Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@botpress/broadcast
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
@botpress/broadcast
Get started
npm install @botpress/broadcast
The broadcast module should now be available in your bot UI, and the APIs exposed.
Features
Send according to Users timezone
You can decide whether the scheduled time is absolute to the bot's time or to individual users. If no timezone information available for the user, GMT is chosen.
Filtering
You can apply filters to the broadcasts. Filters are small JavaScript functions that will be evaluated before sending the broadcast to a user. The condition is called for every user the broadcast is scheduled to. You can add multiple filter functions and user will be filtered out if at least one of them returns false.
Variables exposed to the filter function:
bpbotpress instanceuserIdthe userId to send the message toplatformthe platform on which the user is on
The function needs to return a boolean or a Promise of a boolean.
Note: Starting your function with return is optional.
Examples
Send a message only to users on Facebook
"platform === 'facebook'"
Send a message only to subscribed users
Note: Assuming your bot has a subscriptions table that holds userId and platform
// in your bot's index.js
bp.isUserSubscribed = userId => {
return bp.db.get()
.then(knex =>
knex('subscriptions')
.where({ userId, platform })
.select('count(*) as count')
then().get(0).then(({count}) => count > 0)
)
}
bp.isUserSubscribed(userId)
Roadmap
- User segmentation
API
GET /api/botpress-broadcast/broadcasts
Returns a list of the scheduled broadcasts.
PUT /api/botpress-broadcast/broadcasts
Schedules a new broadcast.
Body
{
date: string, // *required*, 'YYYY-MM-DD'
time: string, // *required*, 'HH:mm'
timezone: null|int, // null (users timezone), or integer (absolute timezone)
type: string, // *required*, 'text' or 'javascript'
content: string // *required*, the text to be sent or the JavaScript code to execute,
filters: [string] // filtering conditions, JavaScript code
}
Response
"Hello, Human!"
POST /api/botpress-broadcast/broadcasts
Update an existing broadcast. Same as PUT except that id is also necessary. You can't modify a processing broadcast.
DELETE /api/botpress-broadcast/broadcasts/:id
Delete an existing broadcast. You can't delete a processing broadcast.
Community
Pull requests are welcomed! We believe that it takes all of us to create something big and impactful. There's a Slack community where you are welcome to join us, ask any question and even help others.
Get an invite and join us now! 👉https://slack.botpress.io
License
botpress-broadcast is licensed under AGPL-3.0
FAQs
Broadcast messages to all (or a subset) of your users
We found that @botpress/broadcast demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 19 Jan 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025