Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
Now uses the native
http2
module in Node.js v8.10 or later
Create an APNS client using a signing key:
const { APNS } = require('apns2')
let client = new APNS({
team: `TFLP87PW54`,
keyId: `123ABC456`,
signingKey: fs.readFileSync(`${__dirname}/path/to/auth.p8`),
defaultTopic: `com.tablelist.Tablelist`
})
Send a basic notification with message:
const { BasicNotification } = require('apns2')
let bn = new BasicNotification(deviceToken, 'Hello, World')
client.send(bn).then(() => {
// sent successfully
}).catch(err => {
console.error(err.reason)
})
Send a basic notification with message and options:
const { BasicNotification } = require('apns2')
let bn = new BasicNotification(deviceToken, 'Hello, World', {
badge: 4,
data: {
userId: user.getUserId
}
})
client.send(bn).then(() => {
// sent successfully
}).catch(err => {
console.error(err.reason)
})
Send a silent notification using content-available
key:
const { SilentNotification } = require('apns2')
let sn = new SilentNotification(deviceToken)
client.send(sn).then(() => {
// sent successfully
}).catch(err => {
console.error(err.reason)
})
Note: Apple recommends that no options other than the content-available
flag be sent in order for a notification to truly be silent and wake up your app in the background. Therefore this class does not accept any additional options in the constructor.
For complete control over the push notification packet use the base Notification
class:
const { Notification } = require('apns2')
let notification = new Notification(deviceToken, {
aps: { ... }
})
client.send(notification).then(() => {
// sent successfully
}).catch(err => {
console.error(err.reason)
})
Available options can be found at APNS Payload Options
All errors are defined in ./lib/errors.js
and come directly from APNS Table 8-6
You can easily listen for these errors by attaching an error handler to the APNS client:
const { Errors } = require('apns2')
// Listen for a specific error
client.on(Errors.badDeviceToken, err => {
// Handle accordingly...
// Perhaps delete token from your database
console.error(err.reason, err.statusCode, err.notification.deviceToken)
})
// Listen for any error
client.on(Errors.error, err => {
console.error(err.reason, err.statusCode, err.notification.deviceToken)
})
By default the APNS client connects to the production push notification server. This is identical to passing in the options:
let client = new APNS({
host: 'api.push.apple.com',
port: 443,
...
})
To connect to the development push notification server, pass the options:
let client = new APNS({
host: 'api.development.push.apple.com'
...
})
apns2
requires Node.js v8.10 or later
TooManyProviderTokenUpdates
errorFAQs
Node client for connecting to Apple's Push Notification Service using the new HTTP/2 protocol with JSON web tokens.
The npm package apns2 receives a total of 2,136 weekly downloads. As such, apns2 popularity was classified as popular.
We found that apns2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.