
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
paubox-node
Advanced tools
This is the official NodeJS wrapper for the Paubox Email API.
The Paubox Email API allows your application to send secure, compliant email via Paubox and track deliveries and opens. The API wrapper allows you to construct and send messages.
Further documentation can be found at docs.paubox.com.
Using npm:
npm install --save paubox-node
You will need to have a Paubox account. You can sign up here.
Once you have an account, follow the instructions on the Rest API dashboard to verify domain ownership and generate API credentials.
Include your API credentials in your environment file.
Your "API Username" comes from your unique API endpoint.
Base URL: https://api.paubox.net/v1/<USERNAME>
echo "API_KEY='YOUR_API_KEY'" > .env
echo "API_USERNAME='YOUR_ENDPOINT_NAME'" >> .env
echo ".env" >> .gitignore
Or pass them as parameters when creating emailService
const pbMail = require('paubox-node');
const pauboxConfig = {
apiUsername: 'your-api-username',
apiKey: 'your-api-key',
};
const service = pbMail.emailService(pauboxConfig);
To send email, prepare a Message object and call the sendMessage method of emailService.
Please also see the API Documentation.
Please also see Sending a Dynamically Templated Message for sending a message using a dynamic template.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var options = {
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Testing!',
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
};
var message = pbMail.message(options);
service
.sendMessage(message)
.then((response) => {
console.log('Send Message method Response: ' + JSON.stringify(response));
})
.catch((error) => {
console.log('Error in Send Message method: ' + JSON.stringify(error));
});
If you want to send non-PHI mail that does not need to be HIPAA compliant, you can allow the message delivery to take place even if a TLS connection is unavailable.
This means the message will not be converted into a secure portal message when a nonTLS connection is encountered. To do this, include allowNonTLS: true
in the options, as shown below:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var options = {
allowNonTLS: true,
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Testing!',
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
};
var message = pbMail.message(options);
Paubox Secure Notifications allow an extra layer of security, especially when coupled with an organization's requirement for message recipients to use 2-factor authentication to read messages (this setting is available to org administrators in the Paubox Admin Panel).
Instead of receiving an email with the message contents, the recipient will receive a notification email that they have a new message in Paubox.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var options = {
forceSecureNotification: 'true',
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Testing!',
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
};
var message = pbMail.message(options);
The List-Unsubscribe header provides the recipient with the option to easily opt-out of receiving any future communications. A more detailed explanation and usage guide for this header can be found at our docs here.
This header can be used by adding the list_unsubscribe: '<Email Unsubscribe Address>, <Web Unsubscribe URL'
and list_unsubscribe_post: 'List-Unsubscribe=One-Click'
key-value pairs to the options object as follows:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var options = {
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Testing!',
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
list_unsubscribe:
'<mailto: unsubscribe@example.com?subject=unsubscribe>, <http://www.example.com/unsubscribe.html>',
list_unsubscribe_post: 'List-Unsubscribe=One-Click',
};
var message = pbMail.message(options);
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var attachmentContent = Buffer.from('Hello! This is the attachment content!').toString('base64');
var options = {
from: 'sender@domain.com',
reply_to: 'reply_to@domain.com',
to: ['recipient@example.com'],
bcc: ['recipient2@example.com'],
cc: ['recipientcc@example.com'],
subject: 'Testing!',
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
attachments: [
{
fileName: 'HelloWorld.txt',
contentType: 'text/plain',
content: attachmentContent,
},
],
};
var message = pbMail.message(options);
You can add custom headers to a message by passing a custom_headers
object to the message options.
As mentioned in the API Documentation, custom
headers must be prepended with X-
(or x-
). Custom headers should be passed as a JSON object as a key-value pair. Example:
{
"X-My-First-Header": "My First Value",
"X-My-Second-Header": "My Second Value"
}
Full example:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
var options = {
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Testing custom headers',
custom_headers: {
'X-My-First-Header': 'My First Value',
'X-My-Second-Header': 'My Second Value',
},
text_content: 'Hello World!',
html_content: '<html><head></head><body><h1>Hello World!</h1></body></html>',
};
var message = pbMail.message(options);
service
.sendMessage(message)
.then((response) => {
console.log('Send Message method Response: ' + JSON.stringify(response));
})
.catch((error) => {
console.log('Error in Send Message method: ' + JSON.stringify(error));
});
Please also see the API Documentation.
We recommend batches of 50 (fifty) or less. Source tracking ids are returned in order messages appear in the messages array.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
// Create a Message for Alice
var messageAlice = pbMail.message({
from: 'sender@domain.com',
to: ['alice@example.com'],
subject: 'Hello Alice!',
text_content: 'Hello Alice!',
html_content: '<html><head></head><body><h1>Hello Alice!</h1></body></html>',
});
// Create a Message for Bob
var messageBob = pbMail.message({
from: 'sender@domain.com',
to: ['bob@example.com'],
custom_headers: {
// Custom headers are also supported for bulk messages, and can differ per message
'X-Custom-Header-1': 'Value 1',
'X-Custom-Header-2': 'Value 2',
},
subject: 'Hello Bob!',
text_content: 'Hello Bob!',
html_content: '<html><head></head><body><h1>Hello Bob!</h1></body></html>',
});
service
.sendBulkMessages([messageAlice, messageBob])
.then((response) => {
console.log('Send Message method Response: ' + JSON.stringify(response));
})
.catch((error) => {
console.log('Error in Send Message method: ' + JSON.stringify(error));
});
The same options as the sendMessage method are available for the sendBulkMessages method, including custom headers.
Please also see the API Documentation.
The SOURCE_TRACKING_ID of a message is returned in the response of the sendMessage method. To check the status for any email, use its source tracking id and call the getEmailDisposition method of emailService:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
service.getEmailDisposition('SOURCE_TRACKING_ID').then(function (response) {
console.log('Get Email Disposition method Response: ' + JSON.stringify(response));
});
Please also see the API Documentation.
You can create a dynamic template by passing in a string, a file Buffer, or file Stream.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const templateName = 'your_template_name';
const templateContent = '<html><body><h1>Hello {{firstName}}!</h1></body></html>';
service.createDynamicTemplate(templateName, templateContent).then(function (response) {
console.log('Create Dynamic Template method Response: ' + JSON.stringify(response));
});
In a simple express app, this could look something like this:
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
app.post('/api/create-dynamic-template', upload.single('templateFile'), async (req, res) => {
try {
const { templateName } = req.body;
const templateFile = req.file;
const content = templateFile.buffer;
const response = await service.createDynamicTemplate(templateName, content);
res.json(response);
} catch (error) {
res.status(500).json({ error: error.message });
}
});
Please also see the API Documentation.
You can update a dynamic template's content and/or name:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const templateId = 123; // You would get this from the listDynamicTemplates method (see below)
const templateName = 'New Name';
const templateContent = '<html><body><h1>Hello {{firstName}}!</h1></body></html>'; // New content
service.updateDynamicTemplate(templateId, templateName, templateContent).then(function (response) {
console.log('Update Dynamic Template method Response: ' + JSON.stringify(response));
});
// Or just update the content
service.updateDynamicTemplate(templateId, null, templateContent).then(function (response) {
console.log('Update Dynamic Template method Response: ' + JSON.stringify(response));
});
In a simple express app, this could look something like this:
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
app.patch(
'/api/update-dynamic-template/:templateId',
upload.single('templateFile'),
async (req, res) => {
try {
const { templateId } = req.params;
const { templateName } = req.body;
const templateFile = req.file;
const content = templateFile.buffer;
const response = await service.updateDynamicTemplate(templateId, templateName, content);
res.json(response);
} catch (error) {
res.status(500).json({ error: error.message });
}
},
);
Please also see the API Documentation.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const templateId = 123; // You would get this from the listDynamicTemplates method (see below)
service.deleteDynamicTemplate(templateId).then(function (response) {
console.log('Delete Dynamic Template method Response: ' + JSON.stringify(response));
});
Please also see the API Documentation.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const templateId = 123; // You would get this from the listDynamicTemplates method (see below)
service.getDynamicTemplate(templateId).then(function (response) {
console.log('Get Dynamic Template method Response: ' + JSON.stringify(response));
});
Please also see the API Documentation.
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
service.listDynamicTemplates().then(function (response) {
console.log('List Dynamic Templates method Response: ' + JSON.stringify(response));
});
Please also see the API Documentation.
For example, assume you have a dynamic template named welcome_email
with the following content:
<html>
<body>
<h1>Welcome {{firstName}} {{lastName}}!</h1>
</body>
</html>
You can send a message using this template by doing the following:
'use strict';
require('dotenv').config();
const pbMail = require('paubox-node');
const service = pbMail.emailService();
const templateName = 'welcome_email';
const templateValues = {
firstName: 'John',
lastName: 'Doe',
};
var templatedMessage = pbMail.templatedMessage({
from: 'sender@domain.com',
to: ['recipient@example.com'],
subject: 'Welcome!',
template_name: templateName,
template_values: templateValues,
});
service
.sendTemplatedMessage(templatedMessage)
.then((response) => {
console.log('Send Templated Message method Response: ' + JSON.stringify(response));
})
.catch((error) => {
console.log('Error in Send Templated Message method: ' + JSON.stringify(error));
});
Note: Custom headers are currently not supported for templated messages.
Currently supported Node versions are:
See CONTRIBUTING.md
See LICENSE
Copyright © 2025, Paubox, Inc.
FAQs
A Node.js module for the Paubox Transactional Email API.
The npm package paubox-node receives a total of 2,263 weekly downloads. As such, paubox-node popularity was classified as popular.
We found that paubox-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.