Is it possible to opt out of sockjs?

The sockjs code embedded in meteor-sockjs was lifted from 0.3.4 which is now seven years old (from 2012).

It is statically imported and therefore used even when native websockets are available.

There are bugs like this one that flood my apm (monti) error logs with thousands upon thousands of client-side errors.

Sockjs also comes with a lot of handshaking of its own through http calls to /sockjs routes and that worries me from a security perspective. Are these documented?

So I was wondering if there is any reasonable way to NOT load sockjs and all its mechanics and instead just use native webhooks given that modern browsers seem to support them across the board?

There was an attempt to remove the bundled version and only include it when something went wrong with native sockets, but got rolled back due to a bug.
Hasn’t been addressed since, but you could either pin the version without sockJS or make a local copy of the package without SockJS