Bump version to 0.7.1

Avoid using deprecated Buffer API

.gitignore

@@ -1 +1,2 @@
 node_modules
+package-lock.json

.npmignore

@@ -1,6 +0,0 @@
-.git
-.gitignore
-.npmignore
-.travis.yml
-node_modules
-spec

.travis.yml

@@ -1,11 +1,19 @@
+sudo: false
 language: node_js
 
 node_js:
-  - "0.6"
   - "0.8"
   - "0.10"
   - "0.12"
-  - "iojs"
+  - "4"
+  - "5"
+  - "6"
+  - "7"
+  - "8"
+  - "9"
+  - "10"
+  - "11"
+  - "12"
 
 before_install:
-  - '[ "${TRAVIS_NODE_VERSION}" = "0.6" ] && npm conf set strict-ssl false || true'
+  - '[ "${TRAVIS_NODE_VERSION}" = "0.8" ] && npm install -g npm@~1.4.0 || true'

CHANGELOG.md

@@ -1,88 +1,125 @@
+### 0.7.1 / 2019-06-10
+
+- Catch any exceptions produced while generating a handshake response and send a
+  `400 Bad Request` response to the client
+- Pick the RFC-6455 protocol version if the request contains any of the headers
+  used by that version
+- Use the `Buffer.alloc()` and `Buffer.from()` functions instead of the unsafe
+  `Buffer()` constructor
+- Handle errors encountered while handling malformed draft-76 requests
+
+### 0.7.0 / 2017-09-11
+
+- Add `ping` and `pong` to the set of events users can listen to
+- Replace the bindings to Node's HTTP parser with `http-parser-js`
+
+### 0.6.5 / 2016-05-20
+
+- Don't mutate buffers passed in by the application when masking
+
+### 0.6.4 / 2016-01-07
+
+- If a number is given as input for a frame payload, send it as a string
+
+### 0.6.3 / 2015-11-06
+
+- Reject draft-76 handshakes if their Sec-WebSocket-Key headers are invalid
+- Throw a more helpful error if a client is created with an invalid URL
+
+### 0.6.2 / 2015-07-18
+
+- When the peer sends a close frame with no error code, emit 1000
+
+### 0.6.1 / 2015-07-13
+
+- Use the `buffer.{read,write}UInt{16,32}BE` methods for reading/writing numbers
+  to buffers rather than including duplicate logic for this
+
 ### 0.6.0 / 2015-07-08
 
-* Allow the parser to recover cleanly if event listeners raise an error
-* Add a `pong` method for sending unsolicited pong frames
+- Allow the parser to recover cleanly if event listeners raise an error
+- Add a `pong` method for sending unsolicited pong frames
 
 ### 0.5.4 / 2015-03-29
 
-* Don't emit extra close frames if we receive a close frame after we already
+- Don't emit extra close frames if we receive a close frame after we already
   sent one
-* Fail the connection when the driver receives an invalid
+- Fail the connection when the driver receives an invalid
   `Sec-WebSocket-Extensions` header
 
 ### 0.5.3 / 2015-02-22
 
-* Don't treat incoming data as WebSocket frames if a client driver is closed
+- Don't treat incoming data as WebSocket frames if a client driver is closed
   before receiving the server handshake
 
 ### 0.5.2 / 2015-02-19
 
-* Fix compatibility with the HTTP parser on io.js
-* Use `websocket-extensions` to make sure messages and close frames are kept in
+- Fix compatibility with the HTTP parser on io.js
+- Use `websocket-extensions` to make sure messages and close frames are kept in
   order
-* Don't emit multiple `error` events
+- Don't emit multiple `error` events
 
 ### 0.5.1 / 2014-12-18
 
-* Don't allow drivers to be created with unrecognized options
+- Don't allow drivers to be created with unrecognized options
 
 ### 0.5.0 / 2014-12-13
 
-* Support protocol extensions via the websocket-extensions module
+- Support protocol extensions via the websocket-extensions module
 
 ### 0.4.0 / 2014-11-08
 
-* Support connection via HTTP proxies using `CONNECT`
+- Support connection via HTTP proxies using `CONNECT`
 
 ### 0.3.6 / 2014-10-04
 
-* It is now possible to call `close()` before `start()` and close the driver
+- It is now possible to call `close()` before `start()` and close the driver
 
 ### 0.3.5 / 2014-07-06
 
-* Don't hold references to frame buffers after a message has been emitted
-* Make sure that `protocol` and `version` are exposed properly by the TCP driver
+- Don't hold references to frame buffers after a message has been emitted
+- Make sure that `protocol` and `version` are exposed properly by the TCP driver
 
 ### 0.3.4 / 2014-05-08
 
-* Don't hold memory-leaking references to I/O buffers after they have been
+- Don't hold memory-leaking references to I/O buffers after they have been
   parsed
 
 ### 0.3.3 / 2014-04-24
 
-* Correct the draft-76 status line reason phrase
+- Correct the draft-76 status line reason phrase
 
 ### 0.3.2 / 2013-12-29
 
-* Expand `maxLength` to cover sequences of continuation frames and
+- Expand `maxLength` to cover sequences of continuation frames and
   `draft-{75,76}`
-* Decrease default maximum frame buffer size to 64MB
-* Stop parsing when the protocol enters a failure mode, to save CPU cycles
+- Decrease default maximum frame buffer size to 64MB
+- Stop parsing when the protocol enters a failure mode, to save CPU cycles
 
 ### 0.3.1 / 2013-12-03
 
-* Add a `maxLength` option to limit allowed frame size
-* Don't pre-allocate a message buffer until the whole frame has arrived
-* Fix compatibility with Node v0.11 `HTTPParser`
+- Add a `maxLength` option to limit allowed frame size
+- Don't pre-allocate a message buffer until the whole frame has arrived
+- Fix compatibility with Node v0.11 `HTTPParser`
 
 ### 0.3.0 / 2013-09-09
 
-* Support client URLs with Basic Auth credentials
+- Support client URLs with Basic Auth credentials
 
 ### 0.2.2 / 2013-07-05
 
-* No functional changes, just updates to package.json
+- No functional changes, just updates to package.json
 
 ### 0.2.1 / 2013-05-17
 
-* Export the isSecureRequest() method since faye-websocket relies on it
-* Queue sent messages in the client's initial state
+- Export the isSecureRequest() method since faye-websocket relies on it
+- Queue sent messages in the client's initial state
 
 ### 0.2.0 / 2013-05-12
 
-* Add API for setting and reading headers
-* Add Driver.server() method for getting a driver for TCP servers
+- Add API for setting and reading headers
+- Add Driver.server() method for getting a driver for TCP servers
 
 ### 0.1.0 / 2013-05-04
 
-* First stable release
+- First stable release

CODE_OF_CONDUCT.md

@@ -0,0 +1,4 @@
+# Code of Conduct
+
+All projects under the [Faye](https://github.com/faye) umbrella are covered by
+the [Code of Conduct](https://github.com/faye/code-of-conduct).

LICENSE.md

@@ -0,0 +1,12 @@
+Copyright 2010-2019 James Coglan
+
+Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+this file except in compliance with the License. You may obtain a copy of the
+License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed
+under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+CONDITIONS OF ANY KIND, either express or implied. See the License for the
+specific language governing permissions and limitations under the License.

README.md

@@ -10,21 +10,21 @@ pluggable I/O.
 Due to this design, you get a lot of things for free. In particular, if you hook
 this module up to some I/O object, it will do all of this for you:
 
-* Select the correct server-side driver to talk to the client
-* Generate and send both server- and client-side handshakes
-* Recognize when the handshake phase completes and the WS protocol begins
-* Negotiate subprotocol selection based on `Sec-WebSocket-Protocol`
-* Negotiate and use extensions via the
+- Select the correct server-side driver to talk to the client
+- Generate and send both server- and client-side handshakes
+- Recognize when the handshake phase completes and the WS protocol begins
+- Negotiate subprotocol selection based on `Sec-WebSocket-Protocol`
+- Negotiate and use extensions via the
   [websocket-extensions](https://github.com/faye/websocket-extensions-node)
   module
-* Buffer sent messages until the handshake process is finished
-* Deal with proxies that defer delivery of the draft-76 handshake body
-* Notify you when the socket is open and closed and when messages arrive
-* Recombine fragmented messages
-* Dispatch text, binary, ping, pong and close frames
-* Manage the socket-closing handshake process
-* Automatically reply to ping frames with a matching pong
-* Apply masking to messages sent by the client
+- Buffer sent messages until the handshake process is finished
+- Deal with proxies that defer delivery of the draft-76 handshake body
+- Notify you when the socket is open and closed and when messages arrive
+- Recombine fragmented messages
+- Dispatch text, binary, ping, pong and close frames
+- Manage the socket-closing handshake process
+- Automatically reply to ping frames with a matching pong
+- Apply masking to messages sent by the client
 
 This library was originally extracted from the [Faye](http://faye.jcoglan.com)
 project but now aims to provide simple WebSocket support for any Node-based
@@ -153,8 +153,8 @@ driver.messages.on('data', function(message) {
 Client drivers have two additional properties for reading the HTTP data that was
 sent back by the server:
 
-* `driver.statusCode` - the integer value of the HTTP status code
-* `driver.headers` - an object containing the response headers
+- `driver.statusCode` - the integer value of the HTTP status code
+- `driver.headers` - an object containing the response headers
 
 
 ### HTTP Proxies
@@ -235,18 +235,18 @@ masking enabled on outgoing frames.
 The `options` argument is optional, and is an object. It may contain the
 following fields:
 
-* `maxLength` - the maximum allowed size of incoming message frames, in bytes.
+- `maxLength` - the maximum allowed size of incoming message frames, in bytes.
   The default value is `2^26 - 1`, or 1 byte short of 64 MiB.
-* `protocols` - an array of strings representing acceptable subprotocols for use
+- `protocols` - an array of strings representing acceptable subprotocols for use
   over the socket. The driver will negotiate one of these to use via the
   `Sec-WebSocket-Protocol` header if supported by the other peer.
 
 A driver has two duplex streams attached to it:
 
-* <b>`driver.io`</b> - this stream should be attached to an I/O socket like a
-  TCP stream. Pipe incoming TCP chunks to this stream for them to be parsed, and
+- **`driver.io`** - this stream should be attached to an I/O socket like a TCP
+  stream. Pipe incoming TCP chunks to this stream for them to be parsed, and
   pipe this stream back into TCP to send outgoing frames.
-* <b>`driver.messages`</b> - this stream emits messages received over the
+- **`driver.messages`** - this stream emits messages received over the
   WebSocket.  Writing to it sends messages to the other peer by emitting frames
   via the `driver.io` stream.
 
@@ -281,6 +281,17 @@ describing the error.
 Adds a callback to execute when the socket becomes closed. The `event` object
 has `code` and `reason` attributes.
 
+#### `driver.on('ping', function(event) {})`
+
+Adds a callback block to execute when a ping is received. You do not need to
+handle this by sending a pong frame yourself; the driver handles this for you.
+
+#### `driver.on('pong', function(event) {})`
+
+Adds a callback block to execute when a pong is received. If this was in
+response to a ping you sent, you can also handle this event via the
+`driver.ping(message, function() { ... })` callback.
+
 #### `driver.addExtension(extension)`
 
 Registers a protocol extension whose operation will be negotiated via the
@@ -357,27 +368,3 @@ Returns the WebSocket version in use as a string. Will either be `hixie-75`,
 Returns a string containing the selected subprotocol, if any was agreed upon
 using the `Sec-WebSocket-Protocol` mechanism. This value becomes available after
 `emit('open')` has fired.
-
-
-## License
-
-(The MIT License)
-
-Copyright (c) 2010-2015 James Coglan
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the 'Software'), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

examples/net_client.js

@@ -0,0 +1,33 @@
+'use strict';
+
+var net       = require('net'),
+    url       = require('url'),
+    websocket = require('..'),
+    deflate   = require('permessage-deflate');
+
+var DEFAULT_PORTS = {'ws:': 80, 'wss:': 443};
+
+var uri  = url.parse(process.argv[2]),
+    port = uri.port || DEFAULT_PORTS[uri.protocol],
+    conn = net.connect({host: uri.hostname, port: port});
+
+var driver = websocket.client(uri.href);
+driver.addExtension(deflate);
+
+driver.on('open', function() {
+  driver.text('Hello, world');
+});
+
+driver.on('message', function(event) {
+  console.log(['message', event.data]);
+});
+
+driver.on('close', function(event) {
+  console.log(['close', event.code, event.reason]);
+  conn.end();
+});
+
+conn.pipe(driver.io);
+driver.io.pipe(conn);
+
+driver.start();

examples/net_server.js

@@ -1,3 +1,5 @@
+'use strict';
+
 var net       = require('net'),
     websocket = require('..'),
     deflate   = require('permessage-deflate');

lib/websocket/driver.js

@@ -32,14 +32,7 @@ var Driver = {
   },
 
   isWebSocket: function(request) {
-    if (request.method !== 'GET') return false;
-
-    var connection = request.headers.connection || '',
-        upgrade    = request.headers.upgrade || '';
-
-    return request.method === 'GET' &&
-           connection.toLowerCase().split(/ *, */).indexOf('upgrade') >= 0 &&
-           upgrade.toLowerCase() === 'websocket';
+    return Base.isWebSocket(request);
   },
 
   validateOptions: function(options, validKeys) {

lib/websocket/driver/base.js

@@ -1,6 +1,7 @@
 'use strict';
 
-var Emitter = require('events').EventEmitter,
+var Buffer  = require('safe-buffer').Buffer,
+    Emitter = require('events').EventEmitter,
     util    = require('util'),
     streams = require('../streams'),
     Headers = require('./headers'),
@@ -25,6 +26,15 @@ var Base = function(request, url, options) {
 };
 util.inherits(Base, Emitter);
 
+Base.isWebSocket = function(request) {
+  var connection = request.headers.connection || '',
+      upgrade    = request.headers.upgrade || '';
+
+  return request.method === 'GET' &&
+         connection.toLowerCase().split(/ *, */).indexOf('upgrade') >= 0 &&
+         upgrade.toLowerCase() === 'websocket';
+};
+
 Base.validateOptions = function(options, validKeys) {
   for (var key in options) {
     if (validKeys.indexOf(key) < 0)
@@ -79,13 +89,35 @@ var instance = {
 
   start: function() {
     if (this.readyState !== 0) return false;
-    var response = this._handshakeResponse();
-    if (!response) return false;
+
+    if (!Base.isWebSocket(this._request))
+      return this._failHandshake(new Error('Not a WebSocket request'));
+
+    var response;
+
+    try {
+      response = this._handshakeResponse();
+    } catch (error) {
+      return this._failHandshake(error);
+    }
+
     this._write(response);
     if (this._stage !== -1) this._open();
     return true;
   },
 
+  _failHandshake: function(error) {
+    var headers = new Headers();
+    headers.set('Content-Type', 'text/plain');
+    headers.set('Content-Length', Buffer.byteLength(error.message, 'utf8'));
+
+    headers = ['HTTP/1.1 400 Bad Request', headers.toString(), error.message];
+    this._write(Buffer.from(headers.join('\r\n'), 'utf8'));
+    this._fail('protocol_error', error.message);
+
+    return false;
+  },
+
   text: function(message) {
     return this.frame(message);
   },
@@ -124,6 +156,12 @@ var instance = {
   _write: function(chunk) {
     var io = this.io;
     if (io.readable) io.emit('data', chunk);
+  },
+
+  _fail: function(type, message) {
+    this.readyState = 2;
+    this.emit('error', new Error(message));
+    this.close();
   }
 };
 
@@ -144,4 +182,12 @@ Base.MessageEvent = function(data) {
   this.data = data;
 };
 
+Base.PingEvent = function(data) {
+  this.data = data;
+};
+
+Base.PongEvent = function(data) {
+  this.data = data;
+};
+
 module.exports = Base;

lib/websocket/driver/client.js

@@ -1,6 +1,7 @@
 'use strict';
 
-var crypto     = require('crypto'),
+var Buffer     = require('safe-buffer').Buffer,
+    crypto     = require('crypto'),
     url        = require('url'),
     util       = require('util'),
     HttpParser = require('../http_parser'),
@@ -9,7 +10,7 @@ var crypto     = require('crypto'),
     Proxy      = require('./proxy');
 
 var Client = function(_url, options) {
-  this.version = 'hybi-13';
+  this.version = 'hybi-' + Hybi.VERSION;
   Hybi.call(this, null, _url, options);
 
   this.readyState = -1;
@@ -18,7 +19,10 @@ var Client = function(_url, options) {
   this._http      = new HttpParser('response');
 
   var uri  = url.parse(this.url),
-      auth = uri.auth && new Buffer(uri.auth, 'utf8').toString('base64');
+      auth = uri.auth && Buffer.from(uri.auth, 'utf8').toString('base64');
+
+  if (this.VALID_PROTOCOLS.indexOf(uri.protocol) < 0)
+    throw new Error(this.url + ' is not a valid WebSocket URL');
 
   this._pathname = (uri.pathname || '/') + (uri.search || '');
 
@@ -26,7 +30,7 @@ var Client = function(_url, options) {
   this._headers.set('Upgrade', 'websocket');
   this._headers.set('Connection', 'Upgrade');
   this._headers.set('Sec-WebSocket-Key', this._key);
-  this._headers.set('Sec-WebSocket-Version', '13');
+  this._headers.set('Sec-WebSocket-Version', Hybi.VERSION);
 
   if (this._protocols.length > 0)
     this._headers.set('Sec-WebSocket-Protocol', this._protocols.join(', '));
@@ -41,6 +45,8 @@ Client.generateKey = function() {
 };
 
 var instance = {
+  VALID_PROTOCOLS: ['ws:', 'wss:'],
+
   proxy: function(origin, options) {
     return new Proxy(this, origin, options);
   },
@@ -52,11 +58,11 @@ var instance = {
     return true;
   },
 
-  parse: function(data) {
+  parse: function(chunk) {
     if (this.readyState === 3) return;
-    if (this.readyState > 0) return Hybi.prototype.parse.call(this, data);
+    if (this.readyState > 0) return Hybi.prototype.parse.call(this, chunk);
 
-    this._http.parse(data);
+    this._http.parse(chunk);
     if (!this._http.isComplete()) return;
 
     this._validateHandshake();
@@ -74,7 +80,7 @@ var instance = {
     var start   = 'GET ' + this._pathname + ' HTTP/1.1',
         headers = [start, this._headers.toString(), ''];
 
-    return new Buffer(headers.join('\r\n'), 'utf8');
+    return Buffer.from(headers.join('\r\n'), 'utf8');
   },
 
   _failHandshake: function(message) {
@@ -88,6 +94,9 @@ var instance = {
     this.statusCode = this._http.statusCode;
     this.headers    = this._http.headers;
 
+    if (this._http.error)
+      return this._failHandshake(this._http.error.message);
+
     if (this._http.statusCode !== 101)
       return this._failHandshake('Unexpected response code: ' + this._http.statusCode);
 

lib/websocket/driver/draft75.js

@@ -1,11 +1,12 @@
 'use strict';
 
-var Base = require('./base'),
-    util = require('util');
+var Buffer = require('safe-buffer').Buffer,
+    Base   = require('./base'),
+    util   = require('util');
 
 var Draft75 = function(request, url, options) {
   Base.apply(this, arguments);
-  this._stage = 0;
+  this._stage  = 0;
   this.version = 'hixie-75';
 
   this._headers.set('Upgrade', 'WebSocket');
@@ -23,46 +24,45 @@ var instance = {
     return true;
   },
 
-  parse: function(buffer) {
+  parse: function(chunk) {
     if (this.readyState > 1) return;
 
-    this._reader.put(buffer);
+    this._reader.put(chunk);
 
-    this._reader.eachByte(function(data) {
-      var message, value;
+    this._reader.eachByte(function(octet) {
+      var message;
 
       switch (this._stage) {
         case -1:
-          this._body.push(data);
+          this._body.push(octet);
           this._sendHandshakeBody();
           break;
 
         case 0:
-          this._parseLeadingByte(data);
+          this._parseLeadingByte(octet);
           break;
 
         case 1:
-          value = (data & 0x7F);
-          this._length = value + 128 * this._length;
+          this._length = (octet & 0x7F) + 128 * this._length;
 
           if (this._closing && this._length === 0) {
             return this.close();
           }
-          else if ((0x80 & data) !== 0x80) {
+          else if ((octet & 0x80) !== 0x80) {
             if (this._length === 0) {
               this._stage = 0;
             }
             else {
               this._skipped = 0;
-              this._stage = 2;
+              this._stage   = 2;
             }
           }
           break;
 
         case 2:
-          if (data === 0xFF) {
+          if (octet === 0xFF) {
             this._stage = 0;
-            message = new Buffer(this._buffer).toString('utf8', 0, this._buffer.length);
+            message = Buffer.from(this._buffer).toString('utf8', 0, this._buffer.length);
             this.emit('message', new Base.MessageEvent(message));
           }
           else {
@@ -71,7 +71,7 @@ var instance = {
               if (this._skipped === this._length)
                 this._stage = 0;
             } else {
-              this._buffer.push(data);
+              this._buffer.push(octet);
               if (this._buffer.length > this._maxLength) return this.close();
             }
           }
@@ -80,16 +80,18 @@ var instance = {
     }, this);
   },
 
-  frame: function(data) {
-    if (this.readyState === 0) return this._queue([data]);
+  frame: function(buffer) {
+    if (this.readyState === 0) return this._queue([buffer]);
     if (this.readyState > 1) return false;
 
-    var buffer = new Buffer(data, 'utf8'),
-        frame  = new Buffer(buffer.length + 2);
+    if (typeof buffer !== 'string') buffer = buffer.toString();
+
+    var length = Buffer.byteLength(buffer),
+        frame  = Buffer.allocUnsafe(length + 2);
 
     frame[0] = 0x00;
-    frame[buffer.length + 1] = 0xFF;
-    buffer.copy(frame, 1);
+    frame.write(buffer, 1);
+    frame[frame.length - 1] = 0xFF;
 
     this._write(frame);
     return true;
@@ -99,18 +101,18 @@ var instance = {
     var start   = 'HTTP/1.1 101 Web Socket Protocol Handshake',
         headers = [start, this._headers.toString(), ''];
 
-    return new Buffer(headers.join('\r\n'), 'utf8');
+    return Buffer.from(headers.join('\r\n'), 'utf8');
   },
 
-  _parseLeadingByte: function(data) {
-    if ((0x80 & data) === 0x80) {
+  _parseLeadingByte: function(octet) {
+    if ((octet & 0x80) === 0x80) {
       this._length = 0;
-      this._stage = 1;
+      this._stage  = 1;
     } else {
       delete this._length;
       delete this._skipped;
       this._buffer = [];
-      this._stage = 2;
+      this._stage  = 2;
     }
   }
 };

lib/websocket/driver/draft76.js

@@ -1,25 +1,18 @@
 'use strict';
 
-var Base    = require('./base'),
+var Buffer  = require('safe-buffer').Buffer,
+    Base    = require('./base'),
     Draft75 = require('./draft75'),
     crypto  = require('crypto'),
     util    = require('util');
 
 
 var numberFromKey = function(key) {
-  return parseInt(key.match(/[0-9]/g).join(''), 10);
+  return parseInt((key.match(/[0-9]/g) || []).join(''), 10);
 };
 
 var spacesInKey = function(key) {
-  return key.match(/ /g).length;
-};
-
-var bigEndian = function(number) {
-  var string = '';
-  [24, 16, 8, 0].forEach(function(offset) {
-    string += String.fromCharCode(number >> offset & 0xFF);
-  });
-  return string;
+  return (key.match(/ /g) || []).length;
 };
 
 
@@ -50,35 +43,49 @@ var instance = {
 
   close: function() {
     if (this.readyState === 3) return false;
-    this._write(new Buffer([0xFF, 0x00]));
+    if (this.readyState === 1) this._write(Buffer.from([0xFF, 0x00]));
     this.readyState = 3;
     this.emit('close', new Base.CloseEvent(null, null));
     return true;
   },
 
   _handshakeResponse: function() {
+    var headers = this._request.headers,
+        key1    = headers['sec-websocket-key1'],
+        key2    = headers['sec-websocket-key2'];
+
+    if (!key1) throw new Error('Missing required header: Sec-WebSocket-Key1');
+    if (!key2) throw new Error('Missing required header: Sec-WebSocket-Key2');
+
+    var number1 = numberFromKey(key1),
+        spaces1 = spacesInKey(key1),
+
+        number2 = numberFromKey(key2),
+        spaces2 = spacesInKey(key2);
+
+    if (number1 % spaces1 !== 0 || number2 % spaces2 !== 0)
+      throw new Error('Client sent invalid Sec-WebSocket-Key headers');
+
+    this._keyValues = [number1 / spaces1, number2 / spaces2];
+
     var start   = 'HTTP/1.1 101 WebSocket Protocol Handshake',
         headers = [start, this._headers.toString(), ''];
 
-    return new Buffer(headers.join('\r\n'), 'binary');
+    return Buffer.from(headers.join('\r\n'), 'binary');
   },
 
   _handshakeSignature: function() {
     if (this._body.length < this.BODY_SIZE) return null;
-    var body = new Buffer(this._body.slice(0, this.BODY_SIZE));
 
-    var headers = this._request.headers,
-        key1    = headers['sec-websocket-key1'],
-        value1  = numberFromKey(key1) / spacesInKey(key1),
-        key2    = headers['sec-websocket-key2'],
-        value2  = numberFromKey(key2) / spacesInKey(key2),
-        md5     = crypto.createHash('md5');
+    var md5    = crypto.createHash('md5'),
+        buffer = Buffer.allocUnsafe(8 + this.BODY_SIZE);
 
-    md5.update(bigEndian(value1));
-    md5.update(bigEndian(value2));
-    md5.update(body.toString('binary'));
+    buffer.writeUInt32BE(this._keyValues[0], 0);
+    buffer.writeUInt32BE(this._keyValues[1], 4);
+    Buffer.from(this._body).copy(buffer, 8, 0, this.BODY_SIZE);
 
-    return new Buffer(md5.digest('binary'), 'binary');
+    md5.update(buffer);
+    return Buffer.from(md5.digest('binary'), 'binary');
   },
 
   _sendHandshakeBody: function() {
@@ -94,9 +101,9 @@ var instance = {
       this.parse(this._body.slice(this.BODY_SIZE));
   },
 
-  _parseLeadingByte: function(data) {
-    if (data !== 0xFF)
-      return Draft75.prototype._parseLeadingByte.call(this, data);
+  _parseLeadingByte: function(octet) {
+    if (octet !== 0xFF)
+      return Draft75.prototype._parseLeadingByte.call(this, octet);
 
     this._closing = true;
     this._length  = 0;

lib/websocket/driver/hybi.js

@@ -1,6 +1,7 @@
 'use strict';
 
-var crypto     = require('crypto'),
+var Buffer     = require('safe-buffer').Buffer,
+    crypto     = require('crypto'),
     util       = require('util'),
     Extensions = require('websocket-extensions'),
     Base       = require('./base'),
@@ -22,25 +23,20 @@ var Hybi = function(request, url, options) {
 
   if (!this._request) return;
 
-  var secKey    = this._request.headers['sec-websocket-key'],
-      protos    = this._request.headers['sec-websocket-protocol'],
-      version   = this._request.headers['sec-websocket-version'],
+  var protos    = this._request.headers['sec-websocket-protocol'],
       supported = this._protocols;
 
-  this._headers.set('Upgrade', 'websocket');
-  this._headers.set('Connection', 'Upgrade');
-  this._headers.set('Sec-WebSocket-Accept', Hybi.generateAccept(secKey));
-
   if (protos !== undefined) {
     if (typeof protos === 'string') protos = protos.split(/ *, */);
     this.protocol = protos.filter(function(p) { return supported.indexOf(p) >= 0 })[0];
-    if (this.protocol) this._headers.set('Sec-WebSocket-Protocol', this.protocol);
   }
 
-  this.version = 'hybi-' + version;
+  this.version = 'hybi-' + Hybi.VERSION;
 };
 util.inherits(Hybi, Base);
 
+Hybi.VERSION = '13';
+
 Hybi.mask = function(payload, mask, offset) {
   if (!mask || mask.length === 0) return payload;
   offset = offset || 0;
@@ -60,14 +56,13 @@ Hybi.generateAccept = function(key) {
 Hybi.GUID = '258EAFA5-E914-47DA-95CA-C5AB0DC85B11';
 
 var instance = {
-  BYTE:   255,
-  FIN:    128,
-  MASK:   128,
-  RSV1:   64,
-  RSV2:   32,
-  RSV3:   16,
-  OPCODE: 15,
-  LENGTH: 127,
+  FIN:    0x80,
+  MASK:   0x80,
+  RSV1:   0x40,
+  RSV2:   0x20,
+  RSV3:   0x10,
+  OPCODE: 0x0F,
+  LENGTH: 0x7F,
 
   OPCODES: {
     continuation: 0,
@@ -82,8 +77,6 @@ var instance = {
   MESSAGE_OPCODES: [0, 1, 2],
   OPENING_OPCODES: [1, 2],
 
-  TWO_POWERS: [0, 1, 2, 3, 4, 5, 6, 7].map(function(n) { return Math.pow(2, 8 * n) }),
-
   ERRORS: {
     normal_closure:       1000,
     going_away:           1001,
@@ -97,6 +90,7 @@ var instance = {
   },
 
   ERROR_CODES:        [1000, 1001, 1002, 1003, 1007, 1008, 1009, 1010, 1011],
+  DEFAULT_ERROR_CODE: 1000,
   MIN_RESERVED_ERROR: 3000,
   MAX_RESERVED_ERROR: 4999,
 
@@ -108,8 +102,8 @@ var instance = {
     return true;
   },
 
-  parse: function(data) {
-    this._reader.put(data);
+  parse: function(chunk) {
+    this._reader.put(chunk);
     var buffer = true;
     while (buffer) {
       switch (this._stage) {
@@ -190,27 +184,27 @@ var instance = {
     }
   },
 
-  frame: function(data, type, code) {
-    if (this.readyState <= 0) return this._queue([data, type, code]);
+  frame: function(buffer, type, code) {
+    if (this.readyState <= 0) return this._queue([buffer, type, code]);
     if (this.readyState > 2) return false;
 
-    if (data instanceof Array) data = new Buffer(data);
+    if (buffer instanceof Array)    buffer = Buffer.from(buffer);
+    if (typeof buffer === 'number') buffer = buffer.toString();
 
     var message = new Message(),
-        isText  = (typeof data === 'string'),
-        payload, buffer;
+        isText  = (typeof buffer === 'string'),
+        payload, copy;
 
     message.rsv1   = message.rsv2 = message.rsv3 = false;
     message.opcode = this.OPCODES[type || (isText ? 'text' : 'binary')];
 
-    payload = isText ? new Buffer(data, 'utf8') : data;
+    payload = isText ? Buffer.from(buffer, 'utf8') : buffer;
 
     if (code) {
-      buffer = payload;
-      payload = new Buffer(2 + buffer.length);
-      payload[0] = ~~(code / 256) & this.BYTE;
-      payload[1] = code & this.BYTE;
-      buffer.copy(payload, 2);
+      copy = payload;
+      payload = Buffer.allocUnsafe(2 + copy.length);
+      payload.writeUInt16BE(code, 0);
+      copy.copy(payload, 2);
     }
     message.data = payload;
 
@@ -246,8 +240,7 @@ var instance = {
     var length = frame.length,
         header = (length <= 125) ? 2 : (length <= 65535 ? 4 : 10),
         offset = header + (frame.masked ? 4 : 0),
-        buffer = new Buffer(offset + length),
-        BYTE   = this.BYTE,
+        buffer = Buffer.allocUnsafe(offset + length),
         masked = frame.masked ? this.MASK : 0;
 
     buffer[0] = (frame.final ? this.FIN : 0) |
@@ -260,43 +253,46 @@ var instance = {
       buffer[1] = masked | length;
     } else if (length <= 65535) {
       buffer[1] = masked | 126;
-      buffer[2] = ~~(length / 256);
-      buffer[3] = length & BYTE;
+      buffer.writeUInt16BE(length, 2);
     } else {
       buffer[1] = masked | 127;
-      buffer[2] = ~~(length / Math.pow(2, 56)) & BYTE;
-      buffer[3] = ~~(length / Math.pow(2, 48)) & BYTE;
-      buffer[4] = ~~(length / Math.pow(2, 40)) & BYTE;
-      buffer[5] = ~~(length / Math.pow(2, 32)) & BYTE;
-      buffer[6] = ~~(length / Math.pow(2, 24)) & BYTE;
-      buffer[7] = ~~(length / Math.pow(2, 16)) & BYTE;
-      buffer[8] = ~~(length / Math.pow(2, 8))  & BYTE;
-      buffer[9] = length & BYTE;
+      buffer.writeUInt32BE(Math.floor(length / 0x100000000), 2);
+      buffer.writeUInt32BE(length % 0x100000000, 6);
     }
 
+    frame.payload.copy(buffer, offset);
+
     if (frame.masked) {
       frame.maskingKey.copy(buffer, header);
-      Hybi.mask(frame.payload, frame.maskingKey).copy(buffer, offset);
-    } else {
-      frame.payload.copy(buffer, offset);
+      Hybi.mask(buffer, frame.maskingKey, offset);
     }
 
     this._write(buffer);
   },
 
   _handshakeResponse: function() {
-    try {
-      var extensions = this._extensions.generateResponse(this._request.headers['sec-websocket-extensions']);
-    } catch (e) {
-      return this._fail('protocol_error', e.message);
-    }
+    var secKey  = this._request.headers['sec-websocket-key'],
+        version = this._request.headers['sec-websocket-version'];
 
+    if (version !== Hybi.VERSION)
+      throw new Error('Unsupported WebSocket version: ' + version);
+
+    if (typeof secKey !== 'string')
+      throw new Error('Missing handshake request header: Sec-WebSocket-Key');
+
+    this._headers.set('Upgrade', 'websocket');
+    this._headers.set('Connection', 'Upgrade');
+    this._headers.set('Sec-WebSocket-Accept', Hybi.generateAccept(secKey));
+
+    if (this.protocol) this._headers.set('Sec-WebSocket-Protocol', this.protocol);
+
+    var extensions = this._extensions.generateResponse(this._request.headers['sec-websocket-extensions']);
     if (extensions) this._headers.set('Sec-WebSocket-Extensions', extensions);
 
     var start   = 'HTTP/1.1 101 Switching Protocols',
         headers = [start, this._headers.toString(), ''];
 
-    return new Buffer(headers.join('\r\n'), 'utf8');
+    return Buffer.from(headers.join('\r\n'), 'utf8');
   },
 
   _shutdown: function(code, reason, error) {
@@ -320,18 +316,18 @@ var instance = {
     this._shutdown(this.ERRORS[type], message, true);
   },
 
-  _parseOpcode: function(data) {
+  _parseOpcode: function(octet) {
     var rsvs = [this.RSV1, this.RSV2, this.RSV3].map(function(rsv) {
-      return (data & rsv) === rsv;
+      return (octet & rsv) === rsv;
     });
 
     var frame = this._frame = new Frame();
 
-    frame.final  = (data & this.FIN) === this.FIN;
+    frame.final  = (octet & this.FIN) === this.FIN;
     frame.rsv1   = rsvs[0];
     frame.rsv2   = rsvs[1];
     frame.rsv3   = rsvs[2];
-    frame.opcode = (data & this.OPCODE);
+    frame.opcode = (octet & this.OPCODE);
 
     this._stage = 1;
 
@@ -351,10 +347,10 @@ var instance = {
       return this._fail('protocol_error', 'Received new data frame but previous continuous frame is unfinished');
   },
 
-  _parseLength: function(data) {
+  _parseLength: function(octet) {
     var frame = this._frame;
-    frame.masked = (data & this.MASK) === this.MASK;
-    frame.length = (data & this.LENGTH);
+    frame.masked = (octet & this.MASK) === this.MASK;
+    frame.length = (octet & this.LENGTH);
 
     if (frame.length >= 0 && frame.length <= 125) {
       this._stage = frame.masked ? 3 : 4;
@@ -370,7 +366,7 @@ var instance = {
 
   _parseExtendedLength: function(buffer) {
     var frame = this._frame;
-    frame.length = this._getInteger(buffer);
+    frame.length = this._readUInt(buffer);
 
     this._stage = frame.masked ? 3 : 4;
 
@@ -415,7 +411,7 @@ var instance = {
       return this._emitMessage(this._message);
 
     if (opcode === this.OPCODES.close) {
-      code   = (payload.length >= 2) ? 256 * payload[0] + payload[1] : null;
+      code   = (payload.length >= 2) ? payload.readUInt16BE(0) : null;
       reason = (payload.length > 2) ? this._encode(payload.slice(2)) : null;
 
       if (!(payload.length === 0) &&
@@ -426,11 +422,12 @@ var instance = {
       if (payload.length > 125 || (payload.length > 2 && !reason))
         code = this.ERRORS.protocol_error;
 
-      this._shutdown(code, reason || '');
+      this._shutdown(code || this.DEFAULT_ERROR_CODE, reason || '');
     }
 
     if (opcode === this.OPCODES.ping) {
       this.frame(payload, 'pong');
+      this.emit('ping', new Base.PingEvent(payload.toString()))
     }
 
     if (opcode === this.OPCODES.pong) {
@@ -440,6 +437,8 @@ var instance = {
 
       delete callbacks[message];
       if (callback) callback()
+
+      this.emit('pong', new Base.PongEvent(payload.toString()))
     }
   },
 
@@ -470,11 +469,11 @@ var instance = {
     return buffer.toString('utf8', 0, buffer.length);
   },
 
-  _getInteger: function(bytes) {
-    var number = 0;
-    for (var i = 0, n = bytes.length; i < n; i++)
-      number += bytes[i] * this.TWO_POWERS[n - 1 - i];
-    return number;
+  _readUInt: function(buffer) {
+    if (buffer.length === 2) return buffer.readUInt16BE(0);
+
+    return buffer.readUInt32BE(0) * 0x100000000 +
+           buffer.readUInt32BE(4);
   }
 };
 

lib/websocket/driver/hybi/message.js

@@ -1,26 +1,19 @@
 'use strict';
 
+var Buffer = require('safe-buffer').Buffer;
+
 var Message = function() {
   this.rsv1    = false;
   this.rsv2    = false;
   this.rsv3    = false;
-  this.opcode  = null
+  this.opcode  = null;
   this.length  = 0;
   this._chunks = [];
 };
 
 var instance = {
   read: function() {
-    if (this.data) return this.data;
-
-    this.data  = new Buffer(this.length);
-    var offset = 0;
-
-    for (var i = 0, n = this._chunks.length; i < n; i++) {
-      this._chunks[i].copy(this.data, offset);
-      offset += this._chunks[i].length;
-    }
-    return this.data;
+    return this.data = this.data || Buffer.concat(this._chunks, this.length);
   },
 
   pushFrame: function(frame) {

lib/websocket/driver/proxy.js

@@ -1,6 +1,7 @@
 'use strict';
 
-var Stream     = require('stream').Stream,
+var Buffer     = require('safe-buffer').Buffer,
+    Stream     = require('stream').Stream,
     url        = require('url'),
     util       = require('util'),
     Base       = require('./base'),
@@ -25,7 +26,7 @@ var Proxy = function(client, origin, options) {
   this._headers.set('Connection', 'keep-alive');
   this._headers.set('Proxy-Connection', 'keep-alive');
 
-  var auth = this._url.auth && new Buffer(this._url.auth, 'utf8').toString('base64');
+  var auth = this._url.auth && Buffer.from(this._url.auth, 'utf8').toString('base64');
   if (auth) this._headers.set('Proxy-Authorization', 'Basic ' + auth);
 };
 util.inherits(Proxy, Stream);
@@ -47,7 +48,7 @@ var instance = {
 
     var headers = [start, this._headers.toString(), ''];
 
-    this.emit('data', new Buffer(headers.join('\r\n'), 'utf8'));
+    this.emit('data', Buffer.from(headers.join('\r\n'), 'utf8'));
     return true;
   },
 

lib/websocket/driver/server.js

@@ -21,10 +21,10 @@ var instance = {
     this.on('error', function() {});
   },
 
-  parse: function(data) {
-    if (this._delegate) return this._delegate.parse(data);
+  parse: function(chunk) {
+    if (this._delegate) return this._delegate.parse(chunk);
 
-    this._http.parse(data);
+    this._http.parse(chunk);
     if (!this._http.isComplete()) return;
 
     this.method  = this._http.method;
@@ -95,11 +95,15 @@ Server.http = function(request, options) {
   if (options.requireMasking === undefined) options.requireMasking = true;
 
   var headers = request.headers,
+      version = headers['sec-websocket-version'],
+      key     = headers['sec-websocket-key'],
+      key1    = headers['sec-websocket-key1'],
+      key2    = headers['sec-websocket-key2'],
       url     = this.determineUrl(request);
 
-  if (headers['sec-websocket-version'])
+  if (version || key)
     return new Hybi(request, url, options);
-  else if (headers['sec-websocket-key1'])
+  else if (key1 || key2)
     return new Draft76(request, url, options);
   else
     return new Draft75(request, url, options);

lib/websocket/driver/stream_reader.js

@@ -1,5 +1,7 @@
 'use strict';
 
+var Buffer = require('safe-buffer').Buffer;
+
 var StreamReader = function() {
   this._queue     = [];
   this._queueSize = 0;
@@ -8,14 +10,14 @@ var StreamReader = function() {
 
 StreamReader.prototype.put = function(buffer) {
   if (!buffer || buffer.length === 0) return;
-  if (!buffer.copy) buffer = new Buffer(buffer);
+  if (!Buffer.isBuffer(buffer)) buffer = Buffer.from(buffer);
   this._queue.push(buffer);
   this._queueSize += buffer.length;
 };
 
 StreamReader.prototype.read = function(length) {
   if (length > this._queueSize) return null;
-  if (length === 0) return new Buffer(0);
+  if (length === 0) return Buffer.alloc(0);
 
   this._queueSize -= length;
 
@@ -44,7 +46,7 @@ StreamReader.prototype.read = function(length) {
     buffers.push(queue[0].slice(0, remain));
     queue[0] = queue[0].slice(remain);
   }
-  return this._concat(buffers, length);
+  return Buffer.concat(buffers, length);
 };
 
 StreamReader.prototype.eachByte = function(callback, context) {
@@ -64,17 +66,4 @@ StreamReader.prototype.eachByte = function(callback, context) {
   }
 };
 
-StreamReader.prototype._concat = function(buffers, length) {
-  if (Buffer.concat) return Buffer.concat(buffers, length);
-
-  var buffer = new Buffer(length),
-      offset = 0;
-
-  for (var i = 0, n = buffers.length; i < n; i++) {
-    buffers[i].copy(buffer, offset);
-    offset += buffers[i].length;
-  }
-  return buffer;
-};
-
 module.exports = StreamReader;

lib/websocket/http_parser.js

@@ -1,15 +1,16 @@
 'use strict';
 
-var NodeHTTPParser = process.binding('http_parser').HTTPParser,
-    version        = NodeHTTPParser.RESPONSE ? 6 : 4;
+var NodeHTTPParser = require('http-parser-js').HTTPParser,
+    Buffer         = require('safe-buffer').Buffer;
+
+var TYPES = {
+  request:  NodeHTTPParser.REQUEST  || 'request',
+  response: NodeHTTPParser.RESPONSE || 'response'
+};
 
 var HttpParser = function(type) {
-  if (type === 'request')
-    this._parser = new NodeHTTPParser(NodeHTTPParser.REQUEST || 'request');
-  else
-    this._parser = new NodeHTTPParser(NodeHTTPParser.RESPONSE || 'response');
-
   this._type     = type;
+  this._parser   = new NodeHTTPParser(TYPES[type]);
   this._complete = false;
   this.headers   = {};
 
@@ -76,25 +77,59 @@ HttpParser.METHODS = {
   13: 'PROPPATCH',
   14: 'SEARCH',
   15: 'UNLOCK',
-  16: 'REPORT',
-  17: 'MKACTIVITY',
-  18: 'CHECKOUT',
-  19: 'MERGE',
-  24: 'PATCH'
+  16: 'BIND',
+  17: 'REBIND',
+  18: 'UNBIND',
+  19: 'ACL',
+  20: 'REPORT',
+  21: 'MKACTIVITY',
+  22: 'CHECKOUT',
+  23: 'MERGE',
+  24: 'M-SEARCH',
+  25: 'NOTIFY',
+  26: 'SUBSCRIBE',
+  27: 'UNSUBSCRIBE',
+  28: 'PATCH',
+  29: 'PURGE',
+  30: 'MKCALENDAR',
+  31: 'LINK',
+  32: 'UNLINK'
 };
 
+var VERSION = (process.version || '')
+              .match(/[0-9]+/g)
+              .map(function(n) { return parseInt(n, 10) });
+
+if (VERSION[0] === 0 && VERSION[1] === 12) {
+  HttpParser.METHODS[16] = 'REPORT';
+  HttpParser.METHODS[17] = 'MKACTIVITY';
+  HttpParser.METHODS[18] = 'CHECKOUT';
+  HttpParser.METHODS[19] = 'MERGE';
+  HttpParser.METHODS[20] = 'M-SEARCH';
+  HttpParser.METHODS[21] = 'NOTIFY';
+  HttpParser.METHODS[22] = 'SUBSCRIBE';
+  HttpParser.METHODS[23] = 'UNSUBSCRIBE';
+  HttpParser.METHODS[24] = 'PATCH';
+  HttpParser.METHODS[25] = 'PURGE';
+}
+
 HttpParser.prototype.isComplete = function() {
   return this._complete;
 };
 
-HttpParser.prototype.parse = function(data) {
-  var offset   = (version < 6) ? 1 : 0,
-      consumed = this._parser.execute(data, 0, data.length) + offset;
+HttpParser.prototype.parse = function(chunk) {
+  var consumed = this._parser.execute(chunk, 0, chunk.length);
+
+  if (typeof consumed !== 'number') {
+    this.error     = consumed;
+    this._complete = true;
+    return;
+  }
 
   if (this._complete)
-    this.body = (consumed < data.length)
-              ? data.slice(consumed)
-              : new Buffer(0);
+    this.body = (consumed < chunk.length)
+              ? chunk.slice(consumed)
+              : Buffer.alloc(0);
 };
 
 module.exports = HttpParser;

package.json

@@ -1,21 +1,35 @@
-{ "name"            : "websocket-driver"
-, "description"     : "WebSocket protocol handler with pluggable I/O"
-, "homepage"        : "http://github.com/faye/websocket-driver-node"
-, "author"          : "James Coglan <jcoglan@gmail.com> (http://jcoglan.com/)"
-, "keywords"        : ["websocket"]
-, "license"         : "MIT"
-
-, "version"         : "0.6.0"
-, "engines"         : {"node": ">=0.6.0"}
-, "main"            : "./lib/websocket/driver"
-, "dependencies"    : {"websocket-extensions": ">=0.1.1"}
-, "devDependencies" : {"jstest": "", "permessage-deflate": ""}
-
-, "scripts"         : {"test": "jstest spec/runner.js"}
-
-, "repository"      : { "type"  : "git"
-                      , "url"   : "git://github.com/faye/websocket-driver-node.git"
-                      }
-
-, "bugs"            : "http://github.com/faye/websocket-driver-node/issues"
+{
+          "name": "websocket-driver",
+          "description": "WebSocket protocol handler with pluggable I/O",
+          "homepage": "https://github.com/faye/websocket-driver-node",
+          "author": "James Coglan <jcoglan@gmail.com> (http://jcoglan.com/)",
+          "keywords": [
+                    "websocket"
+          ],
+          "license": "Apache-2.0",
+          "version": "0.7.1",
+          "engines": {
+                    "node": ">=0.8.0"
+          },
+          "files": [
+                    "lib"
+          ],
+          "main": "./lib/websocket/driver",
+          "dependencies": {
+                    "http-parser-js": ">=0.4.0",
+                    "safe-buffer": ">=5.1.1",
+                    "websocket-extensions": ">=0.1.1"
+          },
+          "devDependencies": {
+                    "jstest": "*",
+                    "permessage-deflate": "*"
+          },
+          "scripts": {
+                    "test": "jstest spec/runner.js"
+          },
+          "repository": {
+                    "type": "git",
+                    "url": "git://github.com/faye/websocket-driver-node.git"
+          },
+          "bugs": "https://github.com/faye/websocket-driver-node/issues"
 }

spec/runner.js

@@ -1,11 +1,10 @@
-var test   = require('jstest').Test,
+var Buffer = require('safe-buffer').Buffer,
+    test   = require('jstest').Test,
     Stream = require('stream').Stream,
     util   = require('util')
 
 var BufferMatcher = function(data) {
-  this._data = (typeof data === 'string')
-             ? new Buffer(data, 'utf8')
-             : new Buffer(data)
+  this._data = Buffer.from(data)
 }
 BufferMatcher.prototype.equals = function(other) {
   if (this._data.length !== other.length) return false;

spec/websocket/driver/client_spec.js

@@ -1,4 +1,5 @@
 var Client = require("../../../lib/websocket/driver/client"),
+    Buffer = require('safe-buffer').Buffer,
     test   = require('jstest').Test
 
 test.describe("Client", function() { with(this) {
@@ -109,6 +110,16 @@ test.describe("Client", function() { with(this) {
         }})
       }})
 
+      describe("with an invalid URL", function() { with(this) {
+        define("url", function() { return "stream.wikimedia.org/rc" })
+
+        it("throws an error", function() { with(this) {
+          var message
+          try { driver() } catch (e) { message = e.message }
+          assertEqual( "stream.wikimedia.org/rc is not a valid WebSocket URL", message )
+        }})
+      }})
+
       describe("with custom headers", function() { with(this) {
         before(function() { with(this) {
           driver().setHeader("User-Agent", "Chrome")
@@ -180,21 +191,21 @@ test.describe("Client", function() { with(this) {
 
       it("returns true when the response is written", function() { with(this) {
         // this prevents downstream connections suddenly closing for no reason
-        assertEqual( true, proxy.write(new Buffer("HTTP/1.1 200 OK\r\n\r\n")) )
+        assertEqual( true, proxy.write(Buffer.from("HTTP/1.1 200 OK\r\n\r\n")) )
       }})
 
       it("emits a 'connect' event when the proxy connects", function() { with(this) {
         expect(proxy, "emit").given("connect", anything())
         expect(proxy, "emit").given("close")
         expect(proxy, "emit").given("end")
-        proxy.write(new Buffer("HTTP/1.1 200 OK\r\n\r\n"))
+        proxy.write(Buffer.from("HTTP/1.1 200 OK\r\n\r\n"))
       }})
 
       it("emits an 'error' event if the proxy does not connect", function() { with(this) {
         expect(proxy, "emit").given("error", objectIncluding({message: "Can't establish a connection to the server at ws://www.example.com/socket"}))
         expect(proxy, "emit").given("close")
         expect(proxy, "emit").given("end")
-        proxy.write(new Buffer("HTTP/1.1 403 Forbidden\r\n\r\n"))
+        proxy.write(Buffer.from("HTTP/1.1 403 Forbidden\r\n\r\n"))
       }})
     }})
   }})
@@ -203,7 +214,7 @@ test.describe("Client", function() { with(this) {
     before(function() { this.driver().start() })
 
     describe("with a valid response", function() { with(this) {
-      before(function() { this.driver().parse(new Buffer(this.response())) })
+      before(function() { this.driver().parse(Buffer.from(this.response())) })
 
       it("changes the state to open", function() { with(this) {
         assertEqual( true, open )
@@ -222,9 +233,9 @@ test.describe("Client", function() { with(this) {
 
     describe("with a valid response followed by a frame", function() { with(this) {
       before(function() { with(this) {
-        var resp = new Buffer(response().length + 4)
-        new Buffer(response()).copy(resp)
-        new Buffer([0x81, 0x02, 72, 105]).copy(resp, resp.length - 4)
+        var resp = Buffer.alloc(response().length + 4)
+        Buffer.from(response()).copy(resp)
+        Buffer.from([0x81, 0x02, 72, 105]).copy(resp, resp.length - 4)
         driver().parse(resp)
       }})
 
@@ -242,13 +253,13 @@ test.describe("Client", function() { with(this) {
     describe("with a bad status line", function() { with(this) {
       before(function() {
         var resp = this.response().replace(/101/g, "4")
-        this.driver().parse(new Buffer(resp))
+        this.driver().parse(Buffer.from(resp))
       })
 
       it("changes the state to closed", function() { with(this) {
         assertEqual( false, open )
-        assertEqual( "Error during WebSocket handshake: Unexpected response code: 4", error.message )
-        assertEqual( [1002, "Error during WebSocket handshake: Unexpected response code: 4"], close )
+        assertEqual( "Error during WebSocket handshake: Parse Error", error.message )
+        assertEqual( [1002, "Error during WebSocket handshake: Parse Error"], close )
         assertEqual( "closed", driver().getState() )
       }})
     }})
@@ -256,7 +267,7 @@ test.describe("Client", function() { with(this) {
     describe("with a bad Upgrade header", function() { with(this) {
       before(function() {
         var resp = this.response().replace(/websocket/g, "wrong")
-        this.driver().parse(new Buffer(resp))
+        this.driver().parse(Buffer.from(resp))
       })
 
       it("changes the state to closed", function() { with(this) {
@@ -270,7 +281,7 @@ test.describe("Client", function() { with(this) {
     describe("with a bad Accept header", function() { with(this) {
       before(function() {
         var resp = this.response().replace(/QV3/g, "wrong")
-        this.driver().parse(new Buffer(resp))
+        this.driver().parse(Buffer.from(resp))
       })
 
       it("changes the state to closed", function() { with(this) {
@@ -286,7 +297,7 @@ test.describe("Client", function() { with(this) {
 
       before(function() {
         var resp = this.response().replace(/\r\n\r\n/, "\r\nSec-WebSocket-Protocol: xmpp\r\n\r\n")
-        this.driver().parse(new Buffer(resp))
+        this.driver().parse(Buffer.from(resp))
       })
 
       it("changs the state to open", function() { with(this) {
@@ -305,7 +316,7 @@ test.describe("Client", function() { with(this) {
 
       before(function() {
         var resp = this.response().replace(/\r\n\r\n/, "\r\nSec-WebSocket-Protocol: irc\r\n\r\n")
-        this.driver().parse(new Buffer(resp))
+        this.driver().parse(Buffer.from(resp))
       })
 
       it("changs the state to closed", function() { with(this) {

spec/websocket/driver/draft75_examples.js

@@ -77,6 +77,11 @@ test.describe("draft-75", function() { with(this) {
           assertEqual( [0x00, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x3d, 0x20, 0xef, 0xa3, 0xbf, 0xff], collector().bytes )
         }})
 
+        it("converts numbers to strings", function() { with(this) {
+          driver().frame(50)
+          assertEqual( [0x00, 0x35, 0x30, 0xff], collector().bytes )
+        }})
+
         it("returns true", function() { with(this) {
           assertEqual( true, driver().frame("lol") )
         }})

spec/websocket/driver/draft75_spec.js

@@ -4,6 +4,7 @@ var Draft75 = require("../../../lib/websocket/driver/draft75"),
 test.describe("Draft75", function() { with(this) {
   define("request", function() {
     return this._request = this._request || {
+      method: "GET",
       headers: {
         "connection": "Upgrade",
         "upgrade":    "WebSocket",

spec/websocket/driver/draft76_spec.js

@@ -1,8 +1,9 @@
 var Draft76 = require("../../../lib/websocket/driver/draft76"),
+    Buffer  = require('safe-buffer').Buffer,
     test    = require('jstest').Test
 
 test.describe("Draft76", function() { with(this) {
-  BODY = new Buffer([0x91, 0x25, 0x3e, 0xd3, 0xa9, 0xe7, 0x6a, 0x88])
+  BODY = Buffer.from([0x91, 0x25, 0x3e, 0xd3, 0xa9, 0xe7, 0x6a, 0x88])
 
   define("body", function() {
     return BODY
@@ -14,6 +15,7 @@ test.describe("Draft76", function() { with(this) {
 
   define("request", function() {
     return this._request = this._request || {
+      method: "GET",
       headers: {
         "connection":         "Upgrade",
         "upgrade":            "WebSocket",
@@ -34,6 +36,7 @@ test.describe("Draft76", function() { with(this) {
     var self = this
     this._driver.on('open',    function(e) { self.open = true })
     this._driver.on('message', function(e) { self.message += e.data })
+    this._driver.on('error',   function(e) { self.error = e })
     this._driver.on('close',   function(e) { self.close = true })
     this._driver.io.pipe(this.collector())
     this._driver.io.write(this.body())
@@ -81,6 +84,42 @@ test.describe("Draft76", function() { with(this) {
         driver().start()
         assertEqual( "hixie-76", driver().version )
       }})
+
+      describe("with an invalid key header", function() { with(this) {
+        before(function() { with(this) {
+          request().headers["sec-websocket-key1"] = "2 L785 8o% s9Sy9@V. 4<1P5"
+        }})
+
+        it("writes a handshake error response", function() { with(this) {
+          expect(driver().io, "emit").given("data", buffer(
+              "HTTP/1.1 400 Bad Request\r\n" +
+              "Content-Type: text/plain\r\n" +
+              "Content-Length: 45\r\n" +
+              "\r\n" +
+              "Client sent invalid Sec-WebSocket-Key headers"))
+          driver().start()
+        }})
+
+        it("does not trigger the onopen event", function() { with(this) {
+          driver().start()
+          assertEqual( false, open )
+        }})
+
+        it("triggers the onerror event", function() { with(this) {
+          driver().start()
+          assertEqual( "Client sent invalid Sec-WebSocket-Key headers", error.message )
+        }})
+
+        it("triggers the onclose event", function() { with(this) {
+          driver().start()
+          assertEqual( true, close )
+        }})
+
+        it("changes the state to closed", function() { with(this) {
+          driver().start()
+          assertEqual( "closed", driver().getState()  )
+        }})
+      }})
     }})
 
     describe("frame", function() { with(this) {
@@ -111,7 +150,7 @@ test.describe("Draft76", function() { with(this) {
 
     describe("with no request body", function() { with(this) {
       define("body", function() {
-        return new Buffer([])
+        return Buffer.alloc(0)
       })
 
       it("writes the handshake response with no body", function() { with(this) {

spec/websocket/driver/hybi_spec.js

@@ -4,6 +4,7 @@ var Hybi = require("../../../lib/websocket/driver/hybi"),
 test.describe("Hybi", function() { with(this) {
   define("request", function() {
     return this._request = this._request || {
+      method: "GET",
       headers: {
         "connection":             "Upgrade",
         "upgrade":                "websocket",
@@ -84,8 +85,13 @@ test.describe("Hybi", function() { with(this) {
           request().headers["sec-websocket-extensions"] = "x-webkit- -frame"
         }})
 
-        it("does not write a handshake", function() { with(this) {
-          expect(driver().io, "emit").exactly(0)
+        it("writes a handshake error response", function() { with(this) {
+          expect(driver().io, "emit").given("data", buffer(
+              "HTTP/1.1 400 Bad Request\r\n" +
+              "Content-Type: text/plain\r\n" +
+              "Content-Length: 57\r\n" +
+              "\r\n" +
+              "Invalid Sec-WebSocket-Extensions header: x-webkit- -frame"))
           driver().start()
         }})
 
@@ -115,13 +121,13 @@ test.describe("Hybi", function() { with(this) {
           driver().setHeader("Authorization", "Bearer WAT")
         }})
 
-        it("writes the handshake with Sec-WebSocket-Protocol", function() { with(this) {
+        it("writes the handshake with the custom headers", function() { with(this) {
           expect(driver().io, "emit").given("data", buffer(
               "HTTP/1.1 101 Switching Protocols\r\n" +
+              "Authorization: Bearer WAT\r\n" +
               "Upgrade: websocket\r\n" +
               "Connection: Upgrade\r\n" +
               "Sec-WebSocket-Accept: JdiiuafpBKRqD7eol0y4vJDTsTs=\r\n" +
-              "Authorization: Bearer WAT\r\n" +
               "\r\n"))
           driver().start()
         }})
@@ -386,6 +392,17 @@ test.describe("Hybi", function() { with(this) {
         assertEqual( [0x8a, 0x04, 0x4f, 0x48, 0x41, 0x49], collector().bytes )
       }})
 
+      it("triggers the onping event when a ping arrives", function() { with(this) {
+        var ping, pong
+        driver().on("ping", function(event) { ping = event })
+        driver().on("pong", function(event) { pong = event })
+
+        driver().parse([0x89, 0x04, 0x4f, 0x48, 0x41, 0x49])
+
+        assertEqual( "OHAI", ping.data )
+        assertEqual( undefined, pong )
+      }})
+
       describe("when a message listener throws an error", function() { with(this) {
         before(function() { with(this) {
           this.messages = []
@@ -420,6 +437,11 @@ test.describe("Hybi", function() { with(this) {
         assertEqual( [0x82, 0x03, 0x48, 0x65, 0x6c], collector().bytes )
       }})
 
+      it("converts numbers to strings", function() { with(this) {
+        driver().frame(50)
+        assertEqual( [0x81, 0x02, 0x35, 0x30], collector().bytes )
+      }})
+
       it("encodes multibyte characters correctly", function() { with(this) {
         driver().frame("Apple = ")
         assertEqual( [0x81, 0x0b, 0x41, 0x70, 0x70, 0x6c, 0x65, 0x20, 0x3d, 0x20, 0xef, 0xa3, 0xbf], collector().bytes )
@@ -452,6 +474,11 @@ test.describe("Hybi", function() { with(this) {
         assertEqual( [0x89, 0x09, 0x6d, 0x69, 0x63, 0x20, 0x63, 0x68, 0x65, 0x63, 0x6b], collector().bytes )
       }})
 
+      it("converts numbers to strings", function() { with(this) {
+        driver().ping(50)
+        assertEqual( [0x89, 0x02, 0x35, 0x30], collector().bytes )
+      }})
+
       it("returns true", function() { with(this) {
         assertEqual( true, driver().ping() )
       }})
@@ -463,6 +490,17 @@ test.describe("Hybi", function() { with(this) {
         assert( reply )
       }})
 
+      it("triggers the onpong event when a pong arrives", function() { with(this) {
+        var ping, pong
+        driver().on("ping", function(event) { ping = event })
+        driver().on("pong", function(event) { pong = event })
+
+        driver().parse([0x8a, 0x02, 72, 105])
+
+        assertEqual( undefined, ping )
+        assertEqual( "Hi", pong.data )
+      }})
+
       it("does not run the callback on non-matching pong", function() { with(this) {
         var reply = null
         driver().ping("Hi", function() { reply = true })
@@ -595,6 +633,34 @@ test.describe("Hybi", function() { with(this) {
         this.driver().parse([0x88, 0x04, 0x03, 0xe9, 0x4f, 0x4b])
       }})
     }})
+
+    describe("receiving a close frame with a too-short payload", function() { with(this) {
+      before(function() {
+        this.driver().parse([0x88, 0x01, 0x03])
+      })
+
+      it("triggers the onclose event with a protocol error", function() { with(this) {
+        assertEqual( [1002, ""], close )
+      }})
+
+      it("changes the state to closed", function() { with(this) {
+        assertEqual( "closed", driver().getState() )
+      }})
+    }})
+
+    describe("receiving a close frame with no code", function() { with(this) {
+      before(function() { with(this) {
+        this.driver().parse([0x88, 0x00])
+      }})
+
+      it("triggers the onclose event with code 1000", function() { with(this) {
+        assertEqual( [1000, ""], close )
+      }})
+
+      it("changes the state to closed", function() { with(this) {
+        assertEqual( "closed", driver().getState() )
+      }})
+    }})
   }})
 
   describe("in the closed state", function() { with(this) {