npmpackage.info

socket.io

Realtime application framework (Node.JS server)

4.8.1

61,272

MIT

TypeScript

56.53 kB

1,530,458,596 5.7

Installations

npm install socket.io

Pull Requests

Open

11

Total

871

Closed

426

Merged

434

Issues

Open

154

Total

3,563

Closed

3,409

Releases

socket.io@4.8.1

Published on 25 Oct 2024

socket.io-client@4.8.1

Published on 25 Oct 2024

engine.io-client@6.6.2

Published on 25 Oct 2024

engine.io@6.6.2

Published on 09 Oct 2024

socket.io@4.8.0

Published on 21 Sept 2024

socket.io-client@4.8.0

Published on 21 Sept 2024

View all 72 releases

Developer

socketio

Developer Guide

BETA

Module System

CommonJS, ESM

Min. Node Version

>=10.2.0

Typescript Support

Yes

Node Version

20.18.0

NPM Version

10.8.2 Statistics

61,272 Stars

7,605 Commits

10,125 Forks

1,521 Watching

24 Branches

388 Contributors

Updated on 28 Nov 2024

Bundle Size

262.17 kB

Minified

56.53 kB

Minified + Gzipped

Bundlephobia

Languages

TypeScript (62.21%)

JavaScript (37.64%)

Shell (0.1%)

HTML (0.03%)

CSS (0.02%)

Total Downloads

Cumulative downloads

Total Downloads

1,530,458,596

Last day

-2.1%

1,218,683

Compared to previous day

Last week

7,078,047

Compared to previous week

Last month

11.9%

29,226,412

Compared to previous month

Last year

9.9%

290,486,484

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

accepts base64id cors debug engine.io socket.io-adapter socket.io-parser

Versions

socket.io

Getting Started

Please check our documentation here.

Questions

Our issues list is exclusively reserved for bug reports and feature requests. For usage questions, please use the following resources:

read our documentation
check our troubleshooting guide
look for/ask questions on Stack Overflow
create a new discussion

Security

If you think that you have found a security vulnerability in our project, please do not create an issue in this GitHub repository, but rather refer to our Security Policy.

Issues and contribution

Please make sure to read our Contributing Guide before creating an issue or making a pull request.

Thanks to everyone who has already contributed to Socket.IO!

License

MIT

Stable Version

The latest stable version of the package.

Stable Version

4.8.1

HIGH

7.5/10

Summary

Insecure randomness in socket.io

Affected Versions

<= 0.9.6

Patched Versions

0.9.7

MODERATE

7.3/10

Summary

socket.io has an unhandled 'error' event

Affected Versions

>= 3.0.0, < 4.6.2

Patched Versions

4.6.2

MODERATE

7.3/10

Summary

socket.io has an unhandled 'error' event

Affected Versions

< 2.5.0

Patched Versions

2.5.1

MODERATE

4.3/10

Summary

CORS misconfiguration in socket.io

Affected Versions

< 2.4.0

Patched Versions

2.4.0

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

10

Packaging

Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.

9

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

9

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

1

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 1

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-examples.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/build-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-examples.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/build-examples.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-browser.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/ci-browser.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci-browser.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/ci-browser.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/ci.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/publish.yml/main?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/socketio/socket.io/publish.yml/main?enable=pin
Warn: containerImage not pinned by hash: examples/cluster-haproxy/server/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
Warn: containerImage not pinned by hash: examples/cluster-httpd/server/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
Warn: containerImage not pinned by hash: examples/cluster-nginx/client/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
Warn: containerImage not pinned by hash: examples/cluster-nginx/server/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
Warn: containerImage not pinned by hash: examples/cluster-traefik/server/Dockerfile:1: pin your Docker image by updating node:14-alpine to node:14-alpine@sha256:434215b487a329c9e867202ff89e704d3a75e554822e07f3e0c0f9e606121b33
Warn: containerImage not pinned by hash: examples/connection-state-recovery-example/cjs/.codesandbox/Dockerfile:1: pin your Docker image by updating node:20-bullseye to node:20-bullseye@sha256:74ad23a4ae13681054b3ea9f7c05e891b0c0e9c856b948e0628fba70973583da
Warn: containerImage not pinned by hash: examples/connection-state-recovery-example/esm/.codesandbox/Dockerfile:1: pin your Docker image by updating node:20-bullseye to node:20-bullseye@sha256:74ad23a4ae13681054b3ea9f7c05e891b0c0e9c856b948e0628fba70973583da
Warn: npmCommand not pinned by hash: examples/cluster-haproxy/server/Dockerfile:9
Warn: npmCommand not pinned by hash: examples/cluster-httpd/server/Dockerfile:9
Warn: npmCommand not pinned by hash: examples/cluster-nginx/client/Dockerfile:9
Warn: npmCommand not pinned by hash: examples/cluster-nginx/server/Dockerfile:9
Warn: npmCommand not pinned by hash: examples/cluster-traefik/server/Dockerfile:9
Warn: npmCommand not pinned by hash: .github/workflows/build-examples.yml:44
Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 7 containerImage dependencies pinned
Info: 3 out of 9 npmCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Reason

45 existing vulnerabilities detected

Details

Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
Warn: Project is vulnerable to: GHSA-vp56-6g26-6827
Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
Warn: Project is vulnerable to: GHSA-mpg4-rc92-vx8v
Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
Warn: Project is vulnerable to: GHSA-hpx4-r86g-5jrg
Warn: Project is vulnerable to: GHSA-prr3-c3m5-p7q2
Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
Warn: Project is vulnerable to: GHSA-q9mw-68c2-j6m5
Warn: Project is vulnerable to: GHSA-rp65-9cf3-cjxr
Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Warn: Project is vulnerable to: GHSA-25hc-qcg6-38wj
Warn: Project is vulnerable to: GHSA-cqmj-92xf-r6r9
Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Warn: Project is vulnerable to: GHSA-hc6q-2mpp-qw7j
Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
Warn: Project is vulnerable to: GHSA-wrvr-8mpx-r7pp
Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m / GHSA-xvch-5gv4-984h
Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
Warn: Project is vulnerable to: GHSA-qg8p-v9q4-gh34
Warn: Project is vulnerable to: GHSA-g4rg-993r-mgx7
Warn: Project is vulnerable to: GHSA-34r7-q49f-h37c
Warn: Project is vulnerable to: GHSA-c9f4-xj24-8jqx

Score

5.7

/10

Last Scanned on 2024-11-25

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More