Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
hue-hacking-node
Advanced tools
hue-hacking-npm: Hue Control Library
hue-hacking is a javascript library designed to control the Philips Hue smart LED bulb system. This version has been modified to be used as a Node module.
For more information on the Philips Hue bulbs and wireless bridge system, visit meethue.com.
Initial concept and startup work inspired by Ross McKillop's post.
Getting Started
Once you've followed the instructions with your Hue starter kit and you have your lamps working through the web interface or smartphone app, it's time to configure your copy of hue.js.
For a full breakdown of what the Philips Hue API/SDK offers, check out the official developer site. Full details about how to register a new 'user' with the wireless bridge can be found at the SDK getting started page.
-
Generate and save your MD5 hash (any MD5 generator will do). Be sure to save your hash and the passphrase used to generate it in a safe place.
-
Find the IP address of your Hue wireless bridge. This can be gathered in a number of ways, including the meethue.com control panel, https://www.meethue.com/en-US/user/preferencessmartbridge, by clicking on the "Show me more" link. See screenshot for an example. Alternatively, you can browse to this URL, and use the value displayed in
internalipaddress. This module now supports a staticsearchoperation, allowing you to find any Hue bridges attached to the local network (using the same UPNP approach as mentioned previously):
import { Hue, HueUPNPResponse } from "hue-hacking-node";
const foundBridges: HueUPNPResponse[] = await Hue.search();
const validBridgeIPs: string[] = [];
for (let bridge of foundBridges) {
validBridgeIPs.push(bridge.internalipaddress);
}
Or, if you can't use async / await semantics in your module:
import { Hue, HueUPNPResponse } from "hue-hacking-node";
let validBridgeIPs: string[] = [];
Hue.search().then((bridges) => {
for (let bridge of bridges) {
validBridgeIPs.push(bridge.internalipaddress);
}
});
- Quick example configuration:
import { Hue } from "hue-hacking-node";
const bridgeIP = "192.168.x.x";
const appname = "myfirsthueapp"; // This is the hash / name / id that you registered with the bridge previously using the official Hue docs
const hue = new Hue({
ip: bridgeIP,
key: appname,
numberOfLamps: 3,
retrieveInitialState: false,
});
For the best introduction to using this module, please see the hue-node.spec.ts file.
© 2024 Bryan Johnson; Licensed MIT.
FAQs
Utility to control Philips Hue light bulbs
The npm package hue-hacking-node receives a total of 116 weekly downloads. As such, hue-hacking-node popularity was classified as not popular.
We found that hue-hacking-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 18 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025