Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
nodemailer
Advanced tools
Nodemailer is a module for Node.js applications to allow easy email sending. It supports various transport methods and has a simple setup process for sending emails.
Send Emails
This feature allows you to send emails using Nodemailer. The code sample shows how to set up a transporter using Gmail, define mail options, and send an email.
const nodemailer = require('nodemailer');
let transporter = nodemailer.createTransport({
service: 'gmail',
auth: {
user: 'your.email@example.com',
pass: 'yourpassword'
}
});
let mailOptions = {
from: 'your.email@example.com',
to: 'recipient@example.com',
subject: 'Test Email Subject',
text: 'Hello world?',
html: '<b>Hello world?</b>'
};
transporter.sendMail(mailOptions, function(error, info){
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
});
HTML Email Content
Nodemailer allows you to send HTML content in your emails. The code sample demonstrates how to send an email with HTML content.
const nodemailer = require('nodemailer');
let transporter = nodemailer.createTransport({
// transport configuration
});
let mailOptions = {
from: 'your.email@example.com',
to: 'recipient@example.com',
subject: 'HTML Email',
html: '<h1>Welcome</h1><p>That was easy!</p>'
};
transporter.sendMail(mailOptions, function(error, info){
// callback
});
Attachments
Nodemailer supports sending attachments in emails. The code sample shows how to attach a file to an email.
const nodemailer = require('nodemailer');
let transporter = nodemailer.createTransport({
// transport configuration
});
let mailOptions = {
from: 'your.email@example.com',
to: 'recipient@example.com',
subject: 'Attachment',
text: 'Please find the attachment.',
attachments: [
{
filename: 'file.txt',
path: '/path/to/file.txt'
}
]
};
transporter.sendMail(mailOptions, function(error, info){
// callback
});
Custom Transport Methods
Nodemailer allows the use of custom transport methods for sending emails. The code sample illustrates how to use a custom transport plugin.
const nodemailer = require('nodemailer');
const customTransport = require('my-custom-transport');
let transporter = nodemailer.createTransport(customTransport({
// custom transport options
}));
// send mail with defined transport object
transporter.sendMail({
// mail options
}, function(error, info){
// callback
});
A simple Node.js module for Mailgun. Mailgun-js is designed to work with the Mailgun API for sending, receiving, and tracking emails. It's similar to Nodemailer in functionality but is specifically tailored for Mailgun's service.
The official Node.js client library for interacting with the Postmark API. This package is intended for sending emails through Postmark's transactional email service. Unlike Nodemailer, which is more generic, Postmark is focused on providing a robust service for transactional emails.
Amazon Web Services SDK for JavaScript in Node.js. It includes support for SES (Simple Email Service), which can be used to send emails. While Nodemailer is a standalone package for email, aws-sdk is a comprehensive cloud services SDK that includes email sending capabilities among many other AWS services.
Send emails from Node.js – easy as cake! 🍰✉️
See nodemailer.com for documentation and terms.
[!TIP] Check out EmailEngine – a self-hosted email gateway that allows making REST requests against IMAP and SMTP servers. EmailEngine also sends webhooks whenever something changes on the registered accounts.
Using the email accounts registered with EmailEngine, you can receive and send emails. EmailEngine supports OAuth2, delayed sends, opens and clicks tracking, bounce detection, etc. All on top of regular email accounts without an external MTA service.
Documentation for Nodemailer can be found at nodemailer.com.
You are using an older Node.js version than v6.0. Upgrade Node.js to get support for the spread operator. Nodemailer supports all Node.js versions starting from Node.js@v6.0.0.
Gmail either works well, or it does not work at all. It is probably easier to switch to an alternative service instead of fixing issues with Gmail. If Gmail does not work for you, then don't use it. Read more about it here.
Check your firewall settings. Timeout usually occurs when you try to open a connection to a firewalled port either on the server or on your machine. Some ISPs also block email ports to prevent spamming.
It's either a firewall issue, or your SMTP server blocks authentication attempts from some servers.
secure
option. This should be set to true
only for port 465. For every other port, it should be false
. Setting it to false
does not mean that Nodemailer would not use TLS. Nodemailer would still try to upgrade the connection to use TLS if the server supports it.false
to skip chain verification or upgrade your Node versionlet configOptions = {
host: "smtp.example.com",
port: 587,
tls: {
rejectUnauthorized: true,
minVersion: "TLSv1.2"
}
}
Node.js uses c-ares to resolve domain names, not the DNS library provided by the system, so if you have some custom DNS routing set up, it might be ignored. Nodemailer runs dns.resolve4() and dns.resolve6() to resolve hostname into an IP address. If both calls fail, then Nodemailer will fall back to dns.lookup(). If this does not work for you, you can hard code the IP address into the configuration like shown below. In that case, Nodemailer would not perform any DNS lookups.
let configOptions = {
host: "1.2.3.4",
port: 465,
secure: true,
tls: {
// must provide server name, otherwise TLS certificate check will fail
servername: "example.com"
}
}
Nodemailer has official support for Node.js only. For anything related to TypeScript, you need to directly contact the authors of the type definitions.
If you are having issues with Nodemailer, then the best way to find help would be Stack Overflow or revisit the docs.
Nodemailer is licensed under the MIT No Attribution license
The Nodemailer logo was designed by Sven Kristjansen.
FAQs
Easy as cake e-mail sending from your Node.js applications
The npm package nodemailer receives a total of 3,201,464 weekly downloads. As such, nodemailer popularity was classified as popular.
We found that nodemailer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.