
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
@talkjs/core
Advanced tools
Lets you connect to your TalkJS chat as a user and read, subscribe to, and update your chat data.
The @talkjs/core
package lets you connect to your TalkJS chat as a user and read, subscribe to, and update your chat data.
See our docs for more information.
To use this package, you will need a TalkJS account. TalkJS provides a ready-to-use chat client for your application. Your account gives you access to TalkJS's free development environment.
This example demonstrates how to create a TalkJS session and then create two users and conversation between them.
Install the @talkjs/core
package:
npm install @talkjs/core
# or
yarn add @talkjs/core
Import it into the component where you want to use it:
import { getTalkSession } from "@talkjs/core";
Then add the following code to create the session, users and conversation:
// Replace with your own app ID
const appId = "<APP_ID>";
const userId = "alice";
const session = getTalkSession({ appId, userId });
session.currentUser.createIfNotExists({ name: "Alice" });
const conversation = session.conversation("my_conversation");
conversation.createIfNotExists();
conversation.subscribeMessages((messages) => {
console.log(messages);
});
For example, if you are using React, add this code inside a useEffect
hook.
This package is primarily intended to be used in the browser because it only connects as a single user. However, it also works in Node.js.
The @talkjs/core
package uses WebSocket
s to create a connection to the TalkJS servers. If you use @talkjs/core
in the browser or in Node.js version 22, it will use the built-in WebSocket
implementation automatically. Node.js version 21 will also use the built-in implementation if the --experimental-websocket
flag is enabled.
If you are using an older version of Node.js without built-in support for WebSocket
s, you will need to add support with a library. We recommend installing the ws package. Then tell @talkjs/core
to use WebSocket
from the library:
import { getTalkSession, registerPolyfills } from "@talkjs/core";
import { WebSocket } from "ws";
registerPolyfills({ WebSocket: WebSocket });
const session = getTalkSession(...);
If you encounter any problems with @talkjs/core
, please open a chat with support. TalkJS support is staffed by engineers.
browser
field to package.json
ConversationRef.send
, it now ignores formatted links and action buttons/links. Previously it parsed those nodes and tried to send them, which caused an error because users do not have permission to send those nodes.MessageRef.get()
would always set MessageSnapshot.referencedMessage
to nullReactionRef
which is created via MessageRef.reaction
.ReactionSnapshot
which is available in MessageSnapshot.reactions
.Session.user
, Session.conversation
, ConversationRef.message
, ConversationRef.participant
, and MessageRef.reaction
now all perform type validation on the argument and will throw an error if you use an invalid type or an empty string.GenericFileBlock
from subtype?: undefined
to subtype?: never
so that type narrowing works consistently when you check subtype === "<type>"
UserRef.subscribeOnline
which subscribes to a user's online status.
UserOnlineSnapshot
, UserOnlineSubscription
, and UserOnlineActiveState
.TalkSession.subscribeConversations
which returns a windowed subscription to your most recently active conversations.
ConversationListSubscription
and ConversationListActiveState
.ConversationRef.subscribeParticipants
which returns a windowed subscription to the participants in the conversation.
ParticipantSubscription
and ParticipantActiveState
.ConversationSnapshot.everyoneReadUntil
which is the minimum of all the participants' readUntil
values.ConversationRef.subscribeTyping
which lets you subscribe to typing indicators in a conversation.
TypingSubscription
, TypingSnapshot
, ManyTypingSnapshot
, FewTypingSnapshot
ConversationRef.subscribe
where it would emit the same snapshot multiple times in a row, when old messages were edited or deleted.GenericFileMetadata
, AudioFileMetadata
, ImageFileMetadata
, VideoFileMetadata
, and VoiceRecordingFileMetadata
FAQs
Lets you connect to your TalkJS chat as a user and read, subscribe to, and update your chat data.
The npm package @talkjs/core receives a total of 497 weekly downloads. As such, @talkjs/core popularity was classified as not popular.
We found that @talkjs/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.