Gathering detailed insights and metrics for @parse/push-adapter
Gathering detailed insights and metrics for @parse/push-adapter
Installations
npm install @parse/push-adapterDeveloper
Developer Guide
BETA
Module System
ESM
Min. Node Version
18 || 20 || 22
Typescript Support
No
Node Version
20.18.0
NPM Version
10.8.1
Statistics
88 Stars
263 Commits
101 Forks
13 Watching
5 Branches
32 Contributors
Updated on 19 Nov 2024
Languages
JavaScript (98.43%)
Handlebars (1.57%)
Total Downloads
Cumulative downloads
Total Downloads
6,526,910
Last day
-0.1%
4,298
Compared to previous day
Last week
-8.1%
26,781
Compared to previous week
Last month
1.5%
130,386
Compared to previous month
Last year
49.4%
1,559,331
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
Parse Server Push Adapter
The official Push Notification adapter for Parse Server. See Parse Server Push Configuration for more details.
Installation
1npm install --save @parse/push-adapter@<VERSION>
Replace <VERSION> with the version you want to install.
Configure Parse Server
1import { ParsePushAdapter } from '@parse/push-adapter'; 2 3// For CommonJS replace the import statemtent above with the following line: 4// const ParsePushAdapter = require('@parse/push-adapter').default; 5 6const parseServerOptions = { 7 push: { 8 adapter: new ParsePushAdapter({ 9 ios: { 10 // Apple push options 11 }, 12 android: { 13 // Android push options 14 }, 15 web: { 16 // Web push options 17 }, 18 expo: { 19 // Expo push options 20 } 21 }) 22 } 23 // Other Parse Server options 24};
Apple Push Options
Parse Server Push Adapter currently supports these types of Apple ecosystems:
ios: iPhone, iPad, and iPod touch appsosx: macOS, and macCatalyst appstvos: tvOS apps
Delivering push notifications to Apple devices can be done either via Apple Push Notification Service (APNS), or via Firebase Cloud Messaging (FMC). Note that each category of Apple devices require their own configuration section:
- APNS requires a private key that can be downloaded from the Apple Developer Center at https://developer.apple.com/account under Certificates > Identifiers & Profiles. The adapter options also require the app ID and team ID which can be found there.
- FCM requires a private key that can be downloaded from the Firebase Console at https://console.firebase.google.com in your project under Settings > Cloud Messaging.
Example options:
Both services (APNS, FCM) can be used in combination for different Apple ecosystems.
1ios: { 2 // Deliver push notifications to iOS devices via APNS 3 token: { 4 key: __dirname + '/apns.p8', 5 keyId: '<APNS_KEY_ID>', 6 teamId: '<APNS_TEAM_ID>' 7 }, 8 topic: '<BUNDLE_IDENTIFIER>', 9 production: true 10}, 11osx: { 12 // Deliver push notifications to macOS devices via FCM 13 firebaseServiceAccount: __dirname + '/firebase.json' 14}
Android Push Options
Delivering push notifications to Android devices can be done via Firebase Cloud Messaging (FCM):
- FCM requires a private key that can be downloaded from the Firebase Console at https://console.firebase.google.com in your project under Settings > Cloud Messaging.
Example options:
1android: { 2 firebaseServiceAccount: __dirname + '/firebase.json' 3}
Firebase Cloud Messaging (FCM)
This section contains some considerations when using FCM, regardless of the destination ecosystems the push notification is sent to.
Google Cloud Service Account Key
The Firebase console allows to easily create and download a Google Cloud service account key JSON file with the required permissions. Instead of setting firebaseServiceAccount to the path of the JSON file, you can provide an object representing a Google Cloud service account key:
1android: { 2 firebaseServiceAccount: { 3 projectId: '<PROJECT_ID>', 4 clientEmail: 'example@<PROJECT_ID>.iam.gserviceaccount.com', 5 privateKey: '-----BEGIN PRIVATE KEY-----<KEY>-----END PRIVATE KEY-----\n' 6 } 7}
This can be helpful if you are already managing credentials to Google Cloud APIs in other parts of your code and you want to reuse these credentials, or if you want to manage credentials on a more granular level directly in Google Cloud. Make sure that the service account has the permission cloudmessaging.messages.create which is for example part of role Firebase Cloud Messaging API Admin.
Migration to FCM HTTP v1 API (June 2024)
⚠️ Sending push notifications to Android devices via the FCM legacy API was deprecated on June 20 2023 and was announced to be decommissioned in June 2024. See Google docs. To send push notifications to the newer FCM HTTP v1 API you need to update your existing push configuration for Android by replacing the key apiKey with firebaseServiceAccount.
Example options (deprecated):
1android: { 2 // Deliver push notifications via FCM legacy API (deprecated) 3 apiKey: '<API_KEY>' 4}
HTTP/1.1 Legacy Option
With the introduction of the FCM HTTP v1 API, support for HTTP/2 was added which provides faster throughput for push notifications. To use the older version HTTP/1.1 set fcmEnableLegacyHttpTransport: true in your push options.
Example options:
1android: { 2 firebaseServiceAccount: __dirname + '/firebase.json', 3 fcmEnableLegacyHttpTransport: true 4}
Expo Push Options
Example options:
1expo: { 2 accessToken: '<EXPO_ACCESS_TOKEN>' 3}
For more information see the Expo docs.
Bundled with Parse Server
Parse Server already comes bundled with a specific version of the push adapter. This installation is only necessary when customizing the push adapter version that should be used by Parse Server. When using a customized version of the push adapter, ensure that it's compatible with the version of Parse Server you are using.
When using the bundled version, it is not necessary to initialize the push adapter in code and the push options are configured directly in the push key, without the nested adapter key:
1const parseServerOptions = { 2 push: { 3 ios: { 4 // Apple push options 5 } 6 // Other push options 7 } 8 // Other Parse Server options 9};
Logging
You can enable verbose logging to produce a more detailed output for all push sending attempts with the following environment variables:
1VERBOSE=1
or
1VERBOSE_PARSE_SERVER_PUSH_ADAPTER=1
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/parse-community/.github/SECURITY.md:1
- Info: Found linked content: github.com/parse-community/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/parse-community/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/parse-community/.github/SECURITY.md:1
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release-automated.yml:6
Reason
4 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-automated.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/release-automated.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-automated.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/release-automated.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-automated.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/parse-community/parse-server-push-adapter/release-automated.yml/master?enable=pin
- Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:51
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 3 npmCommand dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
Found 0/3 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-automated.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Score
5.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More