Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
@discordjs/uws
Advanced tools
uws
is a replacement module for ws
which allows, but doesn't guarantee (certainly not when paired with Socket.IO), significant performance and memory-usage improvements. This module is specifically only compatible with Node.js and is installed only like so:
require('uws')
will throw if all of the below points hold true:
You can't fix a clogged up system by only fixing part of the problem. Swapping to uws can have dramatical effects if your entire pipeline works well. Socket.IO, SocketCluster and other such mass bloat will not give you desired results as those projects already, from the start, are the bottleneck.
Read more about other horrible Node.js projects here
uws
tries to mimic ws
as closely as possible without sacrificing too much performance. In most cases you simply swap require('ws')
with require('uws')
:
var WebSocketServer = require('uws').Server;
var wss = new WebSocketServer({ port: 3000 });
function onMessage(message) {
console.log('received: ' + message);
}
wss.on('connection', function(ws) {
ws.on('message', onMessage);
ws.send('something');
});
There are some important incompatibilities with ws
though, we aim to be ~90% compatible but will never implement behavior that is deemed too inefficient:
ArrayBuffer
. This means you need to copy it to keep it past the callback. It also means you need to convert it with Buffer.from(message)
if you expect a Node.js Buffer
.webSocket._socket
is not a net.Socket
, it is just a getter function with very basic functionalities.webSocket._socket.remote...
might fail, you need to cache it at connection.webSocket
acts like an EventEmitter
with one listener per event maximum.webSocket.upgradeReq
is only valid during execution of the connection handler. If you want to keep properties of the upgradeReq for the entire lifetime of the webSocket you better attach that specific property to the webSocket at connection.FAQs
Tiny WebSockets
The npm package @discordjs/uws receives a total of 802 weekly downloads. As such, @discordjs/uws popularity was classified as not popular.
We found that @discordjs/uws demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.