Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
simple-websocket
Advanced tools
The simple-websocket npm package provides a straightforward API for creating WebSocket clients and servers. It is designed to be easy to use and lightweight, making it suitable for simple WebSocket communication tasks.
Creating a WebSocket Client
This code demonstrates how to create a WebSocket client using the simple-websocket package. It connects to a WebSocket server, sends a message upon connection, and listens for incoming messages and connection closure.
const SimpleWebSocket = require('simple-websocket');
const ws = new SimpleWebSocket('ws://example.com');
ws.on('connect', () => {
console.log('Connected to server');
ws.send('Hello, server!');
});
ws.on('data', (data) => {
console.log('Received message:', data);
});
ws.on('close', () => {
console.log('Connection closed');
});
Creating a WebSocket Server
This code demonstrates how to create a WebSocket server using the simple-websocket package. The server listens for new client connections, sends a welcome message to each client, and handles incoming messages and disconnections.
const SimpleWebSocketServer = require('simple-websocket/server');
const server = new SimpleWebSocketServer({ port: 3000 });
server.on('connection', (socket) => {
console.log('New client connected');
socket.send('Welcome, client!');
socket.on('data', (data) => {
console.log('Received message from client:', data);
});
socket.on('close', () => {
console.log('Client disconnected');
});
});
The ws package is a popular WebSocket implementation for Node.js. It provides a comprehensive set of features for both WebSocket clients and servers, including support for extensions and subprotocols. Compared to simple-websocket, ws offers more advanced features and greater flexibility, but it may be more complex to use for simple tasks.
Socket.io is a library that enables real-time, bidirectional, and event-based communication between web clients and servers. It abstracts WebSocket communication and provides fallbacks for older browsers. While it offers more features and robustness compared to simple-websocket, it is also heavier and more complex.
EventEmitter
interfaceThis module works in the browser with browserify, and it's used by WebTorrent!
npm install simple-websocket
var SimpleWebsocket = require('simple-websocket')
var socket = new SimpleWebsocket('ws://echo.websocket.org')
socket.on('connect', function () {
// socket is connected!
socket.send('sup!')
})
socket.on('data', function (data) {
console.log('got message: ' + data)
})
Note: If you're NOT using browserify, then use the standalone simplewebsocket.bundle.js
file included in this repo. This exports a SimpleWebsocket
function on the window
.
socket = new SimpleWebsocket([opts])
Create a new WebSocket connection.
If opts
is specified, then the default options (shown below) will be overridden.
{
reconnect: 5000
}
The options do the following:
reconnect
- If websocket encounters an error, reconnect after this timeout (in milliseconds). Set to false
to disable automatic reconnect on error.socket.send(data)
Send text/binary data to the WebSocket server. data
can be any of several types:
String
, Buffer
(see buffer), TypedArrayView
(Uint8Array
, etc.), ArrayBuffer
, or Blob
(in browsers that support it).
Other data types will be transformed with JSON.stringify
before sending. This is handy
for sending object literals across like this: socket.send({ type: 'data', data: 'hi' })
.
Note: If this method is called before the socket.on('connect')
event has fired, then
data will be buffered.
socket.destroy([onclose])
Destroy and cleanup this websocket connection.
If the optional onclose
paramter is passed, then it will be registered as a listener on the 'close' event.
socket.on('connect', function () {})
Fired when the websocket connection is ready to use.
socket.on('data', function (data) {})
Received a message from the websocket server.
data
will be either a String
or a Buffer/Uint8Array
(see buffer).
socket.on('close', function () {})
Called when the websocket connection has closed.
socket.on('error', function (err) {})
err
is an Error
object.
Fired when a fatal error occurs. If the reconnect
option is set to something truthy (defaults to 5000
), then this event will never get emitted because the socket will automatically reconnect on error.
socket.on('warning', function (err) {})
err
is an Error
object.
Fired when an error occurs but an auto-reconnect will be attempted. Thus, it's only a warning
, not a full-fledged error
.
MIT. Copyright (c) Feross Aboukhadijeh.
FAQs
Simple, EventEmitter API for WebSockets (browser)
The npm package simple-websocket receives a total of 326,910 weekly downloads. As such, simple-websocket popularity was classified as popular.
We found that simple-websocket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.