
Security News
PodRocket Podcast: Inside the Recent npm Supply Chain Attacks
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
strapi-plugin-socket
Advanced tools
A Strapi test plugin used to show how you could integrate with Socket.io
It's not likely I will maintain this (maybe we will see) but it's just showing how you can integrate the community package StrapIO into a plugin and not have to write a ton of custom controllers to use it.
If you want to discuss more, then post on the forum thread
Installing is simple and the plugin is enabled by default just a simple:
npm i -s strapi-plugin-socket
yarn add strapi-plugin-socket
In a Strapi project, tested on v3.6.2
If you want a sample client to test with this:
NOTE as the original package author of StrapIO didn't specify you need the following package version of "socket.io-client": "2.3.0"
Init a new node project in a clean folder:
npm init
yarn init
Install the proper socket.io client:
npm i -s socket.io-client:2.3.0
yarn add socket.io-client:2.3.0
Create an index.js
:
const io = require("socket.io-client");
const API_URL = "http://localhost:1337/";
const token = "replace with your end-user JWT";
// Handshake required, token will be verified against strapi
const socket = io.connect(API_URL, {
query: { token },
});
socket.on("create", async (data) => {
//do something
console.log("CREATE");
console.log(data);
});
socket.on("update", (data) => {
// do something
console.log("UPDATE");
console.log(data);
});
socket.on("delete", (data) => {
// do something
console.log("DELETE");
console.log(data);
});
Run it with node index.js
you can also enable the socket.io debugger with DEBUG=socket* node index.js
This will respond on all normal content-types (no plugins) with the exception of the content-manager
plugin for normal content types.
TLDR: This works for updates made both in REST and the Strapi admin panel. I didn't test GraphQL because I'm lazy.
FAQs
A Strapi test plugin used to show how you could integrate with Socket.io
We found that strapi-plugin-socket demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses the recent npm supply chain attacks on PodRocket, covering novel attack vectors and how developers can protect themselves.
Security News
Maintainers back GitHub’s npm security overhaul but raise concerns about CI/CD workflows, enterprise support, and token management.
Product
Socket Firewall is a free tool that blocks malicious packages at install time, giving developers proactive protection against rising supply chain attacks.