Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
wo-smtpclient
Advanced tools
Readme
SMTP Client allows you to connect to and stream data to a SMTP server in the browser.
This module requires TextEncoder
and TextDecoder
to exist as part of the StringEncoding API (see: MDN whatwg.org). Firefox 19+ is basically the only browser that supports this at the time of writing, while Chromium in canary, not stable. Luckily, there is a polyfill!
Depending on your browser, you might need this polyfill for ArrayBuffer #slice, e.g. phantomjs.
There is a shim that brings Mozilla-flavored version of the Raw Socket API to other platforms.
If you are on a platform that uses forge instead of a native TLS implementation (e.g. chrome.socket), you have to set the .oncert(pemEncodedCertificate) handler that passes the TLS certificate that the server presents. It can be used on a trust-on-first-use basis for subsequent connection.
If forge is used to handle TLS traffic, you may choose to handle the TLS-related load in a Web Worker. Please use tlsWorkerPath to point to tcp-socket-tls-worker.js
!
Please take a look at the tcp-socket documentation for more information!
npm install --save wo-smtpclient
STARTTLS
is currently not supportedPLAIN
, USER
and XOAUTH2
authentication mechanisms are supported. XOAUTH2
expects a ready to use access token, no tokens are generated automatically.Require smtpclient.js as smtpclient
Include files smtpclient-response-parser.js and smtpclient.js on the page.
<script src="smtpclient-response-parser.js"></script>
<script src="smtpclient.js"></script>
This exposes global variable SmtpClient
Create SmtpClient
object with:
var client = new SmtpClient(host, port, options)
where
The following connection options can be used with simplesmtp.connect
:
"PLAIN"
for using AUTH PLAIN
or "XOAUTH2"
for AUTH XOAUTH2
)Default STARTTLS support is opportunistic – if the server advertises STARTTLS in EHLO response, the client tries to use it. If STARTTLS is not advertised, the clients sends passwords in the plain. You can use ignoreTLS
and requireTLS
to change this behavior by explicitly enabling or disabling STARTTLS usage.
To authenticate using XOAUTH2, use the following authentication config
var config = {
auth: {
user: 'username',
xoauth2: 'access_token'
}
};
See XOAUTH2 docs for more info.
Once a connection is set up the following events can be listened to:
onidle
is emitted again.(failedRecipients)
- the envelope is passed successfully to the server and a message stream can be started. The argument is an array of e-mail addresses not accepted as recipients by the server. If none of the recipient addresses is accepted, onerror
is emitted instead.(success)
- the message was sent(err)
- An error occurred. The connection will be closed shortly afterwards, so expect an onclose
event as well(isError)
- connection to the client is closed. If isError
is true, the connection is closed because of an errorExample:
client.onidle = function(){
console.log("Connection has been established");
// this event will be called again once a message has been sent
// so do not just initiate a new message here, as infinite loops might occur
}
When an onidle
event is emitted, an envelope object can be sent to the server.
This includes a string from
and a single string or an array of strings for to
property.
Envelope can be sent with client.useEnvelope(envelope)
// run only once as 'idle' is emitted again after message delivery
var alreadySending = false;
client.onidle = function(){
if(alreadySending){
return;
}
alreadySending = true;
client.useEnvelope({
from: "me@example.com",
to: ["receiver1@example.com", "receiver2@example.com"]
});
}
The to
part of the envelope must include all recipients from To:
, Cc:
and Bcc:
fields.
If envelope setup up fails, an error is emitted. If only some (not all)
recipients are not accepted, the mail can still be sent. An onready
event
is emitted when the server has accepted the from
and at least one to
address.
client.onready = function(failedRecipients){
if(failedRecipients.length){
console.log("The following addresses were rejected: ", failedRecipients);
}
// start transfering the e-mail
}
When onready
event is emitted, it is possible to start sending mail. To do this
you can send the message with client.send
calls (you also need to call client.end()
once
the message is completed).
send
method returns the state of the downstream buffer - if it returns true
, it is safe to send more data, otherwise you should (but don't have to) wait for the ondrain
event before you send more data.
NB! you do not have to escape the dots in the beginning of the lines by yourself (unless you specificly define so with disableEscaping
option).
client.onready = function(){
client.send("Subject: test\r\n");
client.send("\r\n");
client.send("Message body");
client.end();
}
Once the message is delivered an ondone
event is emitted. The event has an
parameter which indicates if the message was accepted by the server (true
) or not (false
).
client.ondone = function(success){
if(success){
console.log("The message was transmitted successfully with "+response);
}
}
At any time you can access the traffic log between the client and the server from the client.log
array.
client.ondone = function(success){
// show the last message
console.log(client.log.slice(-1));
}
Once you have done sending messages and do not want to keep the connection open, you can gracefully close the connection with client.quit()
or non-gracefully (if you just want to shut down the connection and do not care for the server) with client.close()
.
If you run quit
or close
in the ondone
event, then the next onidle
is never called.
git clone git@github.com:whiteout-io/smtpclient.git
cd smtpclient
npm install && npm test
To run the integration tests against a local smtp server
grunt smtp
add the test folder as a chrome app (chrome settings -> extensions -> check 'developer mode' -> load unpacked extension)
Copyright (c) 2013 Andris Reinman
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
FAQs
SMTP Client allows you to connect to and stream data to a SMTP server in the browser.
The npm package wo-smtpclient receives a total of 9 weekly downloads. As such, wo-smtpclient popularity was classified as not popular.
We found that wo-smtpclient demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.