/spend caps.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a CI check that diffs key outputs after upgrades (OpenAPI schema snapshots, JSON payload shapes, CLI output).
  • Upgrade behind a canary and run integration tests against the canary before 100% rollout.

Version Compatibility Table

VersionStatus
2.3.0 Fixed

Related Issues

No related fixes found.

Cluster: urllib3:duplicates urllib3 hub urllib3 best practices All hubs All clusters
Related clusters: Configuration error Data consistency SSL handshake

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #3400. Not affiliated with the library maintainers. Verify before production use.