Security News
The Push to Ban Ransom Payments Is Gaining Momentum
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Package description
The 'ws' npm package is a simple to use, fast, and thoroughly tested WebSocket client and server implementation. It provides the necessary tools to build real-time applications with WebSocket support in Node.js.
Creating a WebSocket server
This code sample demonstrates how to create a WebSocket server that listens on port 8080. When a client connects, it sets up an event listener for messages and logs them. It also sends a message 'something' to the client.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
});
ws.send('something');
});
Creating a WebSocket client
This code sample shows how to create a WebSocket client that connects to a WebSocket server. Once the connection is open, it sends a message 'something' to the server and logs any messages received from the server.
const WebSocket = require('ws');
const ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
ws.send('something');
});
ws.on('message', function incoming(data) {
console.log(data);
});
Broadcasting to all clients
This code sample illustrates how to broadcast a message to all connected clients except the sender. It loops through all clients and sends the message if the client is not the sender and the connection is open.
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(data) {
wss.clients.forEach(function each(client) {
if (client !== ws && client.readyState === WebSocket.OPEN) {
client.send(data);
}
});
});
});
Socket.IO is a library that enables real-time, bidirectional and event-based communication between web clients and servers. It's more feature-rich than 'ws', providing built-in support for broadcasting to multiple sockets, handling reconnection, and other high-level features. However, it's also heavier and less minimalistic than 'ws'.
Faye is a WebSocket (and EventSource) implementation that is designed for ease of use and compatibility across a wide range of browsers. It's similar to 'ws' but also works in client-side JavaScript, unlike 'ws' which is Node.js only.
The 'websocket' package provides both client and server implementations of the WebSocket protocol. It offers a similar API to 'ws' but also includes a fallback option for older browsers that do not support WebSockets, using Flash sockets or other transport protocols.
Readme
ws
is a simple to use, blazing fast, and thoroughly tested WebSocket client
and server implementation.
Passes the quite extensive Autobahn test suite. See http://websockets.github.io/ws/ for the full reports.
Note: This module does not work in the browser. The client in the docs is a
reference to a back end with the role of a client in the WebSocket
communication. Browser clients must use the native
WebSocket
object.
protocolVersion: 8
)protocolVersion: 13
)npm install --save ws
There are 2 optional modules that can be installed along side with the ws
module. These modules are binary addons which improve certain operations.
Prebuilt binaries are available for the most popular platforms so you don't
necessarily need to have a C++ compiler installed on your machine.
npm install --save-optional bufferutil
: Allows to efficiently perform
operations such as masking and unmasking the data payload of the WebSocket
frames.npm install --save-optional utf-8-validate
: Allows to efficiently check
if a message contains valid UTF-8 as required by the spec.See /doc/ws.md
for Node.js-like docs for the ws classes.
ws
supports the permessage-deflate extension which
enables the client and server to negotiate a compression algorithm and its
parameters, and then selectively apply it to the data payloads of each
WebSocket message.
The extension is enabled by default but adds a significant overhead in terms of performance and memory comsumption. We suggest to use WebSocket compression only if it is really needed.
To disable the extension you can set the perMessageDeflate
option to false
.
On the server:
const WebSocket = require('ws');
const wss = new WebSocket.Server({
perMessageDeflate: false,
port: 8080
});
On the client:
const WebSocket = require('ws');
const ws = new WebSocket('ws://www.host.com/path', {
perMessageDeflate: false
});
const WebSocket = require('ws');
const ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
ws.send('something');
});
ws.on('message', function incoming(data, flags) {
// flags.binary will be set if a binary data is received.
// flags.masked will be set if the data was masked.
});
const WebSocket = require('ws');
const ws = new WebSocket('ws://www.host.com/path');
ws.on('open', function open() {
const array = new Float32Array(5);
for (var i = 0; i < array.length; ++i) {
array[i] = i / 2;
}
ws.send(array);
});
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(message) {
console.log('received: %s', message);
});
ws.send('something');
});
const WebSocket = require('ws');
const wss = new WebSocket.Server({ port: 8080 });
// Broadcast to all.
wss.broadcast = function broadcast(data) {
wss.clients.forEach(function each(client) {
if (client.readyState === WebSocket.OPEN) {
client.send(data);
}
});
};
wss.on('connection', function connection(ws) {
ws.on('message', function incoming(data) {
// Broadcast to everyone else.
wss.clients.forEach(function each(client) {
if (client !== ws && client.readyState === WebSocket.OPEN) {
client.send(data);
}
});
});
});
const express = require('express');
const http = require('http');
const url = require('url');
const WebSocket = require('ws');
const app = express();
app.use(function (req, res) {
res.send({ msg: "hello" });
});
const server = http.createServer(app);
const wss = new WebSocket.Server({ server });
wss.on('connection', function connection(ws) {
const location = url.parse(ws.upgradeReq.url, true);
// You might use location.query.access_token to authenticate or share sessions
// or ws.upgradeReq.headers.cookie (see http://stackoverflow.com/a/16395220/151312)
ws.on('message', function incoming(message) {
console.log('received: %s', message);
});
ws.send('something');
});
server.listen(8080, function listening() {
console.log('Listening on %d', server.address().port);
});
const WebSocket = require('ws');
const ws = new WebSocket('wss://echo.websocket.org/', {
origin: 'https://websocket.org'
});
ws.on('open', function open() {
console.log('connected');
ws.send(Date.now());
});
ws.on('close', function close() {
console.log('disconnected');
});
ws.on('message', function incoming(data, flags) {
console.log(`Roundtrip time: ${Date.now() - data} ms`, flags);
setTimeout(function timeout() {
ws.send(Date.now());
}, 500);
});
For a full example with a browser client communicating with a ws server, see the examples folder.
Otherwise, see the test cases.
// If the WebSocket is closed before the following send is attempted
ws.send('something');
// Errors (both immediate and async write errors) can be detected in an optional
// callback. The callback is also the only way of being notified that data has
// actually been sent.
ws.send('something', function ack(error) {
// If error is not defined, the send has been completed, otherwise the error
// object will indicate what failed.
});
// Immediate errors can also be handled with `try...catch`, but **note** that
// since sends are inherently asynchronous, socket write failures will *not* be
// captured when this technique is used.
try { ws.send('something'); }
catch (e) { /* handle error */ }
We're using the GitHub releases
for changelog entries.
FAQs
Simple to use, blazing fast and thoroughly tested websocket client and server for Node.js
We found that ws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Ransomware costs victims an estimated $30 billion per year and has gotten so out of control that global support for banning payments is gaining momentum.
Application Security
New SEC disclosure rules aim to enforce timely cyber incident reporting, but fear of job loss and inadequate resources lead to significant underreporting.
Security News
The Python Software Foundation has secured a 5-year sponsorship from Fastly that supports PSF's activities and events, most notably the security and reliability of the Python Package Index (PyPI).