Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
@flatfile/api
Advanced tools
@flatfile/api
[](https://www.npmjs.com/package/@flatfile/api) [](https://buildwithfern.com/?utm_source=flatfilers/f
Flatfile Node API Library
The Flatfile Node.js library provides convenient access to the Flatfile API from JavaScript/TypeScript.
Documentation
API reference documentation is available here.
Installation
npm install --save @flatfile/api
# or
yarn add @flatfile/api
Usage
import { FlatfileClient } from '@flatfile/api';
async function main() {
const flatfile = new FlatfileClient({
// This is usually the environment specific "Secret Key" that can be found
// on the Getting Started page in the Flatfile dashboard.
token: 'YOUR_API_KEY',
});
const workbook = await flatfile.workbooks.create({
name: 'SDK Example',
sheets: [
{
name: 'Contacts',
slug: 'contacts',
fields: [
{
key: 'firstName',
type: 'string',
label: 'First Name',
},
{
key: 'lastName',
type: 'string',
label: 'Last Name',
},
{
key: 'email',
type: 'string',
label: 'Email',
},
],
actions: [
{
slug: 'submitAction',
label: 'Submit',
type: 'string',
description: 'Submit data to webhook.site',
primary: true,
},
],
},
],
});
console.log('Created workbook with id:', workbook.data.id);
}
Handling errors
When the API returns a non-success status code (4xx or 5xx response), a subclass of FlatfileError will be thrown:
try {
await client.agents.get("environment-id", "agent-id");
} catch (err) {
if (err instanceof FlatfileError) {
console.log(err.statusCode); // 400
console.log(err.message); // "BadRequestError"
console.log(err.body); // list of errors
}
}
Error codes are as followed:
| Status Code | Error Type |
|---|---|
| 400 | BadRequestError |
| 404 | NotFoundError |
Handling events
The flatfile platform emits different events (e.g. user:added, webhook:removed). The SDK uses discriminated unions that make it easy to handle specific events.
const event = eventResponse.data;
if (event.type === 'job:started') {
console.log(event.payload.operation); // FILE
console.log(event.payload.type); // PIPELINE
} else if (event.type === 'records:created') {
console.log(event.payload.count) // 100
}
Fields
The SDK uses discriminated unions that make it easy to introspect different fields.
for (const field of sheet.config.fields) {
if (field.type === 'boolean') {
console.log(field.config?.allowIndeterminate); // false
} else if (field.type === "number") {
console.log(field.config?.decimalPlaces); // 2
} else if (field.type === "enum") {
console.log(field.config.allowCustom); // true
}
}
Beta status
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning the package version to a specific version in your package.json file. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
Contributing
While we value open-source contributions to this SDK, this library is generated programmatically. Additions made directly to this library would have to be moved over to our generation code, otherwise they would be overwritten upon the next generated release. Feel free to open a PR as a proof of concept, but know that we will not be able to merge it as-is. We suggest opening an issue first to discuss with us!
On the other hand, contributions to the README are always very welcome!
FAQs
[](https://www.npmjs.com/package/@flatfile/api) [](https://buildwithfern.com/?utm_source=flatfilers/f
The npm package @flatfile/api receives a total of 43,295 weekly downloads. As such, @flatfile/api popularity was classified as popular.
We found that @flatfile/api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 15 open source maintainers collaborating on the project.
Package last updated on 13 Dec 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025