Security News
npm Updates Search Experience with New Objective Sorting Options
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
@thream/socketio-jwt
Advanced tools
Authenticate socket.io incoming connections with JWTs.
Authenticate socket.io incoming connections with JWTs.
Compatible with socket.io >= 3.0
.
This repository was originally forked from auth0-socketio-jwt & it is not intended to take any credit but to improve the code from now on.
npm install --save @thream/socketio-jwt
import { Server } from 'socket.io'
import socketioJWT from '@thream/socketio-jwt'
const io = new Server(9000)
io.use(
authorize({
secret: 'your secret or public key'
})
)
io.on('connection', async () => {
const clients = await io.sockets.allSockets()
for (const clientId of clients) {
const client = io.sockets.sockets.get(clientId)
console.log(client.decodedToken) // we can access the jwt payload of each connected client
}
})
import { io } from 'socket.io-client'
// Require Bearer Tokens to be passed in as an Authorization Header
const socket = io('http://localhost:9000', {
extraHeaders: { Authorization: `Bearer ${yourJWT}` }
})
// Handling token expiration
socket.on('connect_error', (error) => {
if (error.data.type === 'UnauthorizedError') {
console.log('User token has expired')
}
})
// Listening to events
socket.on('messages', (data) => {
console.log(data)
})
Anyone can help to improve the project, submit a Feature Request, a bug report or even correct a simple spelling mistake.
The steps to contribute can be found in the CONTRIBUTING.md file.
FAQs
Authenticate socket.io incoming connections with JWTs.
The npm package @thream/socketio-jwt receives a total of 3,265 weekly downloads. As such, @thream/socketio-jwt popularity was classified as popular.
We found that @thream/socketio-jwt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm has a revamped search experience with new, more transparent sorting options—Relevance, Downloads, Dependents, and Publish Date.
Security News
A supply chain attack has been detected in versions 1.95.6 and 1.95.7 of the popular @solana/web3.js library.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.