Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@nestjs/platform-socket.io
Advanced tools
Nest - modern, fast, powerful node.js web framework (@platform-socket.io)
@nestjs/platform-socket.io is a package that integrates Socket.IO with the NestJS framework, allowing for real-time, event-based communication between the server and clients. It leverages the modular architecture of NestJS to provide a structured and scalable way to handle WebSocket connections.
Basic WebSocket Gateway
This feature allows you to create a basic WebSocket gateway using the @nestjs/websockets module. The `@WebSocketGateway` decorator marks the class as a WebSocket gateway, and the `@WebSocketServer` decorator injects the Socket.IO server instance. The `@SubscribeMessage` decorator listens for incoming messages and handles them accordingly.
```typescript
import { WebSocketGateway, WebSocketServer, SubscribeMessage, MessageBody } from '@nestjs/websockets';
import { Server } from 'socket.io';
@WebSocketGateway()
export class EventsGateway {
@WebSocketServer()
server: Server;
@SubscribeMessage('message')
handleMessage(@MessageBody() message: string): void {
this.server.emit('message', message);
}
}
```
Namespace Support
This feature allows you to create WebSocket gateways with specific namespaces. The `namespace` option in the `@WebSocketGateway` decorator specifies the namespace for the gateway, enabling you to organize your WebSocket events more effectively.
```typescript
import { WebSocketGateway, WebSocketServer, SubscribeMessage, MessageBody } from '@nestjs/websockets';
import { Server } from 'socket.io';
@WebSocketGateway({ namespace: 'chat' })
export class ChatGateway {
@WebSocketServer()
server: Server;
@SubscribeMessage('message')
handleMessage(@MessageBody() message: string): void {
this.server.emit('message', message);
}
}
```
Room Support
This feature allows you to manage rooms within your WebSocket server. Clients can join specific rooms, and messages can be broadcasted to all clients within a room. The `client.join(room)` method adds a client to a room, and `this.server.to(room).emit('message', message)` sends a message to all clients in the specified room.
```typescript
import { WebSocketGateway, WebSocketServer, SubscribeMessage, MessageBody, ConnectedSocket } from '@nestjs/websockets';
import { Server, Socket } from 'socket.io';
@WebSocketGateway()
export class RoomGateway {
@WebSocketServer()
server: Server;
@SubscribeMessage('joinRoom')
handleJoinRoom(@MessageBody() room: string, @ConnectedSocket() client: Socket): void {
client.join(room);
}
@SubscribeMessage('message')
handleMessage(@MessageBody() { room, message }: { room: string, message: string }): void {
this.server.to(room).emit('message', message);
}
}
```
Socket.IO is a library that enables real-time, bidirectional, and event-based communication between web clients and servers. It is the underlying library used by @nestjs/platform-socket.io. While Socket.IO provides the core functionality, @nestjs/platform-socket.io integrates it seamlessly with the NestJS framework, offering a more structured and modular approach.
ws is a simple to use, blazing fast, and thoroughly tested WebSocket client and server for Node.js. Unlike @nestjs/platform-socket.io, which is built on top of Socket.IO, ws provides a lower-level API for WebSocket communication. It does not offer the same level of integration with NestJS or the additional features provided by Socket.IO, such as rooms and namespaces.
A progressive Node.js framework for building efficient and scalable server-side applications.
Nest is a framework for building efficient, scalable Node.js server-side applications. It uses modern JavaScript, is built with TypeScript (preserves compatibility with pure JavaScript) and combines elements of OOP (Object Oriented Programming), FP (Functional Programming), and FRP (Functional Reactive Programming).
Under the hood, Nest makes use of Express, but also provides compatibility with a wide range of other libraries, like Fastify, allowing for easy use of the myriad of third-party plugins which are available.
In recent years, thanks to Node.js, JavaScript has become the “lingua franca” of the web for both front and backend applications, giving rise to awesome projects like Angular, React, and Vue, which improve developer productivity and enable the construction of fast, testable, and extensible frontend applications. However, on the server-side, while there are a lot of superb libraries, helpers, and tools for Node, none of them effectively solve the main problem - the architecture.
Nest aims to provide an application architecture out of the box which allows for effortless creation of highly testable, scalable, and loosely coupled and easily maintainable applications. The architecture is heavily inspired by Angular.
For questions and support please use the official Discord channel. The issue list of this repo is exclusively for bug reports and feature requests.
Please make sure to read the Issue Reporting Checklist before opening an issue. Issues not conforming to the guidelines may be closed immediately.
With official support, you can get expert help straight from Nest core team. We provide dedicated technical support, migration strategies, advice on best practices (and design decisions), PR reviews, and team augmentation. Read more about support here.
Nest is an MIT-licensed open source project. It can grow thanks to the sponsors and support from the amazing backers. If you'd like to join them, please read more here.
Nest is MIT licensed.
FAQs
Nest - modern, fast, powerful node.js web framework (@platform-socket.io)
We found that @nestjs/platform-socket.io demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.