SocketIO Migration or removal

[JimmyTournemaine]

Is your feature request related to a problem? Please describe.

From Migrating from 2.x to 3.0 :

This release should fix most of the inconsistencies of the Socket.IO library and provide a more intuitive behavior for the end users.

Describe the solution you'd like

SocketIO should be migrated to SocketIO 3 or be replaced by a plain WebSocket API.

Describe alternatives you've considered An alternative will be to replace SocketIO by fully WebSocket API. From SocketIO developers in the SocketIO 3 release blog post:

Why Socket.IO in 2020? That’s an excellent question actually. Depending on your use case, it might make sense to use plain WebSocket directly:

• client: MDN, Can I use?
• server: ws or eiows in the Node.JS ecosystem What Socket.IO brings:
• a fallback to HTTP long-polling, in case the WebSocket connection cannot be established To be honest, this feature was awesome 10 years ago, when most browsers didn’t support WebSocket, but this is not the case anymore. That’s still a great safety net though.
• auto-reconnection Using plain WebSocket, you can take a look at robust-websocket.
• a classic request-response API: acknowledgements
• a way to broadcast data to a given set of clients: Rooms
• a way to split your application logic into distinct modules (for more complex applications): Namespaces
• an ecosystem of compatible clients in other languages

[JimmyTournemaine]

yarn audit report issues for 2.X versions. HTTPS is not used in the demo project but it still an enormous vulnerability.

critical	Improper Verification of Cryptographic Signature
Package	xmlhttprequest-ssl
Patched in	>=1.6.1
Dependency of	socket.io-client
Path	socket.io-client > engine.io-client > xmlhttprequest-ssl
More info	https://www.npmjs.com/advisories/1746