Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@gov-api-package/subscrib-manager
Advanced tools
订阅API
接入前请将此域名 https://zw.baidusmartapps.com 添加到request的合法域名中
1、 安装依赖
npm i @gov-api-package/subscrib-manager --save --registry=http://registry.npm.baidu-int.com
注意:sdk 使用了 getCommonSysInfo 需要申请权限后使用,请提前申请
2、API 使用
| 属性名 | 类型 |
|---|---|
| API | 说明 |
| querySub | 获取订阅状态 |
| addSub | 订阅 |
| cancelSub | 取消订阅 |
| toManage | 跳转订阅助手小程序 |
| modifyIntervene | 修改城市信息 |
// 引入
import subscribManager from'@gov-api-package/subscrib-manage';
2.1 获取订阅状态 querySub
| 参数 | 类型 | 说明 |
|---|---|---|
| sourceFlag | string | 订阅标识 |
返回参数:
{
"id":1,// subscribeID
"status":1,// 0 未订阅 1订阅
"main_title":"场景卡",
"sub_title":"官方小程序",
"button_color":"#D23B3A"
}
demo:
/**
* 获取订阅状态
* @param {string} sourceFlag 订阅来源
*/
getSubInfo(sourceFlag) {
subscribManager.querySub(sourceFlag).then(
res => {
console.log(res);
// 业务逻辑...
}).catch(err => {
console.log(err);
});
}
2.3 订阅 addSub
| 参数 | 类型 | 说明 | 是否必选 | 备注 |
|---|---|---|---|---|
| subscribeID | string | 订阅id | 是 | |
| openId | string | 小程序openId | 是 | |
| sourceFlag | string | 来源标识 | 否 | |
| interveneProps | Object | 特征类型和列表 | 否 | |
| >>interveneProps.interveneType | number | 特征类型 | 否 | 1(城市),2(省份),3(快递公司),4(运动员)... |
| >>interveneProps.intervene | string | 修改特征列表 | 当特征类型为1(城市)或者2(省份),不传特征列表时,会自动获取当前地理位置信息 |
返回参数:
异常code:
返回错误码:
200000000 未获取到用户信息
200000006 已订阅
200000003 查询订阅号失败
200000004 订阅失败
200005 取消订阅失败
{
"code":0,// 接口状态,0 操作成功
"msg":"success",
"data": {}
}
demo:
/**
* 订阅
*/
onSubscribe() {
subscribManager.addSub(subscribeID, sourceFlag).then(res => {
console.log(res);
// res.code 为 0 时接口正常
// 业务逻辑...
if(!res.code) {
this.setData({
subStatus:1
});
swan.showToast({
title:'订阅成功',
icon:'none'
});
}else{
swan.showToast({
title:'订阅失败',
icon:'none'
});
}
}).catch(err => {
swan.showToast({
title:'订阅失败',
icon:'none'
});
});
}
2.4 取消订阅 cancelSub
入参同订阅接口
返回参数:
异常code:同 addSub
{
"code":0,// 接口状态,0 操作成功
"msg":"success",
"data": {}
}
demo:
/**
* 订阅
*/
onSubscribe() {
subscribManager.cancelSub(subscribeID, sourceFlag).then(res => {
// res.code 为 0 时接口正常
// 业务逻辑...
if (!res.code) {
this.setData({
subStatus: 1
});
swan.showToast({
title: '取消成功',
icon: 'none'
});
} else {
swan.showToast({
title: '取消失败',
icon: 'none'
});
}
}).catch(err => {
swan.showToast({
title: '取消失败',
icon: 'none'
});
});
}
2.5 跳转订阅助手 toManage
demo:
/**
* 管理订阅,跳转到订阅助手小程序
*/
onSubscribeManage() {
subscribManager.toManage();
}
2.6 修改城市信息
| 参数 | 类型 | 说明 | 是否必填 |
|---|---|---|---|
| subscribeID | string | 订阅id | 是 |
| openId | string | 小程序openId | 是 |
| opType | number | 1、新增干预城市 2、取消干预城市 3、修改干预城市 | 是 |
| sourceFlag | string | 订阅标识 | 是 |
| intervene | string | 修改城市列表 | 是 |
| demo: |
/**
* 修改城市信息
*/
subscribManager.modifyIntervene(res.id, 1, sourceFlag, JSON.stringify([
{
"type": 1, // type 1是城市
"value": "130000,130001,130002"
},
{
"type": 2, // type 2是省份
"value": "130000,130003"
}
])).then(res => {
console.log(res)
});
返回值:
{
"code": 0, // 为0时,操作成功
"msg": "success",
"data": {}
}
FAQs
The npm package @gov-api-package/subscrib-manager receives a total of 0 weekly downloads. As such, @gov-api-package/subscrib-manager popularity was classified as not popular.
We found that @gov-api-package/subscrib-manager demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 Feb 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025