Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
react-native-reconnecting-websocket
Advanced tools
React-Native-Reconnecting-WebSocket
React native auto reconnect websocket extends WebSocketModule. API design referenced reconnecting-websocket.
It is API compatible, so when you have:
var ws = new WebSocket('ws://....');
you can replace with:
var ws = new ReconnectingWebSocket('ws://....');
Less code, more exponential.
Install 
npm i react-native-reconnecting-websocket
Parameters
var socket = new ReconnectingWebSocket(url, protocols, options);
url
- The URL you are connecting to.
- https://html.spec.whatwg.org/multipage/comms.html#network
protocols
- Optional string or array of protocols per the WebSocket spec.
- https://tools.ietf.org/html/rfc6455
options
- Options (see below)
Options
Options can either be passed as the 3rd parameter upon instantiation or set directly on the object after instantiation:
var socket = new ReconnectingWebSocket(url, null, {reconnectInterval: 3000});
reconnectInterval
- The number of milliseconds to delay before attempting to reconnect.
- Accepts
integer - Default:
1000
maxReconnectInterval
- The maximum number of milliseconds to delay a reconnection attempt.
- Accepts
integer - Default:
30000
reconnectDecay
- The rate of increase of the reconnect delay. Allows reconnect attempts to back off when problems persist.
- Accepts
integerorfloat - Default:
1.5
timeoutInterval
- The maximum time in milliseconds to wait for a connection to succeed before closing and retrying.
- Accepts
integer - Default:
2000
maxReconnectAttempts
- The maximum number of reconnection attempts that will be made before giving up. If null, reconnection attempts will be continue to be made forever.
- Accepts
integerornull. - Default:
null
Methods
See the detail in react-native/WebSocket.js
How to add heartbeat?
- usual
ws = new WebSocket("ws://...");
ws.onopen = (e) => {
console.log("onopen",e)
};
ws.onmessage = (evt) => {
console.log("onmessage",JSON.parse(evt.data))
};
ws.onclose = (e) => {
console.log("onclose",e)
};
ws.onerror = (e) => {
console.log("onerror",e)
};
- add heartbeat
ws.onopen = (e) => {
// execute immediately!
ws.send("heartbeat string");
heartCheck.reset().start()
};
ws.onmessage = (evt) => {
heartCheck.reset().start()
};
var heartCheck = {
timeout: 10000,//default 10s
timeoutObj: null,
serverTimeoutObj: null,
reset:function(){
clearTimeout(this.timeoutObj);
clearTimeout(this.serverTimeoutObj);
return this;
},
start:function(){
let self = this;
this.timeoutObj = setTimeout(function(){
ws.send("heartbeat string");
self.serverTimeoutObj = setTimeout(function(){
ws.close();
}, self.timeout)
}, this.timeout)
}
}
FAQs
websocket module
We found that react-native-reconnecting-websocket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 08 Oct 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025