Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@devmaarkn/instagram-private-api
Advanced tools
Instagram private API wrapper for full access to instagram
Me and Nerix are ready to announce the next 2.x.x version of this library. It has extended feature list. It's a big release. We have significantly expanded the functionality and capabilities. The library turned into a monorepository and now it's a set of libraries, connected in an ecosystem. It consists of
We've done some work on design decisions. We simplified the state management process. Now you can easily make a snapshot of account state, save it in a persistent storage and then restore a 1-to-1 copy with just 1 function call. With new realtime features you can listen for new direct messages, notifications and any other events.
The new version is hosted in private repository. Access is paid. Members get basic support for installation, configuration, and usage. We also will try to react on your feature requests.
You can contact me in telegram or email for details.
From npm
npm install instagram-private-api
From github
npm install github:dilame/instagram-private-api
This package uses url-regex-safe
(GitHub) to check for links when sending direct messages.
By default, the safe regex engine re2
is not installed.
⚠ It's highly recommended for you to install re2
by running npm install re2
, else you will be vulnerable to CVE-2020-7661.
If you find this library useful for you, you can support it by donating any amount
BTC: 1Dqnz9QuswAvD3t7Jsw7LhwprR6HAWprW6
You can find usage examples here.
Note for JavaScript users: As of Node v.13.5.0, there isn't support for ESModules and the 'import'-syntax. So you have to read the imports in the examples like this:
import { A } from 'b'
➡ const { A } = require('b')
import { IgApiClient } from 'instagram-private-api';
import { sample } from 'lodash';
const ig = new IgApiClient();
// You must generate device id's before login.
// Id's generated based on seed
// So if you pass the same value as first argument - the same id's are generated every time
ig.state.generateDevice(process.env.IG_USERNAME);
// Optionally you can setup proxy url
ig.state.proxyUrl = process.env.IG_PROXY;
(async () => {
// Execute all requests prior to authorization in the real Android application
// Not required but recommended
await ig.simulate.preLoginFlow();
const loggedInUser = await ig.account.login(process.env.IG_USERNAME, process.env.IG_PASSWORD);
// The same as preLoginFlow()
// Optionally wrap it to process.nextTick so we dont need to wait ending of this bunch of requests
process.nextTick(async () => await ig.simulate.postLoginFlow());
// Create UserFeed instance to get loggedInUser's posts
const userFeed = ig.feed.user(loggedInUser.pk);
const myPostsFirstPage = await userFeed.items();
// All the feeds are auto-paginated, so you just need to call .items() sequentially to get next page
const myPostsSecondPage = await userFeed.items();
await ig.media.like({
// Like our first post from first page or first post from second page randomly
mediaId: sample([myPostsFirstPage[0].id, myPostsSecondPage[0].id]),
moduleInfo: {
module_name: 'profile',
user_id: loggedInUser.pk,
username: loggedInUser.username,
},
d: sample([0, 1]),
});
})();
You can find documentation in the docs
folder.
Consider starting in IgApiClient
(index
module), the root class.
You'll often see ig
in the docs.
This just refers to the client, an instance of IgApiClient
holding the state for one user.
import { IgApiClient } from 'instagram-private-api';
// This is the general convention on how to name the client
// vv
const ig = new IgApiClient();
// login, load a session etc.
Repositories implement low-level operations - every method sends exactly one api-request.
IgApiClient
here.You access repositories on the client (IgApiClient
) by their lower-case (camelCase) name without the Repository
suffix.
For example, you access the instance of AddressBookRepository
by ig.addressBook
.
Feeds represent paginated endpoints like a user's feed (UserFeed
).
Think of feeds like (async-)iterators/streams/observables (in fact feeds are async iterable and observable (feed.item$
)).
Every feed is accessible via ig.feed.feedName()
(camelCase name). ig.feed
is the FeedFactory
that creates feeds for you connected to the instance of ig
.
FeedFactory
(ig.feed
) here.Most of the feeds require initialization parameter(s), like a user-pk (id).
Services will help you to maintain some actions without calling a couple repository methods or perform complex things like pre and postlogin flow simulations or photo/video publishing.
IgApiClient
here.In order to get debug infos provided by the library, you can enable debugging.
The prefix for this library is ig
.
To get all debug logs (recommended) set the namespace to ig:*
.
In Node you only have to set the environment variable DEBUG
to the desired namespace.
Further information
If you need features that is not implemented - feel free to implement and create PRs!
Plus we need some documentation, so if you are good in it - you are welcome.
Setting up your environment is described here.
instagram-id-to-url-segment - convert the image url fragment to the media ID
FAQs
Instagram private API wrapper for full access to instagram
The npm package @devmaarkn/instagram-private-api receives a total of 7 weekly downloads. As such, @devmaarkn/instagram-private-api popularity was classified as not popular.
We found that @devmaarkn/instagram-private-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.