Whats the point of this if the client will have the secret?

[SupertigerDev]

How will this prevent any security issues if the client will still have the secret key?

[laggingreflex]

Yeah, you're right. I didn't think this through. Thanks for pointing this out!

[ifree92]

I will use it for personal purposes where the server and client are nodejs side.
The only thing I need - to prevent its easy interception and that's it.

[LosTigeros]

You can always make a function that'll create a key. It won't be that easy to find it for beginners after minifying.

[probil]

You can enforce https and wss (secured) connection through socket.io-client configuration in order to make data encrypted while going through the wire. I don't see a point of this package either.

[laggingreflex]

If you're already on https you probably don't need this, I agree.

I remember now, my original use case for this was to use in socket-file-sync where the client was also a server (as opposed to a browser environment) so the secret being "leaked" (via public-facing JS file) wasn't really a concern. And this seemed a lot easier than doing server-to-server https (maintaining keys and everything).