Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@botpress/broadcast
Advanced tools
npm install @botpress/broadcast
The broadcast module should now be available in your bot UI, and the APIs exposed.
You can decide whether the scheduled time is absolute to the bot's time or to individual users. If no timezone information available for the user, GMT is chosen.
You can apply filters to the broadcasts. Filters are small JavaScript functions that will be evaluated before sending the broadcast to a user. The condition is called for every user the broadcast is scheduled to. You can add multiple filter functions and user will be filtered out if at least one of them returns false
.
Variables exposed to the filter function:
bp
botpress instanceuserId
the userId to send the message toplatform
the platform on which the user is onThe function needs to return a boolean or a Promise of a boolean.
Note: Starting your function with return
is optional.
"platform === 'facebook'"
Note: Assuming your bot has a subscriptions
table that holds userId and platform
// in your bot's index.js
bp.isUserSubscribed = userId => {
return bp.db.get()
.then(knex =>
knex('subscriptions')
.where({ userId, platform })
.select('count(*) as count')
then().get(0).then(({count}) => count > 0)
)
}
bp.isUserSubscribed(userId)
GET /api/botpress-broadcast/broadcasts
Returns a list of the scheduled broadcasts.
PUT /api/botpress-broadcast/broadcasts
Schedules a new broadcast.
{
date: string, // *required*, 'YYYY-MM-DD'
time: string, // *required*, 'HH:mm'
timezone: null|int, // null (users timezone), or integer (absolute timezone)
type: string, // *required*, 'text' or 'javascript'
content: string // *required*, the text to be sent or the JavaScript code to execute,
filters: [string] // filtering conditions, JavaScript code
}
"Hello, Human!"
POST /api/botpress-broadcast/broadcasts
Update an existing broadcast. Same as PUT except that id
is also necessary. You can't modify a processing broadcast.
DELETE /api/botpress-broadcast/broadcasts/:id
Delete an existing broadcast. You can't delete a processing broadcast.
Pull requests are welcomed! We believe that it takes all of us to create something big and impactful. There's a Slack community where you are welcome to join us, ask any question and even help others.
Get an invite and join us now! 👉https://slack.botpress.io
botpress-broadcast is licensed under AGPL-3.0
FAQs
Broadcast messages to all (or a subset) of your users
The npm package @botpress/broadcast receives a total of 0 weekly downloads. As such, @botpress/broadcast popularity was classified as not popular.
We found that @botpress/broadcast demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.