Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
Create an APNS client using a signing key:
import { ApnsClient } from 'apns2'
const client = new ApnsClient({
team: `TFLP87PW54`,
keyId: `123ABC456`,
signingKey: fs.readFileSync(`${__dirname}/path/to/auth.p8`),
defaultTopic: `com.tablelist.Tablelist`,
requestTimeout: 0, // optional, Default: 0 (without timeout)
keepAlive: true, // optional, Default: 5000
})
Send a basic notification with message:
import { Notification } from 'apns2'
const bn = new Notification(deviceToken, { alert: 'Hello, World' })
try {
await client.send(bn)
} catch (err) {
console.error(err.reason)
}
Send a basic notification with message and options:
import { Notification } from 'apns2'
const bn = new Notification(deviceToken, {
alert: 'Hello, World',
badge: 4,
data: {
userId: user.getUserId
}
})
try {
await client.send(bn)
} catch (err) {
console.error(err.reason)
}
Send a silent notification using content-available
key:
import { SilentNotification } from 'apns2'
const sn = new SilentNotification(deviceToken)
try {
await client.send(sn)
} catch (err) {
console.error(err.reason)
}
Note: Apple recommends that no options other than the content-available
flag be sent in order for a notification to truly be silent and wake up your app in the background. Therefore this class does not accept any additional options in the constructor.
Send multiple notifications concurrently:
import { Notification } from 'apns2'
const notifications = [
new Notification(deviceToken1, { alert: 'Hello, World' }),
new Notification(deviceToken2, { alert: 'Hello, World' })
]
try {
await client.sendMany(notifications)
} catch (err) {
console.error(err.reason)
}
For complete control over the push notification packet use the base Notification
class:
import { Notification } from 'apns2'
const notification = new Notification(deviceToken, {
aps: { ... }
})
try {
await client.send(notification)
} catch(err) {
console.error(err.reason)
}
Available options can be found at APNS Payload Options
All errors are defined in ./lib/errors.js
and come directly from APNS Table 4
You can easily listen for these errors by attaching an error handler to the APNS client:
import { Errors } from 'apns2'
// Listen for a specific error
client.on(Errors.badDeviceToken, (err) => {
// Handle accordingly...
// Perhaps delete token from your database
console.error(err.reason, err.statusCode, err.notification.deviceToken)
})
// Listen for any error
client.on(Errors.error, (err) => {
console.error(err.reason, err.statusCode, err.notification.deviceToken)
})
By default the APNS client connects to the production push notification server. This is identical to passing in the options:
const client = new ApnsClient({
host: 'api.push.apple.com'
...
})
To connect to the development push notification server, pass the options:
const client = new ApnsClient({
host: 'api.sandbox.push.apple.com'
...
})
apns2
requires Node.js v16 or later
contentAvailable
mutableContent
FAQs
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
The npm package apns2 receives a total of 2,136 weekly downloads. As such, apns2 popularity was classified as popular.
We found that apns2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.