Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@heroiclabs/nakama-js
Advanced tools
JavaScript client for Nakama server written in TypeScript. For browser and React Native projects.
Nakama is an open-source server designed to power modern games and apps. Features include user accounts, chat, social, matchmaker, realtime multiplayer, and much more.
This client implements the full API and socket options with the server. It's written in TypeScript with minimal dependencies to be compatible with all modern browsers and React Native.
Full documentation is online - https://heroiclabs.com/docs/javascript-client-guide
You'll need to setup the server and database before you can connect with the client. The simplest way is to use Docker but have a look at the server documentation for other options.
Install and run the servers. Follow these instructions.
Import the client into your project. It's available on NPM and can be also be added to a project with Bower or other package managers.
yarn add "@heroiclabs/nakama-js"
You'll now see the code in the "node_modules" folder and package listed in your "package.json".
Optionally, if you would like to use the Protocol Buffers wire format with your sockets, you can import the adapter found in this package:
yarn add "@heroiclabs/nakama-js-protobuf"
Use the connection credentials to build a client object.
import {Client} from "@heroiclabs/nakama-js";
var useSSL = false; // Enable if server is run with an SSL certificate.
var client = new Client("defaultkey", "127.0.0.1", "7350", useSSL);
The client object has many methods to execute various features in the server or open realtime socket connections with the server.
There's a variety of ways to authenticate with the server. Authentication can create a user if they don't already exist with those credentials. It's also easy to authenticate with a social profile from Google Play Games, Facebook, Game Center, etc.
var email = "super@heroes.com";
var password = "batsignal";
const session = await client.authenticateEmail(email, password);
console.info(session);
When authenticated the server responds with an auth token (JWT) which contains useful properties and gets deserialized into a Session
object.
console.info(session.token); // raw JWT token
console.info(session.refreshToken); // refresh token
console.info(session.userId);
console.info(session.username);
console.info("Session has expired?", session.isexpired(Date.now() / 1000));
const expiresat = session.expires_at;
console.warn("Session will expire at", new Date(expiresat * 1000).toISOString());
It is recommended to store the auth token from the session and check at startup if it has expired. If the token has expired you must reauthenticate. The expiry time of the token can be changed as a setting in the server.
// Assume we've stored the auth token in browser Web Storage.
const authtoken = window.localStorage.getItem("nkauthtoken");
const refreshtoken = window.localStorage.getItem("nkrefreshtoken");
let session = nakamajs.Session.restore(authtoken, refreshtoken);
// Check whether a session is close to expiry.
const unixTimeInFuture = Date.now() + 8.64e+7; // one day from now
if (session.isexpired(unixTimeInFuture / 1000)) {
try
{
session = await client.sessionRefresh(session);
}
catch (e)
{
console.info("Session can no longer be refreshed. Must reauthenticate!");
}
}
The client includes lots of builtin APIs for various features of the game server. These can be accessed with the methods which return Promise objects. It can also call custom logic as RPC functions on the server. These can also be executed with a socket object.
All requests are sent with a session object which authorizes the client.
const account = await client.getAccount(session);
console.info(account.user.id);
console.info(account.user.username);
console.info(account.wallet);
The client can create one or more sockets with the server. Each socket can have it's own event listeners registered for responses received from the server.
const secure = false; // Enable if server is run with an SSL certificate
const trace = false;
const socket = client.createSocket(secure, trace);
socket.ondisconnect = (evt) => {
console.info("Disconnected", evt);
};
const session = await socket.connect(session);
// Socket is open.
If you are using the optional protocol buffer adapter, pass the adapter to the Socket object during construction:
import {WebSocketAdapterPb} from "@heroiclabs/nakama-js-protobuf"
const secure = false; // Enable if server is run with an SSL certificate
const trace = false;
const socket = client.createSocket(secure, trace, new WebSocketAdapterPb());
There's many messages for chat, realtime, status events, notifications, etc. which can be sent or received from the socket.
socket.onchannelmessage = (message) => {
console.info("Message received from channel", message.channel_id);
console.info("Received message", message);
};
// 1 = room, 2 = Direct Message, 3 = Group
const type : number = 1;
const roomname = "mychannel";
const persistence : boolean = false;
const hidden : boolean = false;
const channel = await socket.joinChat(type, roomname, persistence, hidden);
const message = { "hello": "world" };
socket.writeChatMessage(channel.channel.id, message);
The development roadmap is managed as GitHub issues and pull requests are welcome. If you're interested in enhancing the code please open an issue to discuss the changes or drop in and discuss it in the community forum.
Ensure you are using Node v12.18.1.
The codebase is multi-package monorepo written in TypeScript and can be built with esbuild. All dependencies are managed with Yarn.
To build from source, install dependencies and build the nakama-js
and nakama-js-protobuf
subrepositories:
yarn workspace @heroiclabs/nakama-js install && yarn workspace @heroiclabs/nakama-js build
yarn workspace @heroiclabs/nakama-js-protobuf install && yarn workspace @heroiclabs/nakama-js-protobuf build
To run tests you will need to run the server and database. Most tests are written as integration tests which execute against the server. A quick approach we use with our test workflow is to use the Docker compose file described in the documentation.
Tests are run against each workspace bundle; if you have made source code changes, you should yarn workspace <workspace> build
prior to running tests.
docker-compose -f ./docker-compose.yml up
yarn workspace @heroiclabs/nakama-js-test run test
Note on Yarn workspaces and testing particular versions of nakama-js
from the nakama-js-test
workspace:
Yarn will first look at the remote NPM registry for the nakama-js
version specified. If that is not found,
it will symlink the local nakama-js
workspace into node_modules
which is necessary for running tests
against local changes.
To update the generated Typescript required for using the protocol buffer adapter, cd
into
packages/nakama-js-protobuf
and run the following:
npx protoc \
--plugin="./node_modules/.bin/protoc-gen-ts_proto" \
--proto_path=$GOPATH/src/github.com/heroiclabs/nakama-common \
--ts_proto_out=. \
--ts_proto_opt=snakeToCamel=false \
--ts_proto_opt=esModuleInterop=true \
$GOPATH/src/github.com/heroiclabs/nakama-common/rtapi/realtime.proto \
$GOPATH/src/github.com/heroiclabs/nakama-common/api/api.proto
To release onto NPM if you have access to the "@heroiclabs" organization you can use Yarn.
yarn workspace <workspace> run build && yarn workspace <workspace> npm publish --access=public
API docs are generated with typedoc and deployed to GitHub pages.
To run typedoc:
yarn workspace @heroiclabs/nakama-js install && yarn workspace @heroiclabs/nakama-js docs
This project is licensed under the Apache-2 License.
[2.4.1]
cjs
distribution provided.FAQs
JavaScript client for Nakama server written in TypeScript.
The npm package @heroiclabs/nakama-js receives a total of 919 weekly downloads. As such, @heroiclabs/nakama-js popularity was classified as not popular.
We found that @heroiclabs/nakama-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.