Gathering detailed insights and metrics for sockjs
Gathering detailed insights and metrics for sockjs
Gathering detailed insights and metrics for sockjs
Gathering detailed insights and metrics for sockjs
npm install sockjs
Typescript
Module System
Node Version
NPM Version
99.1
Supply Chain
97.9
Quality
82.3
Maintenance
100
Vulnerability
88
License
JavaScript (99.33%)
Shell (0.67%)
Total Downloads
3,085,094,918
Last Day
1,412,327
Last Week
11,207,941
Last Month
51,607,796
Last Year
585,266,336
MIT License
2,102 Stars
556 Commits
307 Forks
60 Watchers
8 Branches
36 Contributors
Updated on Apr 28, 2025
Minified
Minified + Gzipped
Latest Version
0.3.24
Package Id
sockjs@0.3.24
Unpacked Size
80.84 kB
Size
21.39 kB
File Count
17
NPM Version
7.24.0
Node Version
12.18.3
Published on
Dec 03, 2021
Cumulative downloads
Total Downloads
Last Day
-41.7%
1,412,327
Compared to previous day
Last Week
0.1%
11,207,941
Compared to previous week
Last Month
-4.5%
51,607,796
Compared to previous month
Last Year
2.6%
585,266,336
Compared to previous year
3
1
SockJS family:
Work in progress:
SockJS is a JavaScript library (for browsers) that provides a WebSocket-like object. SockJS gives you a coherent, cross-browser, Javascript API which creates a low latency, full duplex, cross-domain communication channel between the browser and the web server, with WebSockets or without. This necessitates the use of a server, which this is one version of, for Node.js.
SockJS-node is a Node.js server side counterpart of SockJS-client browser library written in CoffeeScript.
To install sockjs-node
run:
npm install sockjs
A simplified echo SockJS server could look more or less like:
1var http = require('http'); 2var sockjs = require('sockjs'); 3 4var echo = sockjs.createServer(); 5echo.on('connection', function(conn) { 6 conn.on('data', function(message) { 7 conn.write(message); 8 }); 9 conn.on('close', function() {}); 10}); 11 12var server = http.createServer(); 13echo.installHandlers(server, {prefix:'/echo'}); 14server.listen(9999, '0.0.0.0');
(Take look at examples directory for a complete version.)
Subscribe to SockJS mailing list for discussions and support.
The API design is based on common Node APIs like the Streams API or the Http.Server API.
SockJS module is generating a Server
class, similar to
Node.js http.createServer
module.
1var sockjs_server = sockjs.createServer(options);
Where options
is a hash which can contain:
Once you have create Server
instance you can hook it to the
http.Server instance.
1var http_server = http.createServer(); 2sockjs_server.installHandlers(http_server, options); 3http_server.listen(...);
Where options
can overshadow options given when creating Server
instance.
Server
instance is an
EventEmitter,
and emits following event:
All http requests that don't go under the path selected by prefix
will remain unanswered and will be passed to previously registered
handlers. You must install your custom http handlers before calling
installHandlers
.
A Connection
instance supports
Node Stream API and
has following methods and properties:
A Connection
instance emits the following events:
For example:
1sockjs_server.on('connection', function(conn) { 2 console.log('connection' + conn); 3 conn.on('close', function() { 4 console.log('close ' + conn); 5 }); 6 conn.on('data', function(message) { 7 console.log('message ' + conn, 8 message); 9 }); 10});
A fully working echo server does need a bit more boilerplate (to
handle requests unanswered by SockJS), see the
echo
example
for a complete code.
If you want to see samples of running code, take a look at:
Although the main point of SockJS it to enable browser-to-server connectivity, it is possible to connect to SockJS from an external application. Any SockJS server complying with 0.3 protocol does support a raw WebSocket url. The raw WebSocket url for the test server looks like:
You can connect any WebSocket RFC 6455 compliant WebSocket client to this url. This can be a command line client, external application, third party code or even a browser (though I don't know why you would want to do so).
Note: This endpoint will not send any heartbeat packets.
There are two issues that need to be considered when planning a non-trivial SockJS-node deployment: WebSocket-compatible load balancer and sticky sessions (aka session affinity).
Often WebSockets don't play nicely with proxies and load balancers. Deploying a SockJS server behind Nginx or Apache could be painful.
Fortunately recent versions of an excellent load balancer HAProxy are able to proxy WebSocket connections. We propose to put HAProxy as a front line load balancer and use it to split SockJS traffic from normal HTTP data. Take a look at the sample SockJS HAProxy configuration.
The config also shows how to use HAproxy balancing to split traffic between multiple Node.js servers. You can also do balancing using dns names.
If you plan deploying more than one SockJS server, you must make sure that all HTTP requests for a single session will hit the same server. SockJS has two mechanisms that can be useful to achieve that:
/resource/<server_number>/<session_id>/transport
. This is
useful for load balancers that support prefix-based affinity
(HAProxy does).JSESSIONID
cookie is being set by SockJS-node. Many load
balancers turn on sticky sessions if that cookie is set. This
technique is derived from Java applications, where sticky sessions
are often necessary. HAProxy does support this method, as well as
some hosting providers, for example CloudFoundry. In order to
enable this method on the client side, please supply a
cookie:true
option to SockJS constructor.If you want to work on SockJS-node source code, you need to clone the git repo and follow these steps. First you need to install dependencies:
cd sockjs-node
npm install
npm install --dev
ln -s .. node_modules/sockjs
You're ready to compile CoffeeScript:
make build
If compilation succeeds you may want to test if your changes pass all the tests. Currently, there are two separate test suites. For both of them you need to start a SockJS-node test server (by default listening on port 8081):
make test_server
To run it run something like:
cd sockjs-protocol
make test_deps
./venv/bin/python sockjs-protocol.py
For details see SockJS-protocol README.
You need to start a second web server (by default listening on 8080) that is serving various static html and javascript files:
cd sockjs-client
make test
At that point you should have two web servers running: sockjs-node on 8081 and sockjs-client on 8080. When you open the browser on http://localhost:8080/ you should be able run the QUnit tests against your sockjs-node server.
For details see SockJS-client README.
Additionally, if you're doing more serious development consider using
make serve
, which will automatically the server when you modify the
source code.
SockJS-node does not expose cookies to the application. This is done deliberately as using cookie-based authorisation with SockJS simply doesn't make sense and will lead to security issues.
Cookies are a contract between a browser and an http server, and are identified by a domain name. If a browser has a cookie set for particular domain, it will pass it as a part of all http requests to the host. But to get various transports working, SockJS uses a middleman
Basically - cookies are not suited for SockJS model. If you want to authorise a session - provide a unique token on a page, send it as a first thing over SockJS connection and validate it on the server side. In essence, this is how cookies work.
Long polling is known to cause problems on Heroku, but workaround for SockJS is available.
5.3/10
Summary
Improper Input Validation in SocksJS-Node
Affected Versions
< 0.3.20
Patched Versions
0.3.20
6.1/10
Summary
Cross-site scripting in SocksJS-node
Affected Versions
< 0.3.0
Patched Versions
0.3.0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
security policy file detected
Details
Reason
3 existing vulnerabilities detected
Details
Reason
Found 4/13 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2025-04-21
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More