PubNub JavaScript SDK docs

Using this in a chrome extension development:

and moving to MV3 which uses ServiceWorkers and not background scripts... I'm running into issues with this library. I was able to get around a "window undefined" issue by setting listenToBrowserNetworkEvents to false, however another problem now is that the library uses superagent which in turn uses XHR. And unfortunately, XHR is not supported by MV3

Workers no longer provide XMLHttpRequest, but instead support the more modern fetch()

So again, any feedback on this would be greatly appreciated.

After upgrading to PubNub v7.2.0 we started getting this warning message about the import cycles.

Require cycles are allowed but can result in uninitialized values. Consider refactoring to remove the need for a cycle.

Screen Shot 2022-09-26 at 11 38 44 AM

We recently attempted to upgrade our version of pubnub but we're blocked by similar issues to the one highlighted by:

In our case, vm2 makes a call to require(coffee-script) and attempts to call readFileSync on a file called bridge.js that it supplies both of which cause our build to fail.

It looks like we should be able to work around it by patching out the dependency on pac-proxy-agent. Basically, I have two questions:

  • under what circumstances would pubnub use pac proxies (if ever)
  • if the pubnub client doesn't use pac proxies, would it be possible for pubnub to patch out it's dependency on pac-proxy-agent since vm2 seems to be causing issues for some users using webpack?

Edit: we're currently on 4.29.7, we've attempted to upgrade to a couple of different versions but any greater version than our current version caused these issues.

1- We are using access manager
2- Uploading image is working
2- While getFileUrl returns 403 as auth query param is missing from the URL


Request URL:
Request Method: GET
Status Code: 403 Forbidden

while other endpoints have an isAuthSupported flag, getFileUrl is not an endpoint and it doesnot have isAuthSupported flag

Desired Solution:
getFileUrl should work with the access manager as other endpoints do example (generate_upload_url)

Is it correct to assume that pubnub maintains typings in the DefinitelyTyped repo?
If so, it would be great to have the version numbers match up.


Perhaps related, or perhaps it's intentionally left out:
interface StatusEvent { is missing the statusCode prop. I was expecting to see it there, to at least log 403s that come through.

When we started using pubnub (v 4.37.x), we started getting could not load bridge.js error.
Issue is described here which is still open #266

bridge.js belongs to vm2, it's used by pubnub -> degenerator -> vm2.
webpack couldn't handle contents of vm2 (bridge.js).

In order to fix this issue, we used pubnub.min.js from pubnub/dist/titanium/pubnub.min.js

Below was the fix added in webpack config:

resolve: {
      extensions: ['.tsx', '.ts', '.js'],
      alias: {
        pubnub: path.resolve(appModulesDir, 'pubnub', 'dist', 'titanium', 'pubnub.min.js')

This temporary fix worked for sometime.
But now we are getting different error "SDKError: Ti is not defined" on below line -

Can someone please suggest what might be causing this problem?

Environment Details:
Node v14.18.3
NPM v6.14.15
Webpack v4.46.0

Expected Behaviour

Calling pubnub.objects.setChannelMembers and pubnub.objects.setChannelMetadata should trigger objects event listener.

Actual Behaviour

The objects event listener is not triggered, regardless if the pubnub.objects.setChannelMembers and pubnub.objects.setChannelMetadata is called by the event listener owner to add himself/herself as a member to a channel, or is called by another user to add the event listener owner a member to a channel.

PubNub client has been failing for us since we upgraded to the latest Webpack, which no longer polyfills nodejs methods.

Screen Shot 2022-09-06 at 9 40 43 PM

The issue here is that this library uses a non standard global Buffer method. There may be a case where this is failing for others who have upgraded to the latest compilers too.

Some thoughts:

  1. Convert to using browser standards for buffers.
  2. If that is not in the timelines, perhaps make the error more graceful, with the library explicitly checking for if Buffer exists. I wouldn't be surprised if other users of PubNub are not aware their client started failing due to a webpack upgrade.

As an aside, are there docs on where/how to handle errors like this? We weren't aware of the issue for months as nothing obvious was erroring within the addListener({message method, and logVerbosity:true did not surface any errors.

Expected Behaviour

Calling pubnub.messageCounts from user1 after receiving a new message from user2 should return a count of 1 in the corresponding channel

Actual Behaviour

When user1 has received a message from user2 for the very first time, messageCounts returns 2 for the newly made channel. All future messages correctly increment messageCounts by 1.

Has anyone else seen this problem before?

Also, how could I begin debugging this if it is a problem on my end?

There is a critical severity vulnerability showing up on snyk dashboard for pubnub, due to superagent. It can be seen here ->

Can we please fix this ?

In this issue - pubnub/react#1 - @are indicates that using subscribeRequestTimeout is an appropriate way to handle this timeout which causes warnings in Android React Native with the default configuration, however this is not in the JS SDK documentation as far as I can see, and isn't in @types/pubnub. I opened a PR with the DefinitelyTyped project here DefinitelyTyped/DefinitelyTyped#60003 , but there is reluctance to add an undocumented option into the library if it's possible that may disappear sometime in the future.

Can you all provide any clarifying comment on whether it's appropriate to add it to the Typescript types?

I can't find an answer to this anywhere.

It's recommended to have a different uuid for each user or device. This uuid is used in the constructor function, when calling new PubNub. This means that on your server there will be a zillion pubnub instances? Should creating these be memoized? Do they persist a connection which needs to be closed?

Consider the following code:

export const sendUserNotification = (userId: string, channel: Channel, message: Notification) => {
  const pubnub = new PubNub({
    publishKey: PUBNUB_PUBLISH_KEY,
    subscribeKey: PUBNUB_SUBSCRIBE_KEY,
    uuid: userId,
  return pubnub.publish({ channel, message });

is it ok to just new one up whenever you need it? Will it be garbage collected when the function closes, or will this create a memory leak?


I'm trying to upgrade to the latest pubnub (4.37.0) in our webpack'ed nodejs app. It installs fine, but at runtime I see the following error which creates a fatal error:

	__webpack_require__("./node_modules/vm2/lib sync recursive"),

SyntaxError: Unexpected string
    at wrapSafe (internal/modules/cjs/loader.js:1033:16)
    at Module._compile (internal/modules/cjs/loader.js:1081:27)
    at Object..js (internal/modules/cjs/loader.js:1155:10)
    at Module.load (internal/modules/cjs/loader.js:982:32)
    at internal/modules/cjs/loader.js:823:14
    at Function._load (electron/js2c/asar_bundle.js:5:12913)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

vm2 appears to be a dependency of a dependency... from pubnub:

bcanzanella@C02FG42AMD6P:~/code/codestream/shared/agent [develop]$ npm list vm2
codestream-lsp-agent@0.0.2 /Users/bcanzanella/code/codestream/shared/agent
└─┬ pubnub@4.37.0
  └─┬ superagent-proxy@3.0.0
    └─┬ proxy-agent@5.0.0
      └─┬ pac-proxy-agent@5.0.0
        └─┬ pac-resolver@5.0.0
          └─┬ degenerator@3.0.1
            └── vm2@3.9.5 

pubnub version 4.33.1 works (which doesn't have a dependency on a dependency on vm2).

I just wanted to see if you had any guidance for how to resolve this? thanks!


I'm trying to follow the documentation for adding channels to a channel group, and even using the exact same code outlined in the docs:

   channels: ["chats.room1", "chats.room2", "alerts.system"],
   channelGroup: "cg_user123"


I get the following error:

text: '{"status": 400, "message": "Reserved character in input parameters.", "service": "channel-registry", "error": true}'`

If I remove the periods and just do ['chatsroom1', 'chatsroom2', 'alertssystem'] then it works just fine. Any reason why this would be erroring out? I'm under the impression that the period in channel names is valid, and even recommended.

Any help is appreciated. Thanks!

Using React : 17.0.1
react-native: 0.64.2
pubNub: 4.32.1
pubNub-react: 2.1.0
Expo SDK: 43

Recently Expo deprecated react-native-unimodules in favor of Expo-Modules. I was working on converting our project but learned that pubNub uses "isomorphic-webCrypto" which has:

"@unimodules/core": "*", 
 "@unimodules/react-native-adapter": "*" 

listed as dependencies.
This installs those two packages making a conversion to Expo-modules impossible due to a "dual symbol" in 12 expo packages due to a conflict between "libExpoModulesCore" and "UMReactNativeAdapter".
I was wondering if you know if there will be a conversion to Expo-Modules anytime soon
Thank you !

❌  duplicate symbol '_EXCanAskAgain' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_EXExpiresKey' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_EXGrantedKey' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_EXPermissionExpiresNever' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_EXStatusKey' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_CLASS_$_EXPermissionsService' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_IVAR_$_EXPermissionsService._moduleRegistry' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_IVAR_$_EXPermissionsService._requesters' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_IVAR_$_EXPermissionsService._requestersByClass' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_METACLASS_$_EXPermissionsService' in
┌─ libExpoModulesCore.a(EXPermissionsService.o)
└─ UMReactNativeAdapter(EXPermissionsService.o)

❌  duplicate symbol '_OBJC_CLASS_$_EXReactNativeUserNotificationCenterProxy' in
┌─ libExpoModulesCore.a(EXReactNativeUserNotificationCenterProxy.o)
└─ UMReactNativeAdapter(EXReactNativeUserNotificationCenterProxy.o)

❌  duplicate symbol '_OBJC_METACLASS_$_EXReactNativeUserNotificationCenterProxy' in
┌─ libExpoModulesCore.a(EXReactNativeUserNotificationCenterProxy.o)
└─ UMReactNativeAdapter(EXReactNativeUserNotificationCenterProxy.o)

❌  ld: 12 duplicate symbols for architecture x86_64

❌  clang: error: linker command failed with exit code 1 (use -v to see invocation)

Edit: Changed the title to be more representative of the bug at hand.

Seeing some interesting behavior differences after upgrading to version 4.34.0.

Services currently enabled on my key:

  • Storage and playback
  • Stream controller
  • Access Manager

Context here is a simple chat application. On message publish, a client receives that message via subscribing to the channel. However, a special situation here is we are subscribed to a channel group.

  • Upon first publish, the client correctly hears a single event, and the handler is called once.
    • Also push a signal to the subscribed channel group. Observe still the handler is called once. (We have attached a channel for this signal onto the channel group).
  • Publish a 2nd message now, and also publish another signal to the subscribed channel group.
  • Observe that the handler is called multiple times.
    • I've seen a varying amount of invocations, sometimes its 4 calls to the handler, sometimes 3, sometimes its just 1.

Affected version: 4.34.0
Unaffected version: 4.33.1

Actual outcome:
Multiple invocations to the handler.

Expected outcome:
A single invocation to the handler.


We noticed that there was an order of magnitude in the size of the build for this project. (6.23 MB) (35.9 MB)

We don't use this project directly but it came in as a transitive dependency. We had to chase down why our build had a dramatic increase between yesterday and today (we deploy to AWS lambda and this size increase pushed our build over the permitted size).

Just wanted to point this out as it might break others too.


This is a request to update the superagent-proxy dependency to version 3.0.0.

The superagent-proxy dependency currently introduces remote code execution vulnerability via superagent-proxy@2.0.0proxy-agent@4.0.1pac-proxy-agent@4.1.0pac-resolver@4.2.0.

superagent-proxy@3.0.0 resolves this vulnerability with an update to proxy-agent@5.0.0: TooTallNate/superagent-proxy@1a5b9f3


I've confirmed that this does not happen in IE 10, but I can reproduce it every time in IE11 (Win 8.1) using both the modern/pubnub.min.js and modern/pubnub.js. Here is the call stack from from the non-minified version.

screen shot 2013-10-31 at 11 08 34 am

On Modern library 3.6.2, when using it while being offline (no internet) the library enters in a loop making failing GET requests, wasting battery and filling browser console of garbage. I think if it gets a failure it should use the Offline API to check if the browser has in fact an internet connection and register an event to when it comes back instead of doing requests in a loop. Also, it would be nice that when it gets offline it would raise an event to notify to the user.