@allbin/express-notifications
Advanced tools
import Notifications from '@allbin/express-notifications';
import express from 'express';
const app = express();
const notifications = new Notifications(app, {
path: '/message-updates',
jwtSecret: 'shhhh',
jwtVerificationOptions: {
audience: 'https://example.com'
}
});
app.use(...);
let messages = [];
notifications.on('client_authenticated', (ws) => {
ws.send({type: "messages:existing", data: messages});
});
app.get('/messages', (req, res, next) => {
res.status(200).json(messages));
});
app.post('/messages', (req, res, next) => {
const msg = JSON.parse(req.body);
messages.push(msg);
notifications.push('messages:created', [msg]);
res.status(201);
});
app.listen(process.env.PORT);
If options.jwtSecret was set during initialization, clients are expected to present credentials
before receiving any notifications. This is done by sending an auth message containing a JWT.
{
"type": "auth",
"data": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
}
If the token is accepted by the server, the client will start receiving notification pushes. Note that the client connection will be terminated if its associated token expires. To avoid service interruption, the client is therefore expected to periodically acquire new tokens and issue additional "auth" messages as needed.
Connected clients are expected to respond to periodical pings from the server. These will arrive in the following form:
{
"type": "ping"
}
And should simply be responded to with:
{
"type": "pong"
}
Creates a websocket server with client connection management.
Returns a Notifications object.
Arguments:
app - An express app
http_server - An optional instance of a node http.Server. if not supplied, one will be created for you.
options - See below.
Accepted options:
path - Route path for the WebSocket server to use. default: /notifications
pingInterval - Seconds between WebSocket pings sent to clients, default: 30
jwtSecret - Passed unchanged to jsonwebtoken.verify. default: undefined
jwtVerificationOptions - Passed unchanged to jsonwebtoken.verify. default: undefined
Pushes a notification message to all registered clients in the form:
{
"type": type,
"data": data
}
Available options:
type - a string meant to communicate to clients what type of notification this is.
data - type-dependent data.
targeted_claims - notification will only be sent to authenticated users who possess the specified claims.
Emitted when a client has successfully authenticated for the first time. Subsequent authentication messages will not trigger a new emission of this event. It is emitted exactly once per client connection.
If options.jwtSecret was not set, this event is emitted immediately upon connection.
If options.jwtSecret was set, ws.user contains the decoded JWT payload.
FAQs
Websocket notifications for API entities
We found that @allbin/express-notifications demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
Security News
Socket is heading to London! Stop by our booth or schedule a meeting to see what we've been working on.
Security News
OWASP’s 2025 Top 10 introduces Software Supply Chain Failures as a new category, reflecting rising concern over dependency and build system risks.