Just to note that I've scored this with 1 star on Flows and raised 2 critical issues on GitHub.
There is an issue from 2017 that has no response.
It hasn't been updated in years and so the dependencies are MASSIVELY out of date.
It also looks as though this does not provide meaningful security as the token is only checked at socket connection and doesn't provide the token thereafter (because websockets don't support custom headers once the connection has been made). I'm not a code security expert though by any means so please correct me if I'm wrong.
My current recommendation is not to use this node.
I've also given 1 starts to two other related nodes,
- node-red-contrib-websocket which is a duplicate
- node-red-contrib-websocket-gabo which appears to be a fork, also not updated recently
I wouldn't recommend any of them I'm afraid.