Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/akashrchandran/spotify-lyrics-api
A Rest API for fetching lyrics from Spotify which is powered by Musixmatch. Commandline version is available akashrchandran/syrics.
[!WARNING] This project is probably against Spotify TOS. Use at your own risks.
[!NOTE] Changed this project into a template repository, deploy your own version. If you need help, don't hesitate to open an issue.
composer require akashrchandran/spotify-lyrics-api
For now it only supports track id or link.
You have to use query paramters to send data
Available Parameters:
Parameter | Default value | Type | Description |
---|---|---|---|
trackid | None | String | The trackid from spotify. |
url | None | String | The url of the track from spotify. |
format | "id3" | String | The format of lyrics required. It has 2 options either id3 or lrc . |
You must specify either trackid or url, otherwise it will retuen error.
Using trackid
http://localhost:8080/?trackid=5f8eCNwTlr0RJopE9vQ6mB
Using url
http://localhost:8080/?url=https://open.spotify.com/track/5f8eCNwTlr0RJopE9vQ6mB?autoplay=true
response:
{
"error": false,
"syncType": "LINE_SYNCED",
"lines": [
{
"startTimeMs": "960",
"words": "One, two, three, four",
"syllables": [],
"endTimeMs": "0"
},
{
"startTimeMs": "4020",
"words": "Ooh-ooh, ooh-ooh-ooh",
"syllables": [],
"endTimeMs": "0"
}
]
}
Changing format to lrc
http://localhost:8080/?trackid=5f8eCNwTlr0RJopE9vQ6mB&format=lrc
response:
{
"error": false,
"syncType": "LINE_SYNCED",
"lines": [
{
"timeTag": "00:00.96",
"words": "One, two, three, four"
},
{
"timeTag": "00:04.02",
"words": "Ooh-ooh, ooh-ooh-ooh"
}
]
}
Different Responses given out by the API, are listed here.
If any error occurs the value of the error key will be set to true
else false
"error": false //no error occured
Most of the lyrics are time synced or have timetags and some aren't time synced or have timetags. To differentiate between synced and unsynced we have key syncType
.
"syncType": "LINE_SYNCED"
Musixmatch supports Line synced and Word synced type of timed lyrics. Line Synced is the timetag is given till which the line is sang and the word synced lyrics time specifed when the word comes up in the song. For now Spotify only supports line synced. Maybe they would support word synced in the future :/.
LINE Synced
{
"error": false,
"syncType": "LINE_SYNCED",
"lines": [
{
"timeTag": "00:00.96",
"words": "One, two, three, four"
},
{
"timeTag": "00:04.02",
"words": "Ooh-ooh, ooh-ooh-ooh"
}
]
}
NOT Synced or Unsynced
Note the
timeTags
is set to00:00.00
.
{
"error": false,
"syncType": "UNSYNCED",
"lines": [
{
"timeTag": "00:00.00",
"words": "jaane nahin denge tuje"
},
{
"timeTag": "00:00.00",
"words": "chaahe tujh ko rab bulaa le, hum naa rab se darane waale"
}
]
}
When trackid and url both are not given (400 Bad Request)
error response:
{
"error": true,
"message": "url or trackid parameter is required!"
}
When no lyrics found on spotify for given track (404 Not Found)
error response:
{
"error": true,
"message": "lyrics for this track is not available on spotify!"
}
Install using
composer require akashrchandran/spotify-lyrics-api
.
Include the package's autoloader file in your PHP code and call class Spotify()
.
<?php
require('./vendor/autoload.php');
$spotify = new SpotifyLyricsApi\Spotify("SP_DC here");
$spotify->checkTokenExpire();
$reponse = $spotify -> getLyrics(track_id: "1418IuVKQPTYqt7QNJ9RXN");
?>
Want to host your own version of this API, But first you need SP_DC cookie from spotify
Finding SP_DC
You will find the detailed guide here.
Heroku
Vercel
Run locally
use git to clone the repo to your local machine or you can download the latest zip file and extract it.
You need to have PHP installed on you machine to run this program.
Enter into the folder via terminal
cd spotify-lyrics-api
Set SP_DC token as environment variable temprorily
export SP_DC=[token here and remove the square brackets]
Start the server
php -S localhost:8000 api/index.php
now open your browser and type localhost:8080
and you should see the program running.
• Me -> For everything.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.