Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
The Twilio npm package is a Node.js client library that provides tools to interact with the Twilio API for various communication solutions, including SMS, voice calls, video, chat, and more. It allows developers to programmatically send and receive text messages, make and receive phone calls, handle authentication with two-factor authentication, and work with other Twilio services.
Sending SMS
This feature allows you to send SMS messages to a specified phone number using Twilio's messaging API.
const twilio = require('twilio');
const client = new twilio('ACCOUNT_SID', 'AUTH_TOKEN');
client.messages.create({
body: 'Hello from Twilio!',
to: '+12345678901',
from: '+10987654321'
}).then(message => console.log(message.sid));
Making Voice Calls
This feature enables you to make outbound voice calls to phones around the world with a specified TwiML URL to control the call flow.
const twilio = require('twilio');
const client = new twilio('ACCOUNT_SID', 'AUTH_TOKEN');
client.calls.create({
url: 'http://demo.twilio.com/docs/voice.xml',
to: '+12345678901',
from: '+10987654321'
}).then(call => console.log(call.sid));
Handling Two-Factor Authentication
This feature is used for sending verification tokens for two-factor authentication, enhancing security for user accounts.
const twilio = require('twilio');
const client = new twilio('ACCOUNT_SID', 'AUTH_TOKEN');
client.verify.services('SERVICE_SID')
.verifications
.create({to: '+12345678901', channel: 'sms'})
.then(verification => console.log(verification.status));
Working with Video
This feature allows you to create video rooms where multiple participants can join for video conferencing.
const twilio = require('twilio');
const client = new twilio('ACCOUNT_SID', 'AUTH_TOKEN');
client.video.rooms.create({
uniqueName: 'DailyStandup'
}).then(room => console.log(room.sid));
Nexmo, now known as Vonage API, is a service similar to Twilio that provides APIs for SMS, voice, phone verifications, and other communication services. It offers similar functionality but with different pricing and API design.
Plivo is another cloud communication platform that enables businesses to integrate voice and SMS capabilities into their applications. It is often compared to Twilio in terms of features and services offered.
Bandwidth offers a range of communication APIs, including voice, messaging, and 911 access. It is a direct competitor to Twilio and provides similar services with a focus on enterprise solutions.
Sinch provides cloud-based communication services and APIs for SMS, voice, video, and verification. It competes with Twilio by offering a suite of communication tools for developers.
The documentation for the Twilio API can be found here.
The Node library documentation can be found here.
twilio-node
uses a modified version of Semantic Versioning for all changes. See this document for details.
This library supports the following Node.js implementations:
TypeScript is supported for TypeScript version 2.9 and above.
Warning Do not use this Node.js library in a front-end application. Doing so can expose your Twilio credentials to end-users as part of the bundled HTML/JavaScript sent to their browser.
npm install twilio
or yarn add twilio
To make sure the installation was successful, try sending yourself an SMS message, like this:
// Your AccountSID and Auth Token from console.twilio.com
const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
const authToken = 'your_auth_token';
const client = require('twilio')(accountSid, authToken);
client.messages
.create({
body: 'Hello from twilio-node',
to: '+12345678901', // Text your number
from: '+12345678901', // From a valid Twilio number
})
.then((message) => console.log(message.sid));
After a brief delay, you will receive the text message on your phone.
Warning It's okay to hardcode your credentials when testing locally, but you should use environment variables to keep them secret before committing any code or deploying to production. Check out How to Set Environment Variables for more information.
Check out these code examples in JavaScript and TypeScript to get up and running quickly.
twilio-node
supports credential storage in environment variables. If no credentials are provided when instantiating the Twilio client (e.g., const client = require('twilio')();
), the values in following env vars will be used: TWILIO_ACCOUNT_SID
and TWILIO_AUTH_TOKEN
.
If your environment requires SSL decryption, you can set the path to CA bundle in the env var TWILIO_CA_BUNDLE
.
If you invoke any V2010 operations without specifying an account SID, twilio-node
will automatically use the TWILIO_ACCOUNT_SID
value that the client was initialized with. This is useful for when you'd like to, for example, fetch resources for your main account but also your subaccount. See below:
// Your Account SID, Subaccount SID Auth Token from console.twilio.com
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const subaccountSid = process.env.TWILIO_ACCOUNT_SUBACCOUNT_SID;
const client = require('twilio')(accountSid, authToken);
const mainAccountCalls = client.api.v2010.account.calls.list; // SID not specified, so defaults to accountSid
const subaccountCalls = client.api.v2010.account(subaccountSid).calls.list; // SID specified as subaccountSid
twilio-node
supports lazy loading required modules for faster loading time. Lazy loading is enabled by default. To disable lazy loading, simply instantiate the Twilio client with the lazyLoading
flag set to false
:
// Your Account SID and Auth Token from console.twilio.com
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken, {
lazyLoading: false,
});
twilio-node
supports automatic retry with exponential backoff when API requests receive an Error 429 response. This retry with exponential backoff feature is disabled by default. To enable this feature, instantiate the Twilio client with the autoRetry
flag set to true
.
Optionally, the maximum number of retries performed by this feature can be set with the maxRetries
flag. The default maximum number of retries is 3
.
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken, {
autoRetry: true,
maxRetries: 3,
});
twilio-node
allows you to set HTTP Agent Options in the Request Client. This feature allows you to re-use your connections. To enable this feature, instantiate the Twilio client with the keepAlive
flag set to true
.
Optionally, the socket timeout and maximum number of sockets can also be set. See the example below:
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken, {
timeout: 30000, // HTTPS agent's socket timeout in milliseconds, default is 30000
keepAlive: true, // https.Agent keepAlive option, default is false
keepAliveMsecs: 1000, // https.Agent keepAliveMsecs option in milliseconds, default is 1000
maxSockets: 20, // https.Agent maxSockets option, default is 20
maxTotalSockets: 100, // https.Agent maxTotalSockets option, default is 100
maxFreeSockets: 5, // https.Agent maxFreeSockets option, default is 5
scheduling: "lifo", // https.Agent scheduling option, default is 'lifo'
});
To take advantage of Twilio's Global Infrastructure, specify the target Region and/or Edge for the client:
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken, {
region: 'au1',
edge: 'sydney',
});
Alternatively, specify the edge and/or region after constructing the Twilio client:
const client = require('twilio')(accountSid, authToken);
client.region = 'au1';
client.edge = 'sydney';
This will result in the hostname
transforming from api.twilio.com
to api.sydney.au1.twilio.com
.
The library automatically handles paging for you. Collections, such as calls
and messages
, have list
and each
methods that page under the hood. With both list
and each
, you can specify the number of records you want to receive (limit
) and the maximum size you want each page fetch to be (pageSize
). The library will then handle the task for you.
list
eagerly fetches all records and returns them as a list, whereas each
streams records and lazily retrieves pages of records as you iterate over the collection. You can also page manually using the page
method.
For more information about these methods, view the auto-generated library docs.
// Your Account SID and Auth Token from console.twilio.com
const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
const authToken = 'your_auth_token';
const client = require('twilio')(accountSid, authToken);
client.calls.each((call) => console.log(call.direction));
There are two ways to enable debug logging in the default HTTP client. You can create an environment variable called TWILIO_LOG_LEVEL
and set it to debug
or you can set the logLevel variable on the client as debug:
const accountSid = process.env.TWILIO_ACCOUNT_SID;
const authToken = process.env.TWILIO_AUTH_TOKEN;
const client = require('twilio')(accountSid, authToken, {
logLevel: 'debug',
});
You can also set the logLevel variable on the client after constructing the Twilio client:
const client = require('twilio')(accountSid, authToken);
client.logLevel = 'debug';
To assist with debugging, the library allows you to access the underlying request and response objects. This capability is built into the default HTTP client that ships with the library.
For example, you can retrieve the status code of the last response like so:
const accountSid = 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
const authToken = 'your_auth_token';
const client = require('twilio')(accountSid, authToken);
client.messages
.create({
to: '+14158675309',
from: '+14258675310',
body: 'Ahoy!',
})
.then(() => {
// Access details about the last request
console.log(client.lastRequest.method);
console.log(client.lastRequest.url);
console.log(client.lastRequest.auth);
console.log(client.lastRequest.params);
console.log(client.lastRequest.headers);
console.log(client.lastRequest.data);
// Access details about the last response
console.log(client.httpClient.lastResponse.statusCode);
console.log(client.httpClient.lastResponse.body);
});
If the Twilio API returns a 400 or a 500 level HTTP response, twilio-node
will throw an error including relevant information, which you can then catch
:
client.messages
.create({
body: 'Hello from Node',
to: '+12345678901',
from: '+12345678901',
})
.then((message) => console.log(message))
.catch((error) => {
// You can implement your fallback code here
console.log(error);
});
or with async/await
:
try {
const message = await client.messages.create({
body: 'Hello from Node',
to: '+12345678901',
from: '+12345678901',
});
console.log(message);
} catch (error) {
// You can implement your fallback code here
console.error(error);
}
If you are using callbacks, error information will be included in the error
parameter of the callback.
400-level errors are normal during API operation ("Invalid number", "Cannot deliver SMS to that number", for example) and should be handled appropriately.
To use a custom HTTP client with this helper library, please see the advanced example of how to do so.
See example for a code sample for incoming Twilio request validation.
The Dockerfile
present in this repository and its respective twilio/twilio-node
Docker image are currently used by Twilio for testing purposes only.
If you need help installing or using the library, please check the Twilio Support Help Center first, and file a support ticket if you don't find an answer to your question.
If you've instead found a bug in the library or would like new features added, go ahead and open issues or pull requests against this repo!
Bug fixes, docs, and library improvements are always welcome. Please refer to our Contributing Guide for detailed information on how you can contribute.
⚠️ Please be aware that a large share of the files are auto-generated by our backend tool. You are welcome to suggest changes and submit PRs illustrating the changes. However, we'll have to make the changes in the underlying tool. You can find more info about this in the Contributing Guide.
If you're not familiar with the GitHub pull request/contribution process, this is a nice tutorial.
If you want to familiarize yourself with the project, you can start by forking the repository and cloning it in your local development environment. The project requires Node.js to be installed on your machine.
After cloning the repository, install the dependencies by running the following command in the directory of your cloned repository:
npm install
You can run the existing tests to see if everything is okay by executing:
npm test
To run just one specific test file instead of the whole suite, provide a JavaScript regular expression that will match your spec file's name, like:
npm run test:javascript -- -m .\*client.\*
FAQs
A Twilio helper library
The npm package twilio receives a total of 912,934 weekly downloads. As such, twilio popularity was classified as popular.
We found that twilio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.