Gathering detailed insights and metrics for socket.io
Gathering detailed insights and metrics for socket.io
Gathering detailed insights and metrics for socket.io
Gathering detailed insights and metrics for socket.io
Realtime application framework (Node.JS server)
npm install socket.io
Typescript
Module System
Min. Node Version
Node Version
NPM Version
socket.io@4.8.1
Published on 25 Oct 2024
socket.io-client@4.8.1
Published on 25 Oct 2024
engine.io-client@6.6.2
Published on 25 Oct 2024
engine.io@6.6.2
Published on 09 Oct 2024
socket.io@4.8.0
Published on 21 Sept 2024
socket.io-client@4.8.0
Published on 21 Sept 2024
Updated on 06 Dec 2024
Minified
Minified + Gzipped
TypeScript (62.21%)
JavaScript (37.64%)
Shell (0.1%)
HTML (0.03%)
CSS (0.02%)
Cumulative downloads
Total Downloads
Last day
9.8%
Compared to previous day
Last week
-6.1%
Compared to previous week
Last month
8.7%
Compared to previous month
Last year
10.4%
Compared to previous year
Socket.IO enables real-time bidirectional event-based communication. It consists of:
Some implementations in other languages are also available:
Its main features are:
Connections are established even in the presence of:
For this purpose, it relies on Engine.IO, which first establishes a long-polling connection, then tries to upgrade to better transports that are "tested" on the side, like WebSocket. Please see the Goals section for more information.
Unless instructed otherwise a disconnected client will try to reconnect forever, until the server is available again. Please see the available reconnection options here.
A heartbeat mechanism is implemented at the Engine.IO level, allowing both the server and the client to know when the other one is not responding anymore.
That functionality is achieved with timers set on both the server and the client, with timeout values (the pingInterval
and pingTimeout
parameters) shared during the connection handshake. Those timers require any subsequent client calls to be directed to the same server, hence the sticky-session
requirement when using multiples nodes.
Any serializable data structures can be emitted, including:
Sample code:
1io.on('connection', socket => { 2 socket.emit('request', /* … */); // emit an event to the socket 3 io.emit('broadcast', /* … */); // emit an event to all connected sockets 4 socket.on('reply', () => { /* … */ }); // listen to the event 5});
Browser support is tested in Sauce Labs:
In order to create separation of concerns within your application (for example per module, or based on permissions), Socket.IO allows you to create several Namespaces
, which will act as separate communication channels but will share the same underlying connection.
Within each Namespace
, you can define arbitrary channels, called Rooms
, that sockets can join and leave. You can then broadcast to any given room, reaching every socket that has joined it.
This is a useful feature to send notifications to a group of users, or to a given user connected on several devices for example.
Note: Socket.IO is not a WebSocket implementation. Although Socket.IO indeed uses WebSocket as a transport when possible, it adds some metadata to each packet: the packet type, the namespace and the ack id when a message acknowledgement is needed. That is why a WebSocket client will not be able to successfully connect to a Socket.IO server, and a Socket.IO client will not be able to connect to a WebSocket server (like ws://echo.websocket.org
) either. Please see the protocol specification here.
1// with npm 2npm install socket.io 3 4// with yarn 5yarn add socket.io
The following example attaches socket.io to a plain Node.JS
HTTP server listening on port 3000
.
1const server = require('http').createServer(); 2const io = require('socket.io')(server); 3io.on('connection', client => { 4 client.on('event', data => { /* … */ }); 5 client.on('disconnect', () => { /* … */ }); 6}); 7server.listen(3000);
1const io = require('socket.io')(); 2io.on('connection', client => { ... }); 3io.listen(3000);
1import { Server } from "socket.io"; 2const io = new Server(server); 3io.listen(3000);
Starting with 3.0, express applications have become request handler
functions that you pass to http
or http
Server
instances. You need
to pass the Server
to socket.io
, not the express application
function. Also make sure to call .listen
on the server
, not the app
.
1const app = require('express')(); 2const server = require('http').createServer(app); 3const io = require('socket.io')(server); 4io.on('connection', () => { /* … */ }); 5server.listen(3000);
Like Express.JS, Koa works by exposing an application as a request
handler function, but only by calling the callback
method.
1const app = require('koa')(); 2const server = require('http').createServer(app.callback()); 3const io = require('socket.io')(server); 4io.on('connection', () => { /* … */ }); 5server.listen(3000);
To integrate Socket.io in your Fastify application you just need to
register fastify-socket.io
plugin. It will create a decorator
called io
.
1const app = require('fastify')(); 2app.register(require('fastify-socket.io')); 3app.ready().then(() => { 4 app.io.on('connection', () => { /* … */ }); 5}) 6app.listen(3000);
Please see the documentation here.
The source code of the website can be found here. Contributions are welcome!
Socket.IO is powered by debug.
In order to see all the debug output, run your app with the environment variable
DEBUG
including the desired scope.
To see the output from all of Socket.IO's debugging scopes you can use:
DEBUG=socket.io* node myapp
npm test
This runs the gulp
task test
. By default the test will be run with the source code in lib
directory.
Set the environmental variable TEST_VERSION
to compat
to test the transpiled es5-compat version of the code.
The gulp
task test
will always transpile the source code into es5 and export to dist
first before running the test.
Support us with a monthly donation and help us continue our activities. [Become a backer]
Become a sponsor and get your logo on our README on Github with a link to your site. [Become a sponsor]
Stable Version
1
7.5/10
Summary
Insecure randomness in socket.io
Affected Versions
<= 0.9.6
Patched Versions
0.9.7
3
7.3/10
Summary
socket.io has an unhandled 'error' event
Affected Versions
>= 3.0.0, < 4.6.2
Patched Versions
4.6.2
7.3/10
Summary
socket.io has an unhandled 'error' event
Affected Versions
< 2.5.0
Patched Versions
2.5.1
4.3/10
Summary
CORS misconfiguration in socket.io
Affected Versions
< 2.4.0
Patched Versions
2.4.0
Reason
30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
Reason
license file detected
Details
Reason
packaging workflow detected
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
binaries present in source code
Details
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
Reason
Found 2/30 approved changesets -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
45 existing vulnerabilities detected
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More