@convivainc/conviva-js-replay
Advanced tools
A standalone replay module for Conviva analytics that works with both npm and script tags.
npm install @convivainc/conviva-js-replay
Conviva hosts sensor scripts on its CDN, allowing direct integration via
To use them, add a script tag to your HTML before DPI SDK intialization:
<script src="https://sensor.conviva.com/replay/releases/v1.0.1/conviva-replay.umd.min.js"></script>
Conviva's CDN supports Brotli and gzip compression. When the browser sends the appropriate Accept-Encoding header (which modern browsers do by default), the CDN automatically serves a compressed response, reducing download size and improving load times with no additional configuration required.
Note: Conviva CDN serves replay packages starting from version v1.0.1
import { init } from '@convivainc/conviva-js-replay';
// Just provide your customer key - that's it!
init('CONVIVA_ACCOUNT_CUSTOMER_KEY');
// INITIALISE CONVIVA-JS-APPP-ANALYTICS(https://github.com/Conviva/conviva-js-appanalytics) AFTER COHORT REPLAY INITIALISATION
<script src= "<<URL / Path to conviva-replay.umd.min.js>>"></script>
<script>
// Just provide your customer key - that's it!
ConvivaReplay.init('CONVIVA_ACCOUNT_CUSTOMER_KEY');
// INITIALISE CONVIVA-JS-SCRIPT-APPP-ANALYTICS(https://github.com/Conviva/conviva-js-script-appanalytics) AFTER COHORT REPLAY INITIALISATION
</script>
init(customerKey)Recommended method - Simple initialization with just a customer key.
Parameters:
customerKey (string): Your Conviva customer keyExample:
// Simple usage
init('CONVIVA_ACCOUNT_CUSTOMER_KEY');
Some environments enforce a strict Content Security Policy (CSP). The SDK uses a Web Worker created from a blob: URL, which requires explicitly allowing workers. Add the following directive to your site’s Content-Security-Policy:
Content-Security-Policy: worker-src 'self' blob:;
Notes
On many websites, required assets (commonly CSS files or SVGs) may be hosted on a different origin (domain/subdomain). If those assets are blocked by cross-origin restrictions, configure the hosting server/CDN to allow cross-origin access. Ensure the asset server returns appropriate CORS response headers, such as:
Access-Control-Allow-Origin: https://pulse.conviva.com
// If the host changes or a new host is introduced in the future, it should be allowed as well.
Or, if your security policy allows it:
Access-Control-Allow-Origin: *
If a user closes the browser tab after performing an activity, the last up to 1 minute of user activity per origin may not be available immediately. This duration represents the maximum possible gap; in most cases, the unavailable replay segment will be less than 1 minute. Replay data for that origin will resume only after the application is relaunched and the user returns to the same origin.
Notes
FAQs
Conviva Replay library
We found that @convivainc/conviva-js-replay demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Company News
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
Security News
NIST will stop enriching most CVEs under a new risk-based model, narrowing the NVD's scope as vulnerability submissions continue to surge.
Company News
/Security News
Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.