npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@mobile-surfaces/push

v2.0.0

Published

Node SDK for sending Mobile Surfaces snapshots to Apple Push Notification service (APNs) — Live Activities, Dynamic Island, broadcast channels, and channel management.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chinmeisterchinmeister

Keywords

mobile-surfacesapnslive-activityactivitykitpushbroadcast

Readme

@mobile-surfaces/push

Node SDK for sending Mobile Surfaces snapshots to Apple Push Notification service (APNs). Drives the LiveSurfaceSnapshot projection helpers from @mobile-surfaces/surface-contracts at the wire layer:

  • per-device alert pushes
  • ActivityKit Live Activity start / update / end
  • iOS 18 broadcast pushes
  • channel-management (create / list / delete)

Zero npm runtime dependencies, only the workspace surface-contracts package. Uses node:http2, node:crypto, and node:fs directly.

Install

pnpm add @mobile-surfaces/push @mobile-surfaces/surface-contracts

Requires Node 20+ (for stable HTTP/2 + native crypto.randomUUID).

Quickstart

import { createPushClient } from "@mobile-surfaces/push";
import { surfaceFixtureSnapshots } from "@mobile-surfaces/surface-contracts";

const client = createPushClient({
  keyId: process.env.APNS_KEY_ID!,
  teamId: process.env.APNS_TEAM_ID!,
  keyPath: process.env.APNS_KEY_PATH!,
  bundleId: process.env.APNS_BUNDLE_ID!,
  environment: "development",
});

const snapshot = surfaceFixtureSnapshots.activeProgress;

// Regular alert
await client.alert(deviceToken, snapshot);

// Live Activity content update
await client.update(activityToken, snapshot);

// iOS 17.2+ remote start (push-to-start token)
await client.start(pushToStartToken, snapshot, {
  surfaceId: snapshot.surfaceId,
  modeLabel: snapshot.modeLabel,
});

// End the activity
await client.end(activityToken, snapshot);

// iOS 18 broadcast on a channel
await client.broadcast(channelId, snapshot);

// Channel management
const channel = await client.createChannel({ storagePolicy: "no-storage" });
const channels = await client.listChannels();
await client.deleteChannel(channel.channelId);

await client.close();

Tokens in this example come from different places: deviceToken from normal APNs notification registration, activityToken from an active Live Activity, and pushToStartToken from ActivityKit's push-to-start token stream. See docs/push.md for the full token lifecycle and docs/ios-environment.md for matching environment to development vs production builds.

Environment routing

  • developmentapi.development.push.apple.com:443 (sends), api-manage-broadcast.sandbox.push.apple.com:2195 (channel management).
  • productionapi.push.apple.com:443 (sends), api-manage-broadcast.push.apple.com:2196 (channel management).

Note the port split on management traffic: 2195 for sandbox, 2196 for production. Verified against Apple's "Sending channel management requests to APNs" documentation.

Error taxonomy

All non-2xx responses throw a typed subclass of ApnsError:

| Subclass | Reason | |---|---| | BadDeviceTokenError | Token / environment mismatch. | | InvalidProviderTokenError | JWT rejected (key id, team id, or .p8 wrong). | | ExpiredProviderTokenError | JWT older than 1h (clock skew). | | TopicDisallowedError | Auth key not enabled for this bundle id. | | PayloadTooLargeError | Activity payload > 4 KB (5 KB for broadcast). | | BadPriorityError, BadExpirationDateError, BadDateError | Header validation. | | MissingTopicError, MissingChannelIdError, BadChannelIdError | Required header missing or malformed. | | ChannelNotRegisteredError | Channel doesn't exist (env-scoped). | | CannotCreateChannelConfigError | 10,000-channel limit. | | InvalidPushTypeError, MissingPushTypeError | apns-push-type wrong. | | FeatureNotEnabledError | Broadcast not enabled on the auth key. | | TooManyRequestsError | 429; retryAfterSeconds parsed from Retry-After. | | UnknownApnsError | Reason not in the local guide; raw reason on .reason. |

All carry apnsId, status, timestamp, and reason. InvalidSnapshotError is thrown for snapshot validation failures (Zod failure or wrong kind); ClientClosedError is thrown after close().

Retry behavior

The default policy retries up to 3 times with exponential backoff (100ms base, 5s cap, jitter on) for:

  • TooManyRequests (honors Retry-After)
  • InternalServerError
  • ServiceUnavailable
  • transport errors: ECONNRESET, ECONNREFUSED, ETIMEDOUT, EPIPE, ENETUNREACH, EHOSTUNREACH, NGHTTP2_REFUSED_STREAM

Override via retryPolicy:

createPushClient({
  // ...
  retryPolicy: {
    maxRetries: 5,
    baseDelayMs: 250,
    maxDelayMs: 10_000,
    jitter: true,
    retryableReasons: new Set(["TooManyRequests"]),
  },
});

Connection lifecycle

A single long-lived HTTP/2 session per (origin) is multiplexed across concurrent requests. The session auto-reconnects on goaway or socket close. After idleTimeoutMs (default 60s) of no in-flight requests, the session is closed; the next send re-opens it.

client.close() flushes in-flight requests, sets the client to closed, and tears down both sessions (send + management). Subsequent calls throw ClientClosedError.

Next steps