Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
The 'ws' npm package is a simple to use, fast, and thoroughly tested WebSocket client and server implementation. It provides the necessary tools to build real-time applications with WebSocket support in Node.js.
Creating a WebSocket server
This code sample demonstrates how to create a WebSocket server that listens on port 8080. When a client connects, it sets up an event listener for messages and logs them. It also sends a message 'something' to the client.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
});
ws.send('something');
});
Creating a WebSocket client
This code sample shows how to create a WebSocket client that connects to a WebSocket server. Once the connection is open, it sends a message 'something' to the server and logs any messages received from the server.
const WebSocket = require('ws');
const ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
ws.send('something');
});
ws.on('message', function incoming(data) {
console.log(data);
});
Broadcasting to all clients
This code sample illustrates how to broadcast a message to all connected clients except the sender. It loops through all clients and sends the message if the client is not the sender and the connection is open.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(data) {
wss.clients.forEach(function each(client) {
if (client !== ws && client.readyState === WebSocket.OPEN) {
client.send(data);
}
});
});
});
Socket.IO is a library that enables real-time, bidirectional and event-based communication between web clients and servers. It's more feature-rich than 'ws', providing built-in support for broadcasting to multiple sockets, handling reconnection, and other high-level features. However, it's also heavier and less minimalistic than 'ws'.
Faye is a WebSocket (and EventSource) implementation that is designed for ease of use and compatibility across a wide range of browsers. It's similar to 'ws' but also works in client-side JavaScript, unlike 'ws' which is Node.js only.
The 'websocket' package provides both client and server implementations of the WebSocket protocol. It offers a similar API to 'ws' but also includes a fallback option for older browsers that do not support WebSockets, using Flash sockets or other transport protocols.
ws
is a simple to use WebSocket implementation, up-to-date against RFC-6455,
and probably the fastest WebSocket library for node.js.
Passes the quite extensive Autobahn test suite. See http://websockets.github.com/ws for the full reports.
disableHixie
option to true.)protocolVersion: 8
)protocolVersion: 13
)npm install --save ws
var WebSocket = require('ws');
var ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
ws.send('something');
});
ws.on('message', function(data, flags) {
// flags.binary will be set if a binary data is received.
// flags.masked will be set if the data was masked.
});
var WebSocket = require('ws');
var ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
var array = new Float32Array(5);
for (var i = 0; i < array.length; ++i) {
array[i] = i / 2;
}
ws.send(array, { binary: true, mask: true });
});
Setting mask
, as done for the send options above, will cause the data to be
masked according to the WebSocket protocol. The same option applies for text
data.
var WebSocketServer = require('ws').Server
, wss = new WebSocketServer({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
});
ws.send('something');
});
var WebSocketServer = require('ws').Server
, wss = new WebSocketServer({ port: 8080 });
wss.broadcast = function broadcast(data) {
wss.clients.forEach(function each(client) {
client.send(data);
});
};
// If the WebSocket is closed before the following send is attempted
ws.send('something');
// Errors (both immediate and async write errors) can be detected in an optional
// callback. The callback is also the only way of being notified that data has
// actually been sent.
ws.send('something', function ack(error) {
// if error is not defined, the send has been completed,
// otherwise the error object will indicate what failed.
});
// Immediate errors can also be handled with try/catch-blocks, but **note** that
// since sends are inherently asynchronous, socket write failures will *not* be
// captured when this technique is used.
try { ws.send('something'); }
catch (e) { /* handle error */ }
var WebSocket = require('ws');
var ws = new WebSocket('ws://echo.websocket.org/', {
protocolVersion: 8,
origin: 'http://websocket.org'
});
ws.on('open', function open() {
console.log('connected');
ws.send(Date.now().toString(), {mask: true});
});
ws.on('close', function close() {
console.log('disconnected');
});
ws.on('message', function message(data, flags) {
console.log('Roundtrip time: ' + (Date.now() - parseInt(data)) + 'ms', flags);
setTimeout(function timeout() {
ws.send(Date.now().toString(), {mask: true});
}, 500);
});
When including ws via a browserify bundle, ws returns global.WebSocket which has slightly different API. You should use the standard WebSockets API instead.
For a full example with a browser client communicating with a ws server, see the examples folder.
Note that the usage together with Express 3.0 is quite different from Express 2.x. The difference is expressed in the two different serverstats-examples.
Otherwise, see the test cases.
make test
See /doc/ws.md
for Node.js-like docs for the ws classes.
We're using the GitHub releases
for changelog entries.
(The MIT License)
Copyright (c) 2011 Einar Otto Stangvik <einaros@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
The npm package ws receives a total of 66,557,662 weekly downloads. As such, ws popularity was classified as popular.
We found that ws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.