Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@assistant/conversation
Advanced tools
Actions SDK Node.js Fulfillment Library
This fulfillment library exposes a developer friendly way to fulfill Actions SDK handlers for the Google Assistant.
- Fulfillment Library GitHub repo
- Fulfillment Library reference docs
- Actions on Google docs
- Actions on Google samples
Setup Instructions
Make sure Node.js >=10.18.0 is installed.
Install the library with either npm install @assistant/conversation or yarn add @assistant/conversation if you use yarn.
Example Usage
// Import the appropriate service and chosen wrappers
const {
conversation,
Image,
} = require('@assistant/conversation')
// Create an app instance
const app = conversation()
// Register handlers for Actions SDK
app.handle('<YOUR HANDLER NAME>', conv => {
conv.add('Hi, how is it going?')
conv.add(new Image({
url: 'https://developers.google.com/web/fundamentals/accessibility/semantics-builtin/imgs/160204193356-01-cat-500.jpg',
alt: 'A cat',
}))
})
Frameworks
Export or run for your appropriate framework:
Firebase Functions
const functions = require('firebase-functions')
// ... app code here
exports.fulfillment = functions.https.onRequest(app)
Actions Console Inline Editor
const functions = require('firebase-functions')
// ... app code here
// name has to be `ActionsOnGoogleFulfillment`
exports.ActionsOnGoogleFulfillment = functions.https.onRequest(app)
Self Hosted Express Server
const express = require('express')
const bodyParser = require('body-parser')
// ... app code here
const expressApp = express().use(bodyParser.json())
expressApp.post('/fulfillment', app)
expressApp.listen(3000)
AWS Lambda API Gateway HTTP proxy integration
// ... app code here
exports.fulfillment = app
Next Steps
Take a look at the docs and samples linked at the top to get to know the platform and supported functionalities.
Library Development Instructions
This library uses yarn to run commands. Install yarn using instructions from https://yarnpkg.com/en/docs/install or with npm: npm i -g yarn.
Install the library dependencies with yarn. If you want to run any of the sample apps, follow the instructions in the sample README.
Functionality
Public interfaces, classes, functions, objects, and properties are labeled with the JSDoc @public tag and exported at the top level. Everything that is not labeled @public and exported at the top level is considered internal and may be changed.
References & Issues
- Questions? Go to StackOverflow or Assistant Developer Community on Reddit.
- For bugs, please report an issue on Github.
- Actions on Google Documentation
- Actions on Google Codelabs.
Make Contributions
Please read and follow the steps in the CONTRIBUTING.md.
License
See LICENSE.
[3.8.1]
Added
- Add missing home storage capability.
FAQs
Actions SDK Fulfillment Library for Node.js
The npm package @assistant/conversation receives a total of 124 weekly downloads. As such, @assistant/conversation popularity was classified as not popular.
We found that @assistant/conversation demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 08 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025