Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Ably is the platform that powers synchronized digital experiences in realtime. Whether attending an event in a virtual venue, receiving realtime financial information, or monitoring live car performance data – consumers simply expect realtime digital experiences as standard. Ably provides a suite of APIs to build, extend, and deliver powerful digital experiences in realtime for more than 250 million devices across 80 countries each month. Organizations like Bloomberg, HubSpot, Verizon, and Hopin depend on Ably’s platform to offload the growing complexity of business-critical realtime data synchronization at global scale. For more information, see the Ably documentation.
This is a JavaScript client library for Ably Realtime.
This library currently targets the Ably client library features spec Version 1.2. You can jump to the 'Known Limitations' section to see the features this client library does not yet support or view our client library SDKs feature support matrix to see the list of all the available features.
This SDK supports the following platforms:
Browsers: All major desktop and mobile browsers, including (but not limited to) Chrome, Firefox, Edge, Safari on iOS and macOS, Opera, and Android browsers. IE is not supported. See compatibility table below for more information on minimum supported versions for major browsers:
Browser | Minimum supported version | Release date |
---|---|---|
Chrome | 58 | Apr 19, 2017 |
Firefox | 52 | Mar 7, 2017 |
Edge | 79 | Dec 15, 2020 |
Safari | 11 | Sep 19, 2017 |
Opera | 45 | May 10, 2017 |
Webpack: see using Webpack in browsers, or our guide for serverside Webpack
Node.js: version 16.x or newer. (1.1.x versions work on Node.js 4.5 or newer, 1.2.x versions work on Node.js 8.17 or newer). We do not currently provide an ESM bundle, please contact us if you would would like to use ably-js in a NodeJS ESM project.
React (release candidate): We offer a set of React Hooks which make it seamless to use ably-js in your React application. See the React Hooks documentation for more details.
React Native: We aim to support all platforms supported by React Native. If you find any issues please raise an issue or contact us.
NativeScript: see ably-js-nativescript
TypeScript: see below
WebWorkers: The browser bundle supports running in a Web Worker context. You can also use the modular variant of the library in Web Workers.
We test the library against a selection of browsers using their latest versions. Please refer to the test-browser GitHub workflow for the set of browsers that currently undergo CI testing.
We regression-test the library against a selection of Node.js versions, which will change over time. We will always support and test against current LTS Node.js versions, and optionally some older versions that are still supported by upstream dependencies. We reserve the right to drop support for non-LTS versions in a non-major release. We will update the engines
field in package.json whenever we change the Node.js versions supported by the project. Please refer to the test-node GitHub workflow for the set of versions that currently undergo CI testing.
However, we aim to be compatible with a much wider set of platforms and browsers than we can possibly test on. That means we'll happily support (and investigate reported problems with) any reasonably-widely-used browser. So if you find any compatibility issues, please do raise an issue in this repository or contact Ably customer support for advice.
If you require support for older browsers and Node.js, you can use the security-maintained version 1 of the library. Install version 1 via CDN link, or from npm with npm install ably@1 --save
. It supports IE versions 9 or newer, older versions of major browsers, and Node.js 8.17 or newer. Note that version 1 will only receive security updates and critical bug fixes, and won't include any new features.
For complete API documentation, see the Ably documentation.
npm install ably --save
and require as:
var Ably = require('ably');
For usage, jump to Using the Realtime API or Using the REST API.
If you are using a version older than 1.2.5 you will need to add 'ably' to externals
in your webpack config to exclude it from webpack processing, and require and use it in as a external module using require('ably') as above.
Include the Ably library in your HTML:
<script src="https://cdn.ably.com/lib/ably.min-1.js"></script>
The Ably client library follows Semantic Versioning. To lock into a major or minor version of the client library, you can specify a specific version number such as https://cdn.ably.com/lib/ably.min-1.js for all v1._ versions, or https://cdn.ably.com/lib/ably.min-1.0.js for all v1.0._ versions, or you can lock into a single release with https://cdn.ably.com/lib/ably.min-1.0.9.js. Note you can load the non-minified version by omitting min-
from the URL such as https://cdn.ably.com/lib/ably-1.0.js. See https://github.com/ably/ably-js/tags for a list of tagged releases.
For usage, jump to Using the Realtime API or Using the REST API.
(This applies to using webpack to compile for a browser; for Node.js, see Serverside usage with webpack)
WebPack will search your node_modules
folder by default, so if you include ably
in your package.json
file, when running Webpack the following will allow you to require('ably')
(or if using typescript or ES6 modules, import * as Ably from 'ably';
). If your webpack target is set to 'browser', this will automatically use the browser commonjs distribution.
If that doesn't work for some reason (e.g. you are using a custom webpack target), you can reference the ably.js
static file directly: require('ably/build/ably.js');
(or import * as Ably from 'ably/build/ably.js'
for typescript / ES6 modules).
Aimed at those who are concerned about their app’s bundle size, the modular variant of the library allows you to create a client which has only the functionality that you choose. Unused functionality can then be tree-shaken by your module bundler.
The modular variant of the library provides:
BaseRealtime
class;BaseRealtime
instance, such as Rest
, RealtimePresence
, etc.To use this variant of the library, import the BaseRealtime
class from ably/modular
, along with the plugins that you wish to use. Then, pass these plugins to the BaseRealtime
constructor as shown in the example below:
import { BaseRealtime, WebSocketTransport, FetchRequest, RealtimePresence } from 'ably/modular';
const client = new BaseRealtime({
key: 'YOUR_ABLY_API_KEY' /* Replace with a real key from the Ably dashboard */,
plugins: {
WebSocketTransport,
FetchRequest,
RealtimePresence,
},
});
You must provide:
FetchRequest
or XHRRequest
;WebSocketTransport
or XHRPolling
.BaseRealtime
offers the same API as the Realtime
class described in the rest of this README
. This means that you can develop an application using the default variant of the SDK and switch to the modular version when you wish to optimize your bundle size.
In order to further reduce bundle size, the modular variant of the SDK performs less logging than the default variant. It only logs:
logLevel
of 1 (that is, errors)If you need more verbose logging, use the default variant of the SDK.
For more information about the modular variant of the SDK, see the generated documentation (this link points to the documentation for the main
branch).
The TypeScript typings are included in the package and so all you have to do is:
import * as Ably from 'ably';
let options: Ably.ClientOptions = { key: 'foo' };
let client = new Ably.Realtime(options); /* inferred type Ably.Realtime */
let channel = client.channels.get('feed'); /* inferred type Ably.RealtimeChannel */
Intellisense in IDEs with TypeScript support is supported:
If you need to explicitly import the type definitions, see ably.d.ts.
See the ably-js-nativescript repo for NativeScript usage details.
This readme gives some basic examples; for our full API documentation, please go to https://www.ably.com/docs .
All examples assume a client has been created as follows:
// basic auth with an API key
var client = new Ably.Realtime(key: string);
// using a Client Options object, see https://www.ably.com/docs/rest/usage#client-options
// which must contain at least one auth option, i.e. at least
// one of: key, token, tokenDetails, authUrl, or authCallback
var client = new Ably.Realtime(options: ClientOptions);
Successful connection:
client.connection.on('connected', function() {
# successful connection
});
Failed connection:
client.connection.on('failed', function() {
# failed connection
});
Given:
var channel = client.channels.get('test');
Subscribe to all events:
channel.subscribe(function (message) {
message.name; // 'greeting'
message.data; // 'Hello World!'
});
Only certain events:
channel.subscribe('myEvent', function (message) {
message.name; // 'myEvent'
message.data; // 'myData'
});
Subscribing to a channel in delta mode enables delta compression. This is a way for a client to subscribe to a channel so that message payloads sent contain only the difference (ie the delta) between the present message and the previous message on the channel.
Configuring a channel for deltas is detailed in the @ably-forks/vcdiff-decoder documentation.
Beyond specifying channel options, the rest is transparent and requires no further changes to your application. The message.data
instances that are delivered to your listening function continue to contain the values that were originally published.
If you would like to inspect the Message
instances in order to identify whether the data
they present was rendered from a delta message from Ably then you can see if extras.delta.format
equals 'vcdiff'
.
// Publish a single message with name and data
await channel.publish('greeting', 'Hello World!');
// Publish several messages at once
await channel.publish([{name: 'greeting', data: 'Hello World!'}, ...]);
const messagesPage = channel.history()
messagesPage // PaginatedResult
messagesPage.items // array of Message
messagesPage.items[0].data // payload for first message
messagesPage.items.length // number of messages in the current page of history
messagesPage.hasNext() // true if there are further pages
messagesPage.isLast() // true if this page is the last page
const nextPage = await messagesPage.next(); // retrieves the next page as PaginatedResult
// Can optionally take an options param, see https://www.ably.com/docs/rest-api/#message-history
const messagesPage = await channel.history({start: ..., end: ..., limit: ..., direction: ...});
Getting presence:
const presenceSet = channel.presence.get();
presenceSet; // array of PresenceMessages
Note that presence#get on a realtime channel does not return a PaginatedResult, as the library maintains a local copy of the presence set.
Entering (and leaving) the presence set:
await channel.presence.enter('my status');
// now I am entered
await channel.presence.update('new status');
// my presence data is updated
await channel.presence.leave()
// I've left the presence set
If you are using a client which is allowed to use any clientId -- that is, if you didn't specify a clientId when initializing the client, and are using basic auth or a token witha wildcard clientId (see https://www.ably.com/docs/general/authentication for more information), you can use
await channel.presence.enterClient('myClientId', 'status');
// and similarly, updateClient and leaveClient
const messagesPage = channel.presence.history(); // PaginatedResult
messagesPage.items // array of PresenceMessage
messagesPage.items[0].data // payload for first message
messagesPage.items.length // number of messages in the current page of history
messagesPage.hasNext() // true if there are further pages
messagesPage.isLast() // true if this page is the last page
const nextPage = await messagesPage.next(); // retrieves the next page as PaginatedResult
// Can optionally take an options param, see https://www.ably.com/docs/rest-api/#message-history
const messagesPage = await channel.presence.history({start: ..., end: ..., limit: ..., direction: ...);
When a 128 bit or 256 bit key is provided to the library, the data
attributes of all messages are encrypted and decrypted automatically using that key. The secret key is never transmitted to Ably. See https://www.ably.com/docs/realtime/encryption
// Generate a random 256-bit key for demonstration purposes (in
// practice you need to create one and distribute it to clients yourselves)
const key = await Ably.Realtime.Crypto.generateRandomKey();
var channel = client.channels.get('channelName', { cipher: { key: key } });
channel.subscribe(function (message) {
message.name; // 'name is not encrypted'
message.data; // 'sensitive data is encrypted'
});
channel.publish('name is not encrypted', 'sensitive data is encrypted');
You can also change the key on an existing channel using setOptions (which completes after the new encryption settings have taken effect):
await channel.setOptions({cipher: {key: <key>}});
// New encryption settings are in effect
Message Interactions allow you to interact with messages previously sent to a channel. Once a channel is enabled with Message Interactions, messages received by that channel will contain a unique timeSerial
that can be referenced by later messages.
Example emoji reaction to a message:
function sendReaction(emoji) {
channel.publish({ name: 'event_name', data: emoji, extras: { ref: { type: "com.ably.reaction", timeserial: "1656424960320-1" } } })
}
See https://www.ably.com/docs/realtime/messages#message-interactions for more detail.
Ably-js has fallback transport mechanisms to ensure its realtime capabilities can function in network conditions (such as firewalls or proxies) that might prevent the client from establishing a WebSocket connection.
The default Ably.Realtime
client includes these mechanisms by default. If you are using modular variant of the library, you may wish to provide the BaseRealtime
instance with one or more alternative transport modules, namely XHRStreaming
and/or XHRPolling
, alongside WebSocketTransport
, so your connection is less susceptible to these external conditions. For instructions on how to do this, refer to the modular variant of the library section.
Each of these fallback transport mechanisms is supported and tested on all the browsers we test against, even when those browsers do not themselves require those fallbacks.
This readme gives some basic examples. For our full API documentation, please go to https://www.ably.com/docs .
All examples assume a client and/or channel has been created as follows:
// basic auth with an API key
var client = new Ably.Rest(key: string);
// using a Client Options object, see https://www.ably.com/docs/realtime/usage#client-options
// which must contain at least one auth option, i.e. at least
// one of: key, token, tokenDetails, authUrl, or authCallback
var client = new Ably.Rest(options: ClientOptions);
Given:
var channel = client.channels.get('test');
// Publish a single message with name and data
try {
channel.publish('greeting', 'Hello World!');
console.log('publish succeeded');
} catch (err) {
console.log('publish failed with error ' + err);
}
// Publish several messages at once
await channel.publish([{name: 'greeting', data: 'Hello World!'}, ...]);
const messagesPage = await channel.history();
messagesPage // PaginatedResult
messagesPage.items // array of Message
messagesPage.items[0].data // payload for first message
messagesPage.items.length // number of messages in the current page of history
messagesPage.hasNext() // true if there are further pages
messagesPage.isLast() // true if this page is the last page
const nextPage = await messagesPage.next(); // retrieves the next page as PaginatedResult
// Can optionally take an options param, see https://www.ably.com/docs/rest-api/#message-history
await channel.history({start: ..., end: ..., limit: ..., direction: ...});
const presencePage = await channel.presence.get() // PaginatedResult
presencePage.items // array of PresenceMessage
presencePage.items[0].data // payload for first message
presencePage.items.length // number of messages in the current page of members
presencePage.hasNext() // true if there are further pages
presencePage.isLast() // true if this page is the last page
const nextPage = await presencePage.next(); // retrieves the next page as PaginatedResult
const messagesPage = channel.presence.history(); // PaginatedResult
messagesPage.items // array of PresenceMessage
messagesPage.items[0].data // payload for first message
messagesPage.items.length // number of messages in the current page of history
messagesPage.hasNext() // true if there are further pages
messagesPage.isLast() // true if this page is the last page
const nextPage = await messagesPage.next(); // retrieves the next page as PaginatedResult
// Can optionally take an options param, see https://www.ably.com/docs/rest-api/#message-history
const messagesPage = channel.history({start: ..., end: ..., limit: ..., direction: ...});
const channelDetails = await channel.status();
channelDetails.channelId // The name of the channel
channelDetails.status.isActive // A boolean indicating whether the channel is active
channelDetails.status.occupancy // Contains metadata relating to the occupants of the channel
See https://www.ably.com/docs/general/authentication for an explanation of Ably's authentication mechanism.
Requesting a token:
const tokenDetails = await client.auth.requestToken();
// tokenDetails is instance of TokenDetails
// see https://www.ably.com/docs/rest/authentication/#token-details for its properties
// Now we have the token, we can send it to someone who can instantiate a client with it:
var clientUsingToken = new Ably.Realtime(tokenDetails.token);
// requestToken can take two optional params
// tokenParams: https://www.ably.com/docs/rest/authentication/#token-params
// authOptions: https://www.ably.com/docs/rest/authentication/#auth-options
const tokenDetails = await client.auth.requestToken(tokenParams, authOptions);
Creating a token request (for example, on a server in response to a
request by a client using the authCallback
or authUrl
mechanisms):
const tokenRequest = await client.auth.createTokenRequest();
// now send the tokenRequest back to the client, which will
// use it to request a token and connect to Ably
// createTokenRequest can take two optional params
// tokenParams: https://www.ably.com/docs/rest/authentication/#token-params
// authOptions: https://www.ably.com/docs/rest/authentication/#auth-options
const tokenRequest = await client.auth.createTokenRequest(tokenParams, authOptions);
const statsPage = await client.stats() // statsPage as PaginatedResult
statsPage.items // array of Stats
statsPage.items[0].inbound.rest.messages.count; // total messages published over REST
statsPage.items.length; // number of stats in the current page of history
statsPage.hasNext() // true if there are further pages
statsPage.isLast() // true if this page is the last page
const nextPage = await statsPage.next(); // retrieves the next page as PaginatedResult
const time = await client.time(); // time is in ms since epoch
From version 1.2 this client library supports subscription to a stream of Vcdiff formatted delta messages from the Ably service. For certain applications this can bring significant data efficiency savings. This is an optional feature so our
See the @ably-forks/vcdiff-decoder documentation for setup and usage examples.
Please visit http://support.ably.com/ for access to our knowledgebase and to ask for any assistance.
You can also view the community reported Github issues.
To see what has changed in recent versions, see the CHANGELOG.
This library currently does not support being the target of a push notification (i.e. web push).
Chrome extensions built with Manifest v3 require service workers instead of background pages. This is supported in Ably via the Web Worker build, however workarounds are required to ensure Chrome does not mark the service worker as inactive.
If you are using ably-js in your Next.js project with App Router and Turbopack enabled (via running next dev --turbo
), you may encounter Failed to compile Module not found
compilation error referencing ./node_modules/keyv/src/index.js
file or see Critical dependency: the request of a dependency is an expression
warnings for the same keyv
module.
To fix this, please add ably
to the serverComponentsExternalPackages
list in next.config.js
(read more about this option here):
const nextConfig = {
// ...
experimental: {
serverComponentsExternalPackages: ['ably'],
},
};
The issue is coming from the fact that when using App Router specifically dependencies used inside Server Components and Route Handlers will automatically be bundled by Next.js. This causes issues with some packages, usually the ones that have complex require
statements, for example, requiring some packages dynamically during runtime. keyv
is one of those packages as it uses require
statement dynamically when requiring its adapters (see code in repo):
keyv
ends up being one of ably-js
's upstream dependencies for node.js bundle, which causes the errors above when using it with Next.js App Router.
Using serverComponentsExternalPackages
opt-outs from using Next.js bundling for specific packages and uses native Node.js require
instead.
This is a common problem in App Router for a number of packages (for example, see next.js issue vercel/next.js#52876), and using serverComponentsExternalPackages
is the recommended approach here.
For guidance on how to contribute to this project, see the CONTRIBUTING.md.
Automated browser testing supported by
FAQs
Realtime client library for Ably, the realtime messaging service
We found that ably demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.