npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

essey

v0.3.2

Published

An SSE EventSource that doesn't suck

Downloads

13

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

chrisinajarchrisinajar

Keywords

SSEeventsourceeventsourcefunctional

Readme

essey Build Status Dependency Status devDependency Status

An EventSource that doesn't suck. Pronounced like cramming together the acronym SSE.

Installation

npm install essey

Usage

var Essey = require('essey');

var eventSource = Essey(eventUrl);

eventSource.onData(handleData);
eventSource.onError(handleError);

API

Essey(url, [options]) -> essey

Returns an Essey instance, passing options directly to the underlying eventsource.

url

Required
Type: string

The URL to connect to and read SSE data from.

options.headers

Type: object

The headers to send with the request.

essey.onData(listener) -> function

listener

Type: function
Arguments: message

Called when any messages are received, wrapping eventsource.onmessage. Returns an unlisten function.

essey.onError(listener) -> function

listener

Type: function
Arguments: err

Called when any errors occur, wrapping eventsource.onerror. Returns an unlisten function.

essey.onOpen(listener) -> function

listener

Type: function
Arguments: None

Called when the connection opens, wrapping eventsource.onopen. Returns an unlisten function.

essey.onClose(listener) -> function

listener

Type: function
Arguments: None

Called when the connection closes, wrapping eventsource.onclose. Returns an unlisten function.

How To Authenticate

SSE authentication sucks. By default, EventSources do not let you pass custom headers. There are two basic techniques I recommend for getting around this problem...

Use The Polyfill

eventsource (which this library uses under the hood) is a fantastic implementation of EventSources which adds a great deal of extra functionality, including custom headers for authentication. With this library you can simply authenticate like normal and continue on with your day.

var eventSource = Essey(eventUrl, {
  headers: {
    Authorization: 'bearer ' + authToken
  }
});

Cookie Knocking

The other technique uses cookies and a knock post. Cookies are generally not recommended for auth since they leave your system more vulnerable to CSRF attacks. The nature of CSRF attacks dictates that they are always blind, and since event streams do not (and should not) modify data it's fine to use this technique only for the event stream endpoint.

The event stream endpoint should respond to properly authenticated POST requests with a Set-Cookie reply to set up the event stream authentication. Then, the client can simply request the auth and then begin reading the stream.

request.post(eventUrl, function (err, data) {
  if (err) {
    // handle error
    return;
  }
  var eventSource = EventSource(eventUrl, {
    withCredentials: true
  });
})

It's important to note that eventsource does not share this withCredentials API that some browsers expose. This is largely the reason I recommend the polyfill method.

License

MIT