Gathering detailed insights and metrics for y-webrtc
Gathering detailed insights and metrics for y-webrtc
Installations
npm install y-webrtcDeveloper
yjs
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=12
Typescript Support
Yes
Node Version
20.5.1
NPM Version
9.8.0
Statistics
482 Stars
138 Commits
118 Forks
16 Watching
3 Branches
17 Contributors
Updated on 27 Nov 2024
Languages
JavaScript (96.93%)
Dockerfile (2.61%)
HTML (0.45%)
Total Downloads
Cumulative downloads
Total Downloads
3,861,072
Last day
14.3%
17,042
Compared to previous day
Last week
-1.8%
74,409
Compared to previous week
Last month
7.1%
336,397
Compared to previous month
Last year
347.9%
2,910,039
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
4
Peer Dependencies
1
Dev Dependencies
11
Optional Dependencies
1
Versions
WebRTC connector for Yjs
Propagates document updates peer-to-peer to all users using WebRTC.
- Fast message propagation
- Encryption and authorization over untrusted signaling servers
- No setup required, public signaling servers are available
- Very little server load
- Not suited for a large amount of collaborators on a single document (each peer is connected to each other)
Setup
Install
1npm i y-webrtc
Client code
1import * as Y from 'yjs' 2import { WebrtcProvider } from 'y-webrtc' 3 4const ydoc = new Y.Doc() 5// clients connected to the same room-name share document updates 6const provider = new WebrtcProvider('your-room-name', ydoc, { password: 'optional-room-password' }) 7const yarray = ydoc.get('array', Y.Array)
Signaling
The peers find each other by connecting to a signaling server. This package implements a small signaling server in ./bin/server.js.
1# start signaling server 2PORT=4444 node ./bin/server.js
Peers using the same signaling server will find each other. You can specify several custom signaling servers like so:
1const provider = new WebrtcProvider('your-room-name', ydoc, { signaling: ['wss://y-webrtc-ckynwnzncc.now.sh', 'ws://localhost:4444'] })There is also an interesting article about setting up a scalable "serverless" signaling server by Ronny Roeller: https://medium.com/collaborne-engineering/serverless-yjs-72d0a84326a2
Communication Restrictions
y-webrtc is restricted by the number of peers that the web browser can create. By default, every client is connected to every other client up until the maximum number of conns is reached. The clients will still sync if every client is connected at least indirectly to every other client. Theoretically, y-webrtc allows an unlimited number of users, but at some point it can't be guaranteed anymore that the clients sync any longer**. Because we don't want to be greedy,
y-webrtc has a restriction to connect to a maximum of 20 + math.floor(random.rand() * 15) peers. The value has a random factor in order to prevent clients to form clusters, that can't connect to other clients. The value can be adjusted using the maxConn option. I.e.
1const provider = new WebrtcProvider('your-room-name', ydoc, { maxConns: 70 + math.floor(random.rand() * 70) })** A gifted mind could use this as an exercise and calculate the probability of clusters forming depending on the number of peers in the network. The default value was used to connect at least 100 clients at a conference meeting on a bad network connection.
Use y-webrtc for conferencing solutions
Just listen to the "peers" event from the provider to listen for more incoming WebRTC connections and use the simple-peer API to share streams. More help on this would be welcome. By default, browser windows share data using BroadcastChannel without WebRTC. In order to connect all peers and browser windows with each other, set maxConns = Number.POSITIVE_INFINITY and filterBcConns = false.
API
1new WebrtcProvider(roomName, ydoc[, opts])The following default values of opts can be overwritten:
1{ 2 // Specify signaling servers. The client will connect to every signaling server concurrently to find other peers as fast as possible. 3 signaling: ['wss://signaling.yjs.dev', 'wss://y-webrtc-signaling-eu.herokuapp.com', 'wss://y-webrtc-signaling-us.herokuapp.com'], 4 // If password is a string, it will be used to encrypt all communication over the signaling servers. 5 // No sensitive information (WebRTC connection info, shared data) will be shared over the signaling servers. 6 // The main objective is to prevent man-in-the-middle attacks and to allow you to securely use public / untrusted signaling instances. 7 password: null, 8 // Specify an existing Awareness instance - see https://github.com/yjs/y-protocols 9 awareness: new awarenessProtocol.Awareness(doc), 10 // Maximal number of WebRTC connections. 11 // A random factor is recommended, because it reduces the chance that n clients form a cluster. 12 maxConns: 20 + math.floor(random.rand() * 15), 13 // Whether to disable WebRTC connections to other tabs in the same browser. 14 // Tabs within the same browser share document updates using BroadcastChannels. 15 // WebRTC connections within the same browser are therefore only necessary if you want to share video information too. 16 filterBcConns: true, 17 // simple-peer options. See https://github.com/feross/simple-peer#peer--new-peeropts for available options. 18 // y-webrtc uses simple-peer internally as a library to create WebRTC connections. 19 peerOpts: {} 20}
Logging
y-webrtc uses the lib0/logging.js logging library. By default this library disables logging. You can enable it by specifying the log environment / localStorage variable:
1// enable logging for all modules 2localStorage.log = 'true' 3// enable logging only for y-webrtc 4localStorage.log = 'y-webrtc' 5// by specifying a regex variables 6localStorage.log = '^y.*'
1# enable y-webrtc logging in nodejs 2LOG='y-webrtc' node index.js
License
Yjs is licensed under the MIT License.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 8/20 approved changesets -- score normalized to 4
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-jc84-3g44-wf2q
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Reason
0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: containerImage not pinned by hash: Dockerfile:1
- Warn: containerImage not pinned by hash: Dockerfile:25: pin your Docker image by updating debian:bullseye to debian:bullseye@sha256:01559430c84e6bc864bed554345d1bfbfa94ac108ab68f39915cae34604b15c3
- Warn: downloadThenRun not pinned by hash: Dockerfile:6
- Warn: npmCommand not pinned by hash: Dockerfile:24
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 2 containerImage dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
2.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More