Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@novnc/novnc
Advanced tools
noVNC is both a HTML VNC client JavaScript library and an application built on top of that library. noVNC runs well in any modern browser including mobile browsers (iOS and Android).
Many companies, projects and products have integrated noVNC including OpenStack, OpenNebula, LibVNCServer, and ThinLinc. See the Projects and Companies wiki page for a more complete list with additional info and links.
The project website is found at novnc.com.
If you are a noVNC developer/integrator/user (or want to be) please join the noVNC discussion group.
Bugs and feature requests can be submitted via github issues. If you have questions about using noVNC then please first use the discussion group. We also have a wiki with lots of helpful information.
If you are looking for a place to start contributing to noVNC, a good place to start would be the issues that are marked as "patchwelcome". Please check our contribution guide though.
If you want to show appreciation for noVNC you could donate to a great non- profits such as: Compassion International, SIL, Habitat for Humanity, Electronic Frontier Foundation, Against Malaria Foundation, Nothing But Nets, etc.
Running in Firefox before and after connecting:
See more screenshots here.
noVNC uses many modern web technologies so a formal requirement list is not available. However these are the minimum versions we are currently aware of:
noVNC follows the standard VNC protocol, but unlike other VNC clients it does require WebSockets support. Many servers include support (e.g. x11vnc/libvncserver, QEMU, and MobileVNC), but for the others you need to use a WebSockets to TCP socket proxy. noVNC has a sister project websockify that provides a simple such proxy.
Use the novnc_proxy
script to automatically download and start websockify, which
includes a mini-webserver and the WebSockets proxy. The --vnc
option is
used to specify the location of a running VNC server:
./utils/novnc_proxy --vnc localhost:5901
If you don't need to expose the web server to public internet, you can bind to localhost:
./utils/novnc_proxy --vnc localhost:5901 --listen localhost:6081
Point your browser to the cut-and-paste URL that is output by the novnc_proxy
script. Hit the Connect button, enter a password if the VNC server has one
configured, and enjoy!
Running the command below will install the latest release of noVNC from Snap:
sudo snap install novnc
You can run the Snap-package installed novnc directly with, for example:
novnc --listen 6081 --vnc localhost:5901 # /snap/bin/novnc if /snap/bin is not in your PATH
If you want to use certificate files, due to standard Snap confinement restrictions you need to have them in the /home/<user>/snap/novnc/current/ directory. If your username is jsmith an example command would be:
novnc --listen 8443 --cert ~jsmith/snap/novnc/current/self.crt --key ~jsmith/snap/novnc/current/self.key --vnc ubuntu.example.com:5901
The Snap package also has the capability to run a 'novnc' service which can be configured to listen on multiple ports connecting to multiple VNC servers (effectively a service runing multiple instances of novnc). Instructions (with example values):
List current services (out-of-box this will be blank):
sudo snap get novnc services
Key Value
services.n6080 {...}
services.n6081 {...}
Create a new service that listens on port 6082 and connects to the VNC server running on port 5902 on localhost:
sudo snap set novnc services.n6082.listen=6082 services.n6082.vnc=localhost:5902
(Any services you define with 'snap set' will be automatically started) Note that the name of the service, 'n6082' in this example, can be anything as long as it doesn't start with a number or contain spaces/special characters.
View the configuration of the service just created:
sudo snap get novnc services.n6082
Key Value
services.n6082.listen 6082
services.n6082.vnc localhost:5902
Disable a service (note that because of a limitation in Snap it's currently not possible to unset config variables, setting them to blank values is the way to disable a service):
sudo snap set novnc services.n6082.listen='' services.n6082.vnc=''
(Any services you set to blank with 'snap set' like this will be automatically stopped)
Verify that the service is disabled (blank values):
sudo snap get novnc services.n6082
Key Value
services.n6082.listen
services.n6082.vnc
Please see our other documents for how to integrate noVNC in your own software, or deploying the noVNC application in production environments:
See AUTHORS for a (full-ish) list of authors. If you're not on that list and you think you should be, feel free to send a PR to fix that.
Core team:
Previous core contributors:
Notable contributions:
Included libraries:
Do you want to be on this list? Check out our contribution guide and start hacking!
FAQs
An HTML5 VNC client
The npm package @novnc/novnc receives a total of 18,249 weekly downloads. As such, @novnc/novnc popularity was classified as popular.
We found that @novnc/novnc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.