node-media-server
Advanced tools
Node-Media-Server is a high-performance/low-latency/open-source Live Streaming Server developed based on Nodejs.
v4 is design to implement enhanced RTMP FLV v1 support for native HEVC, VP9, AV1.
v4 is no longer compatible with the cn_cdn extension id flv_265 standard.
v4 is no longer compatible with flashplayer's rtmp protocol.
v4 is incompatible with v2. Do not upgrade across major versions.
npm install node-media-server -g
or run directly
npx node-media-server
Node-Media-Server can provide static file services for a directory.
"static": {
"router": "/",
"root": "./html"
}
Node-Media-Server can record live streams as FLV files.
When the static file server is enabled and recordings are saved in its directory.
It can provide video-on-demand services.
"record": {
"path": "./html/record"
}
http://server_ip:8000/record/live/stream/unix_time.flv
or
https://server_ip:8443/record/live/stream/unix_time.flv
Node-Media-Server v4.2.0 introduces a comprehensive REST API system for server management and monitoring.
The API system uses JWT-based authentication with the following endpoints:
POST /api/v1/login
Content-Type: application/json
{
"username": "your_username",
"password": "your_password"
}
Response:
{
"success": true,
"data": {
"token": "your_jwt_token",
"expiresIn": "24h"
},
"message": "Login successful"
}
Include the JWT token in your requests:
Authorization: Bearer your_jwt_token
GET /api/v1/health
Returns server health status, including CPU usage, memory consumption, and uptime.
GET /api/v1/info
Returns server configuration, version information, and system details.
GET /api/v1/streams
List all active streams with detailed information including codecs, bitrate, and connected clients.
GET /api/v1/sessions
Monitor all connected clients (publishers and players) with session details.
DELETE /api/v1/sessions/{sessionId}
Terminate a specific session by ID. This will disconnect the associated client and stop their stream or playback.
Response:
{
"success": true,
"data": {
"id": "sessionId",
}
"message": "Session deleted successfully",
}
GET /api/v1/stats
Real-time server performance metrics including:
The API system is configured through the bin/config.json file:
"auth": {
"play": false,
"publish": false,
"secret": "nodemedia2017privatekey",
"jwt": {
"expiresIn": "24h",
"refreshExpiresIn": "7d",
"algorithm": "HS256",
"users": [
{
"username": "admin",
"password": "admin123"
}
]
}
},
Passwords are securely stored using MD5 hashing. To generate a hashed password:
const crypto = require('crypto');
const hashedPassword = crypto.createHash('md5').update('your_password').digest('hex');
# Login
curl -X POST http://localhost:8001/api/v1/login \
-H "Content-Type: application/json" \
-d '{"username":"admin","password": md5("password")}'
# Get server stats
curl -X GET http://localhost:8001/api/v1/stats \
-H "Authorization: Bearer your_jwt_token"
# Get active streams
curl -X GET http://localhost:8001/api/v1/streams \
-H "Authorization: Bearer your_jwt_token"
# Get all sessions
curl -X GET http://localhost:8001/api/v1/sessions \
-H "Authorization: Bearer your_jwt_token"
# Delete a specific session
curl -X DELETE http://localhost:8001/api/v1/sessions/abc123-def456-ghi789 \
-H "Authorization: Bearer your_jwt_token"
// Login and get streams
const response = await fetch('http://localhost:8001/api/v1/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ username: 'admin', password: md5('password') })
});
const { token } = await response.json();
// Get streams
const streamsResponse = await fetch('http://localhost:8001/api/v1/streams', {
headers: { 'Authorization': `Bearer ${token}` }
});
const streams = await streamsResponse.json();
console.log('Active streams:', streams);
// Get all sessions
const sessionsResponse = await fetch('http://localhost:8001/api/v1/sessions', {
headers: { 'Authorization': `Bearer ${token}` }
});
const sessions = await sessionsResponse.json();
console.log('Active sessions:', sessions);
// Delete a specific session
if (sessions.length > 0) {
const sessionIdToDelete = sessions[0].id; // Get first session ID
const deleteResponse = await fetch(`http://localhost:8001/api/v1/sessions/${sessionIdToDelete}`, {
method: 'DELETE',
headers: { 'Authorization': `Bearer ${token}` }
});
const deleteResult = await deleteResponse.json();
console.log('Session deletion result:', deleteResult);
}
| Client | H.264 | HEVC | VP9 | AV1 |
|---|---|---|---|---|
| OBS_29.1+ | ✅ | ✅ | ❌ | ✅ |
| FFmpeg/FFplay_6.1+ | ✅ | ✅ | ✅ | ✅ |
| NodePlayer.js_1.0+ | ✅ | ✅ | ❌ | ❌ |
| NodeMediaClient_3.0+ | ✅ | ✅ | ❌ | ❌ |
Apache 2.0
FAQs
A Node.js implementation of RTMP Server
The npm package node-media-server receives a total of 7,008 weekly downloads. As such, node-media-server popularity was classified as popular.
We found that node-media-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.
Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.