Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
socked
Lightweight WebSocket client & server wrapper with reconnects, events, acks, and dev tools.
🧩 socked
A lightweight JavaScript utility for WebSocket-based client-server communication with:
- ✅ Event-based messaging
- 🔁 Reconnect with backoff strategy
- 🧠 Acknowledged emits (emit + response)
- 🔄 One-time listeners
- 🫀 Ping/pong heartbeat (server-initiated)
- 🧪 Debug logging & connection status API
Features
- Event-driven API for both client and server
- Automatic reconnect with backoff
- Acknowledged emits (emit + response)
- One-time listeners (
once) - Server-initiated ping/pong heartbeat
- Debug logging and connection status
Tutorial
Prerequisites
- Node.js (v14 or newer)
- A web browser
- A code editor (e.g., VS Code)
1. 📦 Install the Package
Initialize a new Node.js project:
npm init -y
npm install socked
Or clone this repo and use the files in src/.
1.1. 📥 Importing in Your Project
If installed from npm:
For Node.js (server):
import { createServer } from 'socked';
For Browser (with a bundler):
import { createClient } from 'socked';
If using in the browser without a bundler (via CDN):
<script type="module">
import { createClient } from 'https://cdn.jsdelivr.net/npm/socked/+esm';
// ...your code...
</script>
2. 🛠️ Setup Server
Create the file: examples/server.js
import { createServer } from '../src/server.js';
const wss = createServer({ port: 3000 });
wss.onClient((client) => {
console.log('Client connected');
client.onEvent('join', (data) => {
console.log('Join:', data);
client.emit('welcome', { message: `Welcome to ${data.room}` });
});
});
Run the server:
node examples/server.js
3. 🌐 Setup Client (Browser)
Create the file: examples/client.html
<!DOCTYPE html>
<html>
<head>
<title>socked Client</title>
</head>
<body>
<h1>socked Client</h1>
<script type="module">
import { createClient } from '../src/client.js';
const socket = createClient('ws://localhost:3000', {
reconnect: true
});
socket.on('connect', () => {
console.log('Connected to server');
socket.emit('join', { room: 'main' });
});
socket.on('welcome', (data) => {
console.log('Server says:', data.message);
document.body.innerHTML += `<p>${data.message}</p>`;
});
socket.on('disconnect', () => {
console.log('Disconnected. Will retry...');
});
</script>
</body>
</html>
Open the file in your browser (e.g., with Live Server in VS Code).
4. 🧪 Advanced Features
🔁 Emit with Acknowledgment
Client:
socket.emitWithAck('saveData', { name: 'Test' })
.then(response => console.log('✅ Ack:', response))
.catch(err => console.error('❌ Timeout or Error:', err));
Server:
client.onEvent('saveData', (data) => {
console.log('Saving data:', data);
client.emit(`saveData_ack_${data._ackId}`, { success: true });
});
🧠 One-time Listeners
socket.once('config', (cfg) => {
console.log('Loaded config:', cfg);
});
💓 Ping/Pong (Auto)
Handled internally: the server sends pings and expects pong responses to keep the connection alive.
🛠️ Get Connection Status
console.log('Connection Status:', socket.getStatus()); // "connected" or "disconnected"
🧼 Clean Up Listeners
socket.off('eventName'); // remove all listeners for that event
API Reference
See src/client.js and src/server.js for full API details.
License
MIT
Contributions welcome!
Create an issue or open a PR on GitHub.
FAQs
Lightweight WebSocket client & server wrapper with reconnects, events, acks, and dev tools.
The npm package socked receives a total of 9 weekly downloads. As such, socked popularity was classified as not popular.
We found that socked demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Jun 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025