Security News
PyPI’s New Archival Feature Closes a Major Security Gap
PyPI now allows maintainers to archive projects, improving security and helping users make informed decisions about their dependencies.
By Sarah Gooding - Jan 30, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
@daily-co/daily-js
Advanced tools
@daily-co/daily-js
Please check our [our documentation site](https://docs.daily.co/) to get started. If you're building a web app with our `daily-js` front-end JavaScript library, you may be particularly interested in:
- 0.74.0
- latest
- npm
🎥 Get started with Daily
Please check our our documentation site to get started. If you're building a web app with our daily-js front-end JavaScript library, you may be particularly interested in:
- The
daily-jsreference docs, for help adding video calls to your app - The REST API reference docs, for help creating video call rooms, configuring features for those rooms, and managing users and permissions
⚠ Upcoming changes that may require action
strictMode: false will no longer allow multiple call instances
Today, you can circumvent throwing an Error on creation of a second (or nth) Daily instance by setting strictMode: false in the constructor parameters. With the introduction of proper support for multiple instances, this is replaced with the opt-in parameter, allowMultipleCallInstances. So in a future release, if your application needs to use multiple call instances simultaneously, you must set this new parameter to true, otherwise multiple instances will not be allowed and an Error will be thrown (regardless of strictMode).
While we will technically support multiple instances and the fear of bugs when doing so goes away, the majority of use cases only requires one instance and having multiple is likely accidental and will still cause issues. It's for this reason we default to throwing an Error in the hopes of avoiding footguns.
Note: strictMode, which defaults to true, will continue to be used for disallowing use of a Daily call instance after it has been destroyed.
avoidEval will become true by default
Today you can opt in to making daily-js behave in a CSP-friendly way by specifying dailyConfig: { avoidEval: true } wherever you provide your call options. You can read more about this option and how to set up your CSP (Content Security Policy) in this guide.
Starting in an upcoming version of daily-js, avoidEval will switch to defaulting to true. To prepare for this change, please make sure that your CSP's script-src directive contains https://*.daily.co (or explicitly opt out of the new behavior by setting avoidEval: false).
FAQs
Please check our [our documentation site](https://docs.daily.co/) to get started. If you're building a web app with our `daily-js` front-end JavaScript library, you may be particularly interested in:
We found that @daily-co/daily-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 02 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
North Korean APT Lazarus Targets Developers with Malicious npm Package
Malicious npm package postcss-optimizer delivers BeaverTail malware, targeting developer systems; similarities to past campaigns suggest a North Korean connection.
By Kirill Boychenko, Peter van der Zee - Jan 29, 2025
Security News
CISA Brings KEV Data to GitHub
CISA's KEV data is now on GitHub, offering easier access, API integration, commit history tracking, and automated updates for security teams and researchers.
By Sarah Gooding - Jan 29, 2025