Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@iamrony777/baileys
Advanced tools
The original repository was removed by its author and later taken over by WhiskeySockets. This current fork is based on that. I've only made additions such as custom stores for storing authentication, messages, etc., and merged a few pull requests. That's all.
If you encounter any issues after using this fork or any part of it, I recommend creating a new issue here rather than on WhiskeySocket's Discord server. AND EXPECT BUGS, LOTS OF BUGS (THIS IS UNSTABLE ASF)
Check .env.example
first to setup databases
yarn install @iamrony777/baileys
or
yarn github:iamrony777/Baileys ## Directly from github repo
Then import your code using:
import makeWASocket, { ... } from '@iamrony777/baileys'
WhatsApp provides a multi-device API that allows Baileys to be authenticated as a second WhatsApp client by scanning a QR code with WhatsApp on your phone.
import { MongoClient } from "mongodb";
import makeWASocket, {
DisconnectReason,
makeCacheableSignalKeyStore,
makeMongoStore,
useMongoDBAuthState,
} from "@iamrony777/baileys";
import { Boom } from "@hapi/boom";
import "dotenv/config";
async function connectToWhatsApp() {
// MongoDB setup
const mongo = new MongoClient(process.env.MONGODB_URL!, {
socketTimeoutMS: 1_00_000,
connectTimeoutMS: 1_00_000,
waitQueueTimeoutMS: 1_00_000,
});
const authCollection = mongo.db("wpsessions").collection("auth");
const { state, saveCreds } = await useMongoDBAuthState(authCollection);
const store = makeMongoStore({ db: mongo.db("wpsessions"), autoDeleteStatusMessage: true });
const sock = makeWASocket({
auth: {
creds: state.creds,
/** caching makes the store faster to send/recv messages */
keys: makeCacheableSignalKeyStore(state.keys),
},
// can provide additional config here
printQRInTerminal: true,
});
// listen on events and update database
store.bind(sock.ev);
sock.ev.on("connection.update", async (update) => {
const { connection, lastDisconnect } = update;
if (connection === "close") {
const shouldReconnect =
(lastDisconnect?.error as Boom)?.output?.statusCode !==
DisconnectReason.loggedOut;
console.log(
"connection closed due to ",
lastDisconnect?.error,
", reconnecting ",
shouldReconnect
);
// reconnect if not logged out
if (shouldReconnect) {
await mongo.close();
connectToWhatsApp();
}
} else if (connection === "open") {
console.log("opened connection");
await sock.sendMessage(
sock.user?.id!,
{
text: "Connected!",
},
{ ephemeralExpiration: 1 * 60 }
);
}
});
sock.ev.on("messages.upsert", async (m) => {
console.log(JSON.stringify(m, undefined, 2));
// if message type is notify and not a protocol message
if (
m.type === "notify" &&
!m.messages[0].message?.hasOwnProperty("protocolMessage")
) {
console.log("replying to", m.messages[0].key.remoteJid);
// await sock.sendMessage(m.messages[0].key.remoteJid!, {
// text: "Hello there!",
// });
}
});
sock.ev.on("creds.update", async () => {
await saveCreds();
});
}
// run in main file
connectToWhatsApp();
If the connection is successful, you will see a QR code printed on your terminal screen, scan it with WhatsApp on your phone and you'll be logged in!
Note: install qrcode-terminal
using yarn add qrcode-terminal
to auto-print the QR to the terminal.
Note: the code to support the legacy version of WA Web (pre multi-device) has been removed in v5. Only the standard multi-device connection is now supported. This is done as WA seems to have completely dropped support for the legacy version.
FAQs
WhatsApp API
The npm package @iamrony777/baileys receives a total of 26 weekly downloads. As such, @iamrony777/baileys popularity was classified as not popular.
We found that @iamrony777/baileys demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.