
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
@superhuman/push-receiver
Advanced tools
A module to subscribe to GCM/FCM and receive notifications within a node process.
A library to subscribe to GCM/FCM and receive notifications within a node process.
For Electron, you can use electron-push-receiver instead which provides a convenient wrapper.
See this blog post for more details.
push-receiver ?push-receiver ?npm i -S push-receiver
You can use electron-push-receiver instead which provides a convenient wrapper.
const { register, listen } = require('push-receiver');
// First time
// Register to GCM and FCM
const credentials = await register(senderId); // You should call register only once and then store the credentials somewhere
storeCredentials(credentials) // Store credentials to use it later
const fcmToken = credentials.fcm.token; // Token to use to send notifications
sendTokenToBackendOrWhatever(fcmToken);
// Next times
const credentials = getSavedCredentials() // get your saved credentials from somewhere (file, db, etc...)
// persistentIds is the list of notification ids received to avoid receiving all already received notifications on start.
const persistentIds = getPersistentIds() || [] // get all previous persistentIds from somewhere (file, db, etc...)
await listen({ ...credentials, persistentIds}, onNotification);
// Called on new notification
function onNotification({ notification, persistentId }) {
// Update list of persistentId in file/db/...
updatePersistentIds([...persistentIds, persistentId]);
// Do someting with the notification
display(notification)
}
To test, you can use the send script provided in this repo, you need to pass your serverKey and the FCM token as arguments :
node scripts/send --serverKey="<FIREBASE_SERVER_KEY>" --token="<FIREBASE_TOKEN>"
FAQs
A module to subscribe to GCM/FCM and receive notifications within a node process.
The npm package @superhuman/push-receiver receives a total of 174 weekly downloads. As such, @superhuman/push-receiver popularity was classified as not popular.
We found that @superhuman/push-receiver demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.