
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@fluojs/websockets
Advanced tools
Decorator-based WebSocket gateway authoring core for Fluo, with explicit Node, Bun, Deno, and Cloudflare Workers raw websocket bindings on dedicated subpaths.
English 한국어
Decorator-based WebSocket gateway authoring for the fluo runtime.
npm install @fluojs/websockets ws
Use this package to add real-time WebSocket capabilities to your fluo application. It provides a clean, decorator-driven API for handling connections, messages, and disconnections, with first-class support for multiple runtimes (Node.js, Bun, Deno, Cloudflare Workers).
Use WebSocketModule.forRoot() when you want the default Node.js-backed websocket runtime.
import { WebSocketGateway, OnConnect, OnMessage, WebSocketModule } from '@fluojs/websockets';
import { Module } from '@fluojs/core';
@WebSocketGateway({ path: '/chat' })
class ChatGateway {
@OnConnect()
handleConnect(socket) {
console.log('Client connected');
}
@OnMessage('ping')
handlePing(payload, socket) {
socket.send(JSON.stringify({ event: 'pong', data: payload }));
}
}
@Module({
imports: [WebSocketModule.forRoot()],
providers: [ChatGateway],
})
export class AppModule {}
Multiple gateways can share the same path; their handlers will execute in discovery order.
@WebSocketGateway({ path: '/events' })
class MetricsGateway {
@OnMessage('metrics')
handleMetrics(data) { /* ... */ }
}
For Node-based adapters (Express/Fastify), you can opt into a dedicated listener port.
@WebSocketGateway({
path: '/chat',
serverBacked: { port: 3101 }
})
class DedicatedChatGateway {}
Use WebSocketModule.forRoot(...) to reject anonymous upgrades before the handshake completes and to tune the shared connection/payload limits.
import { UnauthorizedException } from '@fluojs/http';
WebSocketModule.forRoot({
limits: {
maxConnections: 500,
maxPayloadBytes: 65_536,
},
upgrade: {
guard(request) {
const authorization = request instanceof Request
? request.headers.get('authorization')
: request.headers.authorization;
if (authorization !== 'Bearer demo-token') {
throw new UnauthorizedException('Authentication required.');
}
},
},
});
When omitted, @fluojs/websockets now applies bounded defaults for concurrent connections and inbound payload size. Server-backed Node listeners also enable heartbeat timers unless you explicitly set heartbeat.enabled to false. The official fetch-style runtime modules (@fluojs/websockets/bun, @fluojs/websockets/deno, and @fluojs/websockets/cloudflare-workers) close tracked websocket clients during application shutdown and give @OnDisconnect() cleanup a bounded chance to finish within shutdown.timeoutMs.
@WebSocketGateway(options): Marks a class as a WebSocket gateway.@OnConnect(): Decorator for connection handlers.@OnMessage(event?): Decorator for inbound message handlers.@OnDisconnect(): Decorator for disconnection handlers.WebSocketModule: Root module for WebSocket integration.WebSocketModule.forRoot({ upgrade, limits, heartbeat, ... }): Configures pre-upgrade guards and bounded runtime defaults.WebSocketGatewayLifecycleService: Root alias for the default Node.js-backed lifecycle service token.WebSocketModule.forRoot(...): Configures package-level registration for the default root websocket module.Use the runtime subpaths when you want an explicit runtime binding instead of the default root Node.js alias. Each subpath exposes its *WebSocketModule.forRoot(...) entrypoint plus the matching runtime lifecycle service export.
| Runtime | Subpath | Module |
|---|---|---|
| Node.js | @fluojs/websockets/node | NodeWebSocketModule |
| Bun | @fluojs/websockets/bun | BunWebSocketModule |
| Deno | @fluojs/websockets/deno | DenoWebSocketModule |
| Workers | @fluojs/websockets/cloudflare-workers | CloudflareWorkersWebSocketModule |
packages/websockets/src/module.test.tspackages/websockets/src/public-surface.test.tspackages/websockets/src/node/node.test.tspackages/websockets/src/bun/bun.test.tspackages/websockets/src/deno/deno.test.tspackages/websockets/src/cloudflare-workers/cloudflare-workers.test.tsFAQs
Decorator-based WebSocket gateway authoring core for Fluo, with explicit Node, Bun, Deno, and Cloudflare Workers raw websocket bindings on dedicated subpaths.
The npm package @fluojs/websockets receives a total of 16 weekly downloads. As such, @fluojs/websockets popularity was classified as not popular.
We found that @fluojs/websockets demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.