Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/andersfylling/disgord
Go module with context support that handles some of the difficulties from interacting with Discord's bot interface for you; websocket sharding, auto-scaling of websocket connections, advanced caching (cache replacement strategies to restrict memory usage), helper functions, middlewares and lifetime controllers for event handlers, etc.
This package is intented to be used with the gateway to keep the cache up to date. You should treat data as read only, since they simply represent the discord state. To change the discord state you can use the REST methods and the gateway commands, which will eventually update your local state as well.
If you want a more lightweight experience you can disable/reject events that you do not need or want to keep track of. Be careful as this might break certain things.
You must explicitly set intents if you want certain gateway events.
client := disgord.New(disgord.Config{
Intents: disgord.IntentDirectMessages | disgord.IntentDirectMessageReactions,
})
client := disgord.New(disgord.Config{
Intents: disgord.AllIntents(),
})
This project uses Go Modules for dealing with dependencies, remember to activate module support in your IDE
Examples can be found in examples and some open source projects Disgord projects in the wiki
I highly suggest reading the Discord API documentation and the Disgord go doc.
Simply use this github template to create your first new bot!
In short Disgord uses the builder pattern by respecting resources
The Client
or Session
holds are the relevant methods for interacting with Discord. The API is split by resource, such that Guild related information is found in Client.Guild(guild_id)
, while user related info is found in Client.User(user_id)
, gateway interaction is found in Client.Gateway()
, the same for Channel, CurrentUser, Emoji, AuditLog, etc.
Cancellation is supported by calling .WithContext(context.Context
before the final REST call (.Get(), .Update(), etc.).
every event goes through the cache layer!
For Events, Disgord uses the reactor pattern. This supports both channels and functions. You chose your preference.
If the request is a standard GET request, the cache is always checked first to reduce delay, network traffic and load on the Discord servers. And on responses, regardless of the http method, the data is copied into the cache.
// bypasses local cache
client.CurrentUser().Get(disgord.IgnoreCache)
client.Guild(guildID).GetMembers(disgord.IgnoreCache)
// always checks the local cache first
client.CurrentUser().Get()
client.Guild(guildID).GetMembers()
// with cancellation
deadline, _ := context.WithDeadline(context.Background(), time.Now().Add(2*time.Second))
client.CurrentUser().WithContext(deadline).Get()
Whenever you want the bot to join a voice channel, a websocket and UDP connection is established. So if your bot is currently in 5 voice channels, then you have 5 websocket connections and 5 udp connections open to handle the voice traffic.
The cache tries to represent the Discord state as accurate as it can. Because of this, the cache is immutable by default. Meaning the does not allow you to reference any cached objects directly, and every incoming and outgoing data of the cache is deep copied.
Please see the CONTRIBUTING.md file (Note that it can be useful to read this regardless if you have the time)
You can contribute with pull requests, issues, wiki updates and helping out in the discord servers mentioned above.
To notify about bugs or suggesting enhancements, simply create a issue. The more the better. But be detailed enough that it can be reproduced and please provide logs.
To contribute with code, always create an issue before you open a pull request. This allows automating change logs and releases.
Remember to have stringer installed to run go generate:
go get -u golang.org/x/tools/cmd/stringer
A Special thanks to the following companies for sponsoring this project!
NOTE: To see more examples go to the examples folder. See the GoDoc for a in-depth introduction on the various topics.
1. How do I find my bot token and/or add my bot to a server?
Tutorial here: https://github.com/andersfylling/disgord/wiki/Get-bot-token-and-add-it-to-a-server
2. Is there an alternative Go package?
Yes, it's called DiscordGo (https://github.com/bwmarrin/discordgo). Its purpose is to provide a
minimalistic API wrapper for Discord, it does not handle multiple websocket sharding, scaling, etc.
behind the scenes such as Disgord does. Currently I do not have a comparison chart of Disgord and
DiscordGo. But I do want to create one in the future, for now the biggest difference is that
Disgord does not support self bots.
3. Why make another Discord lib in Go?
I'm trying to take over the world and then become a intergalactic war lord. Have to start somewhere.
4. Will Disgord support self bots?
No. Self bots are againts ToS and could result in account termination (see
https://support.discord.com/hc/en-us/articles/115002192352-Automated-user-accounts-self-bots-).
In addition, self bots aren't a part of the official Discord API, meaning support could change at
any time and Disgord could break unexpectedly if this feature were to be added.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.