@iobroker/adapter-core

If you're building ioBroker adapters, this is essentially your only choice—but fortunately, it's a well-designed one. The package provides a clean abstraction layer over the js-controller, with excellent TypeScript definitions that make state management and object creation straightforward. The adapter class structure is intuitive once you understand the lifecycle hooks (onReady, onStateChange, onUnload).

The documentation is decent but assumes familiarity with ioBroker concepts. You'll spend time cross-referencing the ioBroker developer docs and existing adapters to understand patterns like properly setting up state subscriptions or handling connection states. Error messages are generally helpful, though debugging can be tricky when issues stem from the underlying js-controller rather than your code.

Day-to-day usage is smooth after the initial learning curve. The API for creating states, subscribing to changes, and managing objects is consistent. Community support primarily lives in the ioBroker forum rather than Stack Overflow, which can be a mixed bag—responses are helpful but sometimes slow. GitHub issues on the core module are well-maintained by AlCalzone.

Working with @iobroker/adapter-core daily reveals a well-designed abstraction layer that genuinely simplifies ioBroker adapter development. The TypeScript definitions are comprehensive and accurate, making IDE autocompletion reliably helpful. The adapter class provides intuitive methods like `setState()`, `getState()`, and `subscribeStates()` that feel natural after minimal learning curve.

The documentation is thorough with practical examples covering common patterns like object creation, state management, and lifecycle hooks. Error messages are generally informative, though some cryptic controller-level errors occasionally bubble up unchanged. The migration path between versions has been smooth in my experience, with deprecation warnings providing adequate notice.

One pain point is the steep initial learning curve understanding ioBroker's object/state model, though this is more about the platform than the library itself. The package does a good job abstracting js-controller complexity, but you'll still need to grasp ioBroker concepts. Overall, it delivers what it promises: a stable, type-safe bridge to js-controller that gets out of your way.

This package serves as the bridge between ioBroker adapters and the js-controller, providing essential lifecycle management and state handling. In day-to-day use, it abstracts away much of the boilerplate needed for adapter development. However, from a security perspective, there are concerning patterns.

Input validation is largely left to the adapter developer—the core doesn't enforce sanitization of state values, object IDs, or configuration parameters. Error messages can leak internal paths and implementation details without clear guidance on production-safe error handling. The authentication/authorization model is delegated entirely to js-controller, which means you're trusting the upstream security posture without defense-in-depth.

The library doesn't follow secure-by-default principles. TLS configuration for external connections must be manually hardened, and there's no built-in protection against common injection vectors. Dependency updates have been reasonably timely, but the surface area for supply chain risk is significant given the ioBroker ecosystem's complexity. Workable for hobby projects, but requires careful hardening for anything security-sensitive.