Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

pocket-messaging

bashlund38MIT6.0.1TypeScript support: included

A small cryptographic messaging library written in TypeScript both for browser and nodejs supporting TCP and WebSockets

messaging, message, send, data, trusted, peer, p2p, public-key, cryptography, tls

readme

pocket-messaging

A small, eventdriven cryptographic messaging library written in TypeScript for client/server communication over TCP or WebSockets with support for TLS encryption.

Runs in browser and NodeJS.

Background

This is an event-driven cryptographic (Ed25519/Sodium) communications library based on top of pocket-sockets which implements the SSB handshake protocol with some added optional bytes for data exchange.

Rationale: 

- Using `pocket-sockets` to have a uniform interface for using both TCP sockets and WebSockets in the application.
- Ed25519 handshake where server public key is the known part (the SSB 4-way handshake protocol).
- Sodium stream encryption.
- The pocket-sockets layer does also support TLS encryption in the sockets layer.
- `pocket-messaging` brings a request/response (indefinite) cycle of communications between peers. This can make application code very sleak.

Example

For a quick glimpse of what it looks like to set up two participants exchanging call and response messages and then finalizing the connections, follow the example below:

let [socket1, socket2] = CreatePair();
let messaging1 = new Messaging(socket1);
let messaging2 = new Messaging(socket2);

messaging1.open();
messaging2.open();

// Send message A from participant #1 to participant #2, then close upon reply
(async function() {
    const data = Buffer.from("A");
    const eventEmitter = messaging1.send("ping", data, 10000, true);
    if(eventEmitter) {
        const reply = await once(eventEmitter, "reply");
    }
    messaging1.close();
}) ();

// Send message B from participant #2 to participant #1, then close upon reply
(async function() {
    const eventEmitter = messaging2.getEventEmitter();
    const event = await once(eventEmitter, "route");
    const data = Buffer.from("B");
    const eventEmitterSend = messaging2.send(event.fromMsgId, data, 10000);
    if(eventEmitterSend) {
        const reply = await once(eventEmitterSend, "mixed");
    }
    messaging2.close();
}) ();

For running examples, please refer to the ./example directory.

Reference

Code documentation and API references are available in the official Wiki: https://github.com/bashlund/pocket-messaging/wiki.

Credits

Lib written by @bashlund, tests and wiki nicely crafted by @filippsen.

License

This project is released under the MIT license.

changelog

CHANGELOG: pocket-messaging

[6.0.1] - 20240409

Bugfix: close timeout on close to properly end Messaging instance.

[6.0.0] - 20240308

Improve overall event handling.
Add ping-pong in Messaging to better detect silent disconnects.

[5.0.0] - 20240226

Update embedded protocol version byte.
Polyfill bigint packing to work with webpack.

[4.0.0] - 20240221

Add clockDiff as part of the exchanged data in handshake.
Remove sessiondId.
No longer auto instantiate Messaging instance on successful handshake, instead return EncryptedClient.
Increase MESSAGE_MAX_BYTES to 67 KiB.
Refactor EncryptedClient.ts to extend pocket-sockets WrappedClient.

[3.0.0] - 20230628

Narrow return type of Messaging.getClient().
Remove box encryption from Messaging (BREAKING).
Add EncryptedClient wrapper to handle box encryption.
Add ClientInterface and HandshakeFactoryInterface.

[2.1.0] - 20230208

Add Messaging.getClient() to get access to the underlaying socket.
Update package lock file to reflect security advisory (for devDependencies).

[2.0.0] - 20221209

Add shared SocketFactoryStats usage to HandshakeFactory.
Change Messaging.send call signature for timeout to be strictly number (breaking call signature change).
Add Messaging.isMessagePending function.
Add pocket-console as logging utility.
npm audit fix on external dependency.
Add maxConnectionsPerClientPair limit to HandshakeFactory.
Add ping functionality for more aggressive disconnection detection.
Change ErrorEvent.error type from Buffer to string.

[1.1.0] - 20221010

Bug fix: Properly close underlaying socket of unopened Messaging instance.
Add Handshakefactory + tests.
Bump dependency on pocket-sockets to version 1.2.0.
Allow peerData to be function for just-in-time peer-data creation.
Add tests.

[1.0.2] - 20220516

Add project and compiler options.

[1.0.1] - 20220516

Update pocket-sockets version.

[1.0.0] - 20220516

Switch to using pocket-sockets on npm instead of local disk.
Update dependency version.
Add own longtermPk to HandshakeResult.
Allow for variable length of sent client/serverData.
Add sessionId to resulting HandshakeParams.
Introduce native ddos mitigation.
Add type HandshakeResult.
Add clearTimeout * Refactor MIXED to ANY.
Replace tweetnacl, tweetnacl-auth and ed2curve with libsodium.
Update Handshake to fix potential timing and length extension vulnerabilities.
Update tests.
Fix bug about buffered messages being consumed in reverse order.
Update API to be more clear and easy to use.
Adjust test.
Add box/unbox test.
Improve error handling on unbox.
Add code comments.
Fix bug in unbox, wrong nonce returned.
Send MixedEvent also for Timeout events.
Add replyCounter and timeoutStream.
Remove commented out code.
Update Messaging to work with new Crypto.ts.
Update package.json.
Add Handshake.ts as an optional four-way handshake protocol.
Add example, documentation export and update code to reflect changes to dependencies.
Add more tests around Messaging procedures.
Set isClosed flag as part of Messaging close and add new set of tests.
Add more tests around Messaging procedures.
Add more tests around Messaging procedures.
Add new verifications to Messaging set of tests.
Move EventType from Messaging.ts to types.ts.

[0.9.0] - 20210829

First release.