Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
#node-apn
A Node.js module for interfacing with the Apple Push Notification service.
Via npm:
$ npm install apn
As a submodule of your project
$ git submodule add http://github.com/argon/node-apn.git apn
$ git submodule update --init
var apns = require('apn');
Create a new connection to the gateway server using a dictionary of options. The defaults are listed below:
options = { cert: 'cert.pem' /* Certificate file */
, key: 'key.pem' /* Key file */
, gateway: 'gateway.push.apple.com' /* gateway address */
, port: 2195 /* gateway port */
, enhanced: true /* enable enhanced format */
, errorCallback: undefined /* Callback when error occurs */
, cacheLength: 5 /* Notifications to cache for error purposes */
};
var apnsConnection = new apns.connection(options);
To send a notification first create a Device
object. Pass it the device token as either a hexadecimal string, or alternatively as a Buffer
object containing the binary token, setting the second argument to false
.
var myDevice = new apns.device(token /*, ascii=true*/);
Next create a notification object and set parameters. See the payload documentation for more details
var note = new apns.notification();
note.badge = 3;
note.sound = "ping.aiff";
note.alert = "You have a new message";
note.payload = {'messageFrom': 'Caroline'};
note.device = myDevice;
apnsConnection.sendNotification(note);
The above options will compile the following dictionary to send to the device:
{"messageFrom":"Caroline","aps":{"badge":3,"sound":"ping.aiff","alert":"You have a new message"}}
If the enhanced binary interface is enabled and an error occurs when sending a message then subsequent messages will be automatically resent* and the connection will be re-established. If an errorCallback
is also specified in the connection options then it will be invoked with 2 arguments.
Errors
object.* N.B.: The cacheLength
option specifies the number of sent notifications which will be cached for error handling purposes. At present if more than the specified number of notifications have been sent between the incorrect notification being sent and the error being received then no resending will occur. This is only envisaged within very high volume environments and a higher cache number might be desired.
Apple recommends checking the feedback service periodically for a list of devices for which there were failed delivery attempts.
Using the Feedback
object it is possible to periodically query the server for the list. You should provide a function which will accept two arguments, the time
returned by the server (epoch time) and a Device
object containing the device token. You can also set the query interval in seconds. Again the default options are shown below.
options = { cert: 'cert.pem' /* Certificate file */
, key: 'key.pem' /* Key file */
, address: 'feedback.push.apple.com' /* feedback address */
, port: 2196 /* feedback port */
, feedback: false /* callback function */
, interval: 3600 /* query interval in seconds */
};
var feedback = new apns.feedback(options);
After requesting the certificate from Apple export your private key as a .p12 file and download the .cer file from the iOS Provisioning Portal.
Now in the directory containing cert.cer and key.p12 execute the following commands to generate your .pem files:
$ openssl x509 -in cert.cer -inform DER -outform PEM -out cert.pem
$ openssl pkcs12 -in key.p12 -out key.pem -nodes
If you are using a development certificate you may wish to name them differently to enable fast switching between development and production. The filenames are configurable within the module options, so feel free to name them something more appropriate.
Written and maintained by Andrew Naylor.
Special thanks to Ben Noordhuis for invoke_after
code.
Released under the MIT License
Copyright (c) 2010 Andrew Naylor
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
1.0.7:
1.0.6:
1.0.5:
1.0.4:
1.0.3:
1.0.2:
1.0.1:
index.js
to make module loading tidier1.0.0:
FAQs
An interface to the Apple Push Notification service for Node.js
The npm package apn receives a total of 45,583 weekly downloads. As such, apn popularity was classified as popular.
We found that apn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.