Skip to content

bropat/eufy-security-ws

Repository files navigation

eufy-security-ws

Caution

🚨🚨🚨 LIBRARY DEPRECATION NOTICE 🚨🚨🚨

⚠️ Eufy is shutting down the legacy APIs this library is built on. ⚠️

Eufy is in the middle of a large migration of their ecosystem. The newer Eufy Mega platform (the "5-in-1" app, covering Security / Clean / Lights / Care) is gradually becoming the only supported backend, and Eufy has already started removing access to the legacy APIs this library was originally built on. Until recently both worked in parallel — that is no longer guaranteed.

🔔 What this means for you:

  • 🟢 A recent PR restores push notifications against the new v6 ("eufy_mega") backend, so push works again for now. This is a short-term stopgap.
  • 🟡 Other functionality that still depends on legacy endpoints may stop working without warning as Eufy continues the rollout. The current Eufy app no longer uses the legacy API at all.
  • 🔴 Once the legacy API is fully shut down, this library will stop functioning — no amount of patching here will change that.

🚧 What's next:

A new integration built around Eufy Mega is in active development (auto-discovery, less battery drain for P2P), designed from the ground up rather than bolted onto the Security-only structure, and coordinated across the Home Assistant, Homebridge and Homey communities so the new library works for everyone.

👉 Treat this release as a temporary stopgap. 👈

This notice will be updated as the migration progresses.

Logo

node NPM version Downloads Total Downloads Dependency Status Known Vulnerabilities

NPM

Small server wrapper around eufy-security-client library to access it via a WebSocket.

Join us on Discord:

The development of this server was inspired by the following project:

Credits go to them as well.

If you appreciate my work and progress and want to support me, you can do it here:

ko-fi Donate

This project is not affiliated with Anker and Eufy (Eufy Security). It is a personal project that is maintained in spare time.

Get started

To try it out or for more information, such as API documentation, Docker image, etc., please see here.

Deployment

Instructions aimed at maintainers for deploying a new version: Deployment

RSA_PKCS1_PADDING / CVE-2023-46809

The Eufy cloud handshake requires RSA_PKCS1_PADDING, which Node.js restricted as part of the Marvin attack fix (CVE-2023-46809). Earlier versions worked around this by launching Node with --security-revert=CVE-2023-46809, but that flag is no longer recognized on Node 24+ and causes Node to abort on startup (Error: Attempt to revert an unknown CVE).

This is now handled by eufy-security-client's embedded (pure-JS) PKCS#1 implementation, which is enabled by default (enableEmbeddedPKCS1Support: true). No Node flag is required and you no longer need to set anything. To opt out, set "enableEmbeddedPKCS1Support": false in your config file.

Changelog

1.9.9 (2026-02-14)

  • Upgrade to eufy-security-client 3.7.0
  • Feature: Add search by date for events @temp-droid in #502
  • Fix: Fixed websocket handle by @temp-droid in #499

About

Small server wrapper around eufy-security-client library to access it via a WebSocket.

Topics

Resources

License

Stars

275 stars

Watchers

13 watching

Forks

Sponsor this project

Packages

 
 
 

Contributors