Gathering detailed insights and metrics for koa-easy-ws
Gathering detailed insights and metrics for koa-easy-ws
Installations
npm install koa-easy-wsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Node Version
16.6.2
NPM Version
8.1.2
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
b3nsn0w
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
76 Stars
53 Commits
14 Forks
1 Watchers
3 Branches
7 Contributors
Updated on Jun 17, 2025
Maintainers
1
Package Meta Information
Latest Version
2.1.0
Package Id
koa-easy-ws@2.1.0
Unpacked Size
20.54 kB
Size
6.05 kB
File Count
10
NPM Version
8.1.2
Node Version
16.6.2
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
10
Simple, easy to use, composable middleware for websocket handling in Koa
Usage
1const Koa = require('koa') 2const websocket = require('koa-easy-ws') 3 4const app = new Koa() 5 6app.use(websocket()) 7app.use(async (ctx, next) => { 8 // check if the current request is websocket 9 if (ctx.ws) { 10 const ws = await ctx.ws() // retrieve socket 11 12 // now you have a ws instance, you can use it as you see fit 13 return ws.send('hello there') 14 } 15 16 // we're back to regular old http here 17 ctx.body = 'general kenobi' 18})
Note: you will also need to install the ws package (npm install --save ws or yarn add ws), it is linked only as a peer dependency.
First, you need to pass the koa-easy-ws middleware before the one handling your request. Remember to call it as a function, app.use(websocket()), not app.use(websocket). This sets up on-demand websocket handling for the rest of the middleware chain.
The middleware adds the ctx.ws() function whenever it detects an upgrade request, calling which handles the websocket and returns a ws instance. If not called, regular Koa flow continues, likely resulting in a client-side error.
Features
- No magic. This is a middleware, it doesn't turn your Koa app into a KoaMagicWebSocketServer. It knows its place.
- Integrates ws, one of the fastest and most popular websocket libraries.
- Full composability. Since this is just a middleware, it's not picky on what other libraries you use.
- Minimal, unopinionated 44 SLOC codebase. Seriously, this readme alone contains more code than what's imported into your project. (sorry about the tests though)
- Two dependencies only, and it's the ws library and debug (because apparently logs are not a bad idea). No need for more clutter in your node_modules.
Examples and advanced configuration
You can easily compose koa-easy-ws with a routing library:
1const Koa = require('koa') 2const Router = require('koa-router') 3const websocket = require('koa-easy-ws') 4 5const app = new Koa() 6const router = new Router() 7 8app 9 .use(websocket()) 10 .use(router.routes()) 11 .use(router.allowedMethods()) 12 13router.get('/pow/obi', async (ctx, next) => { 14 if (ctx.ws) { 15 const ws = await ctx.ws() 16 ws.send('chancellor palpatine is evil') 17 } 18}) 19 20router.get('/pow/ani', async (ctx, next) => { 21 if (ctx.ws) { 22 const ws = await ctx.ws() 23 ws.send('the jedi are evil') 24 ws.send('404') 25 } 26})
If ctx.ws() isn't enough for you, the websocket server instance is also exposed:
1const Koa = require('koa') 2const websocket = require('koa-easy-ws') 3 4const app = new Koa() 5const websocketMiddleware = websocket() 6const websocketServer = websocketMiddleware.server // this is where the fun begins 7 8app.use(websocketMiddleware) // we already have the instance here 9 10// <insert rest of the app>
This gives you access to the ws server object, allowing to pass down custom listeners, connection validators, etc.
Alternatively, you can pass options to the underlying ws server as part of the options object:
1app.use(websocket('ws', { 2 wsOptions: { 3 clientTracking: false, 4 maxPayload: 69420 5 } 6}))
The wsOptions object will be forwarded to ws unchanged, you can check its documentation for the available options.
In case ctx.ws conflicts with something else in your code, koa-easy-ws doesn't mind changing the property name, just pass it as a property. This also lets you use multiple websocket middlewares if you ever find a reason to do so:
1const Koa = require('koa') 2const websocket = require('koa-easy-ws') 3 4const app = new Koa() 5 6app.use(websocket('sidious')) // we just renamed ctx.ws to ctx.sidious 7app.use(websocket('maul')) // attach another one for no good reason 8 9app.use(async (ctx, next) => { 10 // the first middleware detected an upgrade request 11 if (ctx.sidious) { 12 const socket = await ctx.sidious() 13 return socket.send('this is getting out of hand') 14 } 15 16 // the second middleware detected the same upgrade request 17 if (ctx.maul) { 18 const socket = await ctx.maul() 19 return socket.send('now there are two of them') 20 } 21})
Note: in this example ctx.maul is never used because there is no limit on the authority of ctx.sidious. However, if you define custom logic this technique could sort incoming requests to separate websocket servers.
If needed, you can also expose the websocket server on a context property, which can itself be renamed:
1const Koa = require('koa') 2const websocket = require('koa-easy-ws') 3 4const app = new Koa() 5 6app.use(websocket('ws', { exposeServerOn: 'wss' })) 7 8app.use(async (ctx, next) => { 9 if (ctx.ws) { 10 console.log('found the server', ctx.wss) 11 } 12})
In the above example, ctx.ws behaves as normal, but you also have the server instance available on ctx.wss. This saves you the trouble of having to access websocket().server as seen in a prior example.
From here, the sky is the limit, unless you work for SpaceX.
Version 2 changelog
In version 2, ws has been moved to a peer dependency, which is a breaking change with the way dependency resolution works. It will technically work if you just upgrade to v2 with no changes, especially because of the package-lock.json or yarn.lock keeping ws there, but it would most likely inject a weird bug. To avoid unpredictable issues in the future, add ws to your own package's dependencies.
On top of that, the peer dependency is for ws@8, not ws@7 which koa-easy-ws previously used, so refer to ws@8's breaking changes for that (but if you're fine with a warning ws@7 should continue to work).
Special usage for Node 9 or earlier
Node's HTTP server doesn't send upgrade requests through the normal callback (and thus your Koa middleware chain) prior to version 10, preventing koa-easy-ws from handling them. Because of this, if you target Node 9 or earlier, you must pass your HTTP server to the middleware which handles the workaround:
1const server = http.createServer(app.callback()) 2 3app.use(websocket('ws', server)) 4 5// alternatively, you can pass it as part of the options object: 6app.use(websocket('ws2', { 7 server: server 8})) 9 10server.listen(process.env.PORT) // use this function instead of your app.listen() call
koa-easy-ws then automatically feeds any upgrade request into your regular middleware chain. If you wish to opt out and do this yourself, use the noServerWorkaround option:
1app.use(websocket('ws', { 2 noServerWorkaround: true 3}))
Contributing
Pull requests are welcome. As always, be respectful towards each other and maybe run or create tests, as appropriate. It's on npm test, as usual.
koa-easy-ws uses the MIT license. Was considering the WTFPL, but I like the "no warranty" clause.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 6/20 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Reason
17 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3vjf-82ff-p4r3
- Warn: Project is vulnerable to: GHSA-g694-m8vq-gv9h
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
2.1
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More