Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The paho-mqtt npm package is a client library for the MQTT protocol, which is a lightweight messaging protocol for small sensors and mobile devices optimized for high-latency or unreliable networks. The library allows you to connect to an MQTT broker, publish messages to topics, and subscribe to topics to receive messages.
Connecting to an MQTT Broker
This feature allows you to connect to an MQTT broker. The code sample demonstrates how to create a client and connect to a broker using WebSockets.
const mqtt = require('paho-mqtt');
const client = new mqtt.Client('ws://broker.hivemq.com:8000/mqtt', 'clientId');
client.connect({
onSuccess: () => {
console.log('Connected to broker');
}
});
Publishing Messages
This feature allows you to publish messages to a specific topic. The code sample shows how to send a message to the 'test/topic' topic after successfully connecting to the broker.
client.onConnectionLost = (responseObject) => {
if (responseObject.errorCode !== 0) {
console.log('Connection lost:', responseObject.errorMessage);
}
};
client.onMessageArrived = (message) => {
console.log('Message arrived:', message.payloadString);
};
client.connect({
onSuccess: () => {
const message = new mqtt.Message('Hello MQTT');
message.destinationName = 'test/topic';
client.send(message);
console.log('Message sent');
}
});
Subscribing to Topics
This feature allows you to subscribe to a specific topic to receive messages. The code sample demonstrates how to subscribe to the 'test/topic' topic and handle incoming messages.
client.onConnectionLost = (responseObject) => {
if (responseObject.errorCode !== 0) {
console.log('Connection lost:', responseObject.errorMessage);
}
};
client.onMessageArrived = (message) => {
console.log('Message arrived:', message.payloadString);
};
client.connect({
onSuccess: () => {
client.subscribe('test/topic');
console.log('Subscribed to topic');
}
});
The 'mqtt' package is another popular MQTT client library for Node.js. It provides similar functionalities to paho-mqtt, such as connecting to an MQTT broker, publishing messages, and subscribing to topics. However, it is often considered more feature-rich and has a larger community and more frequent updates.
The 'mqtts' package is a secure MQTT client library for Node.js that supports TLS/SSL connections. It offers similar functionalities to paho-mqtt but with an emphasis on secure communication. It is suitable for applications that require encrypted connections to the MQTT broker.
The 'aedes' package is a barebone MQTT broker that can be embedded in Node.js applications. While it is not a client library like paho-mqtt, it provides the server-side functionality to handle MQTT connections, making it a good complement to client libraries like paho-mqtt.
The Paho JavaScript Client is an MQTT browser-based client library written in Javascript that uses WebSockets to connect to an MQTT Broker.
The Paho project has been created to provide reliable open-source implementations of open and standard messaging protocols aimed at new, existing, and emerging applications for Machine-to-Machine (M2M) and Internet of Things (IoT). Paho reflects the inherent physical and cost constraints of device connectivity. Its objectives include effective levels of decoupling between devices and applications, designed to keep markets open and encourage the rapid growth of scalable Web and Enterprise middleware and applications.
A zip file containing the full and a minified version the Javascript client can be downloaded from the Paho downloads page
Alternatively the Javascript client can be downloaded directly from the projects git repository: https://raw.githubusercontent.com/eclipse/paho.mqtt.javascript/master/src/paho-mqtt.js.
Please do not link directly to this url from your application.
There are two active branches on the Paho Java git repository, master
which is used to produce stable releases, and develop
where active development is carried out. By default cloning the git repository will download the master
branch, to build from develop make sure you switch to the remote branch: git checkout -b develop remotes/origin/develop
The project contains a maven based build that produces a minified version of the client, runs unit tests and generates it's documentation.
To run the build:
$ mvn
The output of the build is copied to the target
directory.
The client uses the Jasmine test framework. The tests for the client are in:
src/tests
To run the tests with maven, use the following command:
$ mvn test
The parameters passed in should be modified to match the broker instance being tested against.
Reference documentation is online at: http://www.eclipse.org/paho/files/jsdoc/index.html
The client should work in any browser fully supporting WebSockets, http://caniuse.com/websockets lists browser compatibility.
The included code below is a very basic sample that connects to a server using WebSockets and subscribes to the topic World
, once subscribed, it then publishes the message Hello
to that topic. Any messages that come into the subscribed topic will be printed to the Javascript console.
This requires the use of a broker that supports WebSockets natively, or the use of a gateway that can forward between WebSockets and TCP.
// Create a client instance
client = new Paho.MQTT.Client(location.hostname, Number(location.port), "clientId");
// set callback handlers
client.onConnectionLost = onConnectionLost;
client.onMessageArrived = onMessageArrived;
// connect the client
client.connect({onSuccess:onConnect});
// called when the client connects
function onConnect() {
// Once a connection has been made, make a subscription and send a message.
console.log("onConnect");
client.subscribe("World");
message = new Paho.MQTT.Message("Hello");
message.destinationName = "World";
client.send(message);
}
// called when the client loses its connection
function onConnectionLost(responseObject) {
if (responseObject.errorCode !== 0) {
console.log("onConnectionLost:"+responseObject.errorMessage);
}
}
// called when a message arrives
function onMessageArrived(message) {
console.log("onMessageArrived:"+message.payloadString);
}
FAQs
Eclipse Paho JavaScript MQTT client for Browsers
The npm package paho-mqtt receives a total of 86,485 weekly downloads. As such, paho-mqtt popularity was classified as popular.
We found that paho-mqtt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.