Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@twilio/voice-sdk
Advanced tools
This product, Twilio's JavaScript Voice SDK, is the next version of Twilio's Javascript Client SDK. It is now in GA and we recommend all customers migrate in order to continue receiving future feature additions. For help on migrating from 1.x, see our migration guide.
Twilio's Voice SDK allows you to add real-time voice and PSTN calling to your web apps.
Please check out our common issues page or file any issues you find here on Github. For general inquiries related to the Voice SDK you can file a support ticket. Please ensure that you are not sharing any Personally Identifiable Information(PII) or sensitive account information (API keys, credentials, etc.) when reporting an issue.
We recommend using npm
to add the Voice SDK as a dependency.
npm install @twilio/voice-sdk --save
Using this method, you can import
the Voice SDK using ES Module or TypeScript syntax:
import { Device } from '@twilio/voice-sdk';
Or using CommonJS:
const Device = require('@twilio/voice-sdk').Device;
As of 2.0, the Twilio Voice SDK is no longer hosted via CDN.
Although we recommend using npm
to add the Voice SDK as a dependency, you can also get the Twilio Voice SDK code
from GitHub and include it in your project directly. To do so, navigate to
"Tags" and find the most recent release, or
the particular release version you'd like to use.
Note: releases tagged with "-rc" are "Release Candidate" versions and are still being tested. Unless you specifically know that you want to use a release candidate version, you should not use a release with "-rc" in the name.
Download either the zip
or the tar.gz
and then extract the files. For example, if you downloaded the
tarball for the 2.0.0
release, you could then extract the files with the tar
command:
tar -xvzf twilio-voice.js-2.0.0.tar.gz
cd twilio-voice.js-2.0.0
Once you've extracted the folder, the twilio.js
and twilio.min.js
files that
you can include in your project will be in the /dist
directory. twilio.min.js
is the
minified version of the code.
You can copy either the twilio.js
or the twilio.min.js
file into your project and
then provide a link to it in your html. For example:
<script type="text/javascript" src="twilio.min.js"></script>
Using this method, you can access the SDK through the browser global:
const Device = Twilio.Device;
Running unit tests requires no setup aside from installation (above). You can run unit tests via:
npm run test:unit
Integration tests require some set up:
<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Dial>
<Client>
<Identity>{{To}}</Identity>
<Parameter name="duplicate" value="12345" />
<Parameter name="duplicate" value="123456" />
<Parameter name="custom + param" value="我不吃蛋" />
<Parameter name="foobar" value="some + value" />
<Parameter name="custom1" value="{{Custom1}}" />
<Parameter name="custom2" value="{{Custom2}}" />
<Parameter name="custom3" value="{{Custom3}}" />
</Client>
</Dial>
</Response>
Integration tests can be run via:
npm run test:integration
These tests will run via karma, one at a time, in your system's default Chrome and then Firefox.
Network tests have been split out into their own docker processes, and can be run via
npm run test:docker
Use the following policy directives to enable CSP that is compatible with twilio-voice.js.
script-src https://media.twiliocdn.com https://sdk.twilio.com
media-src mediastream: https://media.twiliocdn.com https://sdk.twilio.com
connect-src https://eventgw.twilio.com wss://voice-js.roaming.twilio.com https://media.twiliocdn.com https://sdk.twilio.com
If you are providing a non-default value for Device.ConnectOptions.edge
parameter, you need to add the Signaling URI wss://voice-js.{edgeId}.twilio.com
in your connect-src
directive where edgeId
is the Edge ID
as defined in this page. See examples below.
If Device.ConnectOptions.edge
is ashburn
connect-src https://eventgw.twilio.com https://media.twiliocdn.com https://sdk.twilio.com wss://voice-js.ashburn.twilio.com
If Device.ConnectOptions.edge
is ['ashburn', 'sydney', 'roaming']
connect-src https://eventgw.twilio.com https://media.twiliocdn.com https://sdk.twilio.com wss://voice-js.ashburn.twilio.com wss://voice-js.sydney.twilio.com wss://voice-js.roaming.twilio.com
If you are providing a home region grant into your Twilio access token, you need to add the insights endpoint in your connect-src
directive using eventgw.{homeRegion}.twilio.com
format. Below is an example if your home region grant is sg1
.
connect-src https://eventgw.sg1.twilio.com wss://voice-js.roaming.twilio.com https://media.twiliocdn.com https://sdk.twilio.com
See LICENSE.md
FAQs
Twilio's JavaScript Voice SDK
The npm package @twilio/voice-sdk receives a total of 48,748 weekly downloads. As such, @twilio/voice-sdk popularity was classified as popular.
We found that @twilio/voice-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.