Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
engine.io-client
Advanced tools
The engine.io-client npm package is a client-side library that provides bidirectional event-based communication between web clients and servers. It is the client component of the Engine.IO protocol, which is a transport layer built on top of WebSocket and other transport mechanisms to provide a reliable, low-latency connection for real-time applications.
Establishing a connection
This feature allows you to establish a connection to an Engine.IO server. The 'open' event is emitted when the connection is successfully established.
const eio = require('engine.io-client');
const socket = eio('ws://localhost');
socket.on('open', function(){
console.log('Connection established');
});
Sending messages
Once a connection is established, you can send messages to the server using the 'send' method.
socket.send('Hello World!');
Receiving messages
You can listen for messages from the server with the 'message' event. The callback function receives the message data as its argument.
socket.on('message', function(data){
console.log('Received message:', data);
});
Handling connection errors
The 'error' event is emitted when there is a connection error. The callback function receives the error object as its argument.
socket.on('error', function(error){
console.error('Connection error:', error);
});
Closing the connection
The 'close' event is emitted when the connection is closed. The callback function receives the reason and a description as arguments.
socket.on('close', function(reason, description){
console.log('Connection closed', reason, description);
});
Socket.IO-client is a more feature-rich client-side library that provides real-time bidirectional event-based communication, similar to engine.io-client. It is built on top of engine.io-client and adds additional features like namespaces, rooms, and automatic reconnection.
The 'ws' package is a simple WebSocket client and server implementation for Node.js. Unlike engine.io-client, it does not provide built-in mechanisms for features like automatic reconnection and binary data handling, but it allows for more control over the WebSocket connection.
Faye-websocket is a WebSocket client and server for Node.js and Ruby. It provides a simple API for handling WebSocket connections but does not include the higher-level abstractions and fallback mechanisms that engine.io-client offers.
This is the client for Engine.IO, the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO.
You can find an engine.io.js
file in this repository, which is a
standalone build you can use as follows:
<script src="/path/to/engine.io.js"></script>
<script>
// eio = Socket
const socket = eio('ws://localhost');
socket.on('open', () => {
socket.on('message', (data) => {});
socket.on('close', () => {});
});
</script>
Engine.IO is a commonjs module, which means you can include it by using
require
on the browser and package using browserify:
install the client package
$ npm install engine.io-client
write your app code
const { Socket } = require('engine.io-client');
const socket = new Socket('ws://localhost');
socket.on('open', () => {
socket.on('message', (data) => {});
socket.on('close', () => {});
});
build your app bundle
$ browserify app.js > bundle.js
include on your page
<script src="/path/to/bundle.js"></script>
<script src="/path/to/engine.io.js"></script>
<script>
const socket = eio('ws://localhost/');
socket.binaryType = 'blob';
socket.on('open', () => {
socket.send(new Int8Array(5));
socket.on('message', (blob) => {});
socket.on('close', () => {});
});
</script>
Add engine.io-client
to your package.json
and then:
const { Socket } = require('engine.io-client');
const socket = new Socket('ws://localhost');
socket.on('open', () => {
socket.on('message', (data) => {});
socket.on('close', () => {});
});
const opts = {
key: fs.readFileSync('test/fixtures/client.key'),
cert: fs.readFileSync('test/fixtures/client.crt'),
ca: fs.readFileSync('test/fixtures/ca.crt')
};
const { Socket } = require('engine.io-client');
const socket = new Socket('ws://localhost', opts);
socket.on('open', () => {
socket.on('message', (data) => {});
socket.on('close', () => {});
});
const opts = {
extraHeaders: {
'X-Custom-Header-For-My-Project': 'my-secret-access-token',
'Cookie': 'user_session=NI2JlCKF90aE0sJZD9ZzujtdsUqNYSBYxzlTsvdSUe35ZzdtVRGqYFr0kdGxbfc5gUOkR9RGp20GVKza; path=/; expires=Tue, 07-Apr-2015 18:18:08 GMT; secure; HttpOnly'
}
};
const { Socket } = require('engine.io-client');
const socket = new Socket('ws://localhost', opts);
socket.on('open', () => {
socket.on('message', (data) => {});
socket.on('close', () => {});
});
In the browser, the WebSocket object does not support additional headers.
In case you want to add some headers as part of some authentication mechanism, you can use the transportOptions
attribute.
Please note that in this case the headers won't be sent in the WebSocket upgrade request.
// WILL NOT WORK in the browser
const socket = new Socket('http://localhost', {
extraHeaders: {
'X-Custom-Header-For-My-Project': 'will not be sent'
}
});
// WILL NOT WORK
const socket = new Socket('http://localhost', {
transports: ['websocket'], // polling is disabled
transportOptions: {
polling: {
extraHeaders: {
'X-Custom-Header-For-My-Project': 'will not be sent'
}
}
}
});
// WILL WORK
const socket = new Socket('http://localhost', {
transports: ['polling', 'websocket'],
transportOptions: {
polling: {
extraHeaders: {
'X-Custom-Header-For-My-Project': 'will be used'
}
}
}
});
Engine
message
event.The client class. Mixes in Emitter.
Exposed as eio
in the browser standalone build.
protocol
(Number): protocol revision numberbinaryType
(String) : can be set to 'arraybuffer' or 'blob' in browsers,
and buffer
or arraybuffer
in Node. Blob is only used in browser if it's
supported.open
message
String
| ArrayBuffer
: utf-8 encoded data or ArrayBuffer containing
binary dataclose
open
event does not occur (i.e. due to connection error or close()
).error
flush
drain
drain
event of transport if writeBuffer is emptyupgradeError
upgrade
ping
pong
String
uriObject
: optional, options objectagent
(http.Agent
): http.Agent
to use, defaults to false
(NodeJS only)upgrade
(Boolean
): defaults to true, whether the client should try
to upgrade the transport from long-polling to something better.forceBase64
(Boolean
): forces base 64 encoding for polling transport even when XHR2 responseType is available and WebSocket even if the used standard supports binary.withCredentials
(Boolean
): defaults to false
, whether to include credentials (cookies, authorization headers, TLS client certificates, etc.) with cross-origin XHR polling requests.timestampRequests
(Boolean
): whether to add the timestamp with each
transport request. Note: polling requests are always stamped unless this
option is explicitly set to false
(false
)timestampParam
(String
): timestamp parameter (t
)path
(String
): path to connect to, default is /engine.io
transports
(Array
): a list of transports to try (in order).
Defaults to ['polling', 'websocket', 'webtransport']
. Engine
always attempts to connect directly with the first one, provided the
feature detection test for it passes.transportOptions
(Object
): hash of options, indexed by transport name, overriding the common options for the given transportrememberUpgrade
(Boolean
): defaults to false.
If true and if the previous websocket connection to the server succeeded,
the connection attempt will bypass the normal upgrade process and will initially
try websocket. A connection attempt following a transport error will use the
normal upgrade process. It is recommended you turn this on only when using
SSL/TLS connections, or if you know that your network does not block websockets.pfx
(String
|Buffer
): Certificate, Private key and CA certificates to use for SSL. Can be used in Node.js client environment to manually specify certificate information.key
(String
): Private key to use for SSL. Can be used in Node.js client environment to manually specify certificate information.passphrase
(String
): A string of passphrase for the private key or pfx. Can be used in Node.js client environment to manually specify certificate information.cert
(String
): Public x509 certificate to use. Can be used in Node.js client environment to manually specify certificate information.ca
(String
|Array
): An authority certificate or array of authority certificates to check the remote host against.. Can be used in Node.js client environment to manually specify certificate information.ciphers
(String
): A string describing the ciphers to use or exclude. Consult the cipher format list for details on the format. Can be used in Node.js client environment to manually specify certificate information.rejectUnauthorized
(Boolean
): If true, the server certificate is verified against the list of supplied CAs. An 'error' event is emitted if verification fails. Verification happens at the connection level, before the HTTP request is sent. Can be used in Node.js client environment to manually specify certificate information.perMessageDeflate
(Object|Boolean
): parameters of the WebSocket permessage-deflate extension
(see ws module api docs). Set to false
to disable. (true
)
threshold
(Number
): data is compressed only if the byte size is above this value. This option is ignored on the browser. (1024
)extraHeaders
(Object
): Headers that will be passed for each request to the server (via xhr-polling and via websockets). These values then can be used during handshake or for special proxies. Can only be used in Node.js client environment.localAddress
(String
): the local IP address to connect toautoUnref
(Boolean
): whether the transport should be unref
'd upon creation. This calls unref
on the underlying timers and sockets so that the program is allowed to exit if they are the only timers/sockets in the event system (Node.js only)useNativeTimers
(Boolean
): Whether to always use the native timeouts. This allows the client to reconnect when the native timeout functions are overridden, such as when mock clocks are installed with @sinonjs/fake-timers
.requestTimeout
(Number
): Timeout for xhr-polling requests in milliseconds (0
)protocols
(Array
): a list of subprotocols (see MDN reference)closeOnBeforeunload
(Boolean
): whether to silently close the connection when the beforeunload
event is emitted in the browser (defaults to false
)send
String
| ArrayBuffer
| ArrayBufferView
| Blob
: data to sendObject
: optional, options objectFunction
: optional, callback upon drain
compress
(Boolean
): whether to compress sending data. This option is ignored and forced to be true
on the browser. (true
)close
The transport class. Private. Inherits from EventEmitter.
poll
: emitted by polling transports upon starting a new requestpollComplete
: emitted by polling transports upon completing a requestdrain
: emitted by polling transports upon a buffer drainengine.io-client
is used to test
engine. Running the engine.io
test suite ensures the client works and vice-versa.
Browser tests are run using zuul. You can run the tests locally using the following command.
./node_modules/.bin/zuul --local 8080 -- test/index.js
Additionally, engine.io-client
has a standalone test suite you can run
with make test
which will run node.js and browser tests. You must have zuul setup with
a saucelabs account.
The support channels for engine.io-client
are the same as socket.io
:
To contribute patches, run tests or benchmarks, make sure to clone the repository:
git clone git://github.com/socketio/engine.io-client.git
Then:
cd engine.io-client
npm install
See the Tests
section above for how to run tests before submitting any patches.
MIT - Copyright (c) 2014 Automattic, Inc.
FAQs
Client for the realtime Engine
The npm package engine.io-client receives a total of 4,629,102 weekly downloads. As such, engine.io-client popularity was classified as popular.
We found that engine.io-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.