Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@icocoding/ib-node-api
Advanced tools
Interactive Brokers TWS/IB Gateway API client library for Node.js (TS)
@stoqey/ib
is an Interactive Brokers TWS (or IB Gateway) Typescript API client library for Node.js. It is a port of Interactive Brokers' Java Client Version 10.29.01 ("latest") from June 18th, 2024.
Refer to the Trader Workstation API for the official documentation and the C#/Java/VB/C++/Python client.
The module makes a socket connection to TWS (or IB Gateway) using the net module and all messages are entirely processed in Typescript. It uses EventEmitter to pass the result back to user.
$ npm install @stoqey/ib
or
$ yarn add @stoqey/ib
If you currently use version 1.1.x and want to upgrade to 1.2.x please note that there is a breaking change that might affect your code:
Versions up to 1.1.x did return Number.MAX_VALUE
on values that are not available. This was to be in-sync with the official TWS API Java interfaces. Since the usage of Number.MAX_VALUE
is very uncommon in JScript/TS and caused / causes lot of confusion, all versions starting from 1.2.1 will return undefined
instead.
If you have checked for Number.MAX_VALUE
up to now, you can drop this check. If you have not checked for undefined
yet, you should add it.
Example:
ib.on(EventName.pnlSingle, (
reqId: number,
pos: number,
dailyPnL: number,
unrealizedPnL: number,
realizedPnL: number,
value: number
) => {
...
}
);
now is (look at unrealizedPnL
and realizedPnL
)
ib.on(EventName.pnlSingle, (
reqId: number,
pos: number,
dailyPnL: number,
unrealizedPnL: number | undefined,
realizedPnL: number | undefined,
value: number
) => {
...
}
);
There are two APIs on this package, IBApi and IBApiNext.
IBApi replicates the official TWS API as close as possible, making it easy to migrate or port existing code. It implements all functions and provides same event callbacks as the official TWS API does.
IBApiNext is a preview of a new API that is currently in development. The goal of IBApiNext is it, to provide same functionality as IBApi, but focus on usability rather than replicating the official interface. It is not based on a request/event design anymore, but it does use RxJS instead. IBApiNext still is in preview stage. Not all functions are available yet, and we cannot guarantee stable interfaces (although are we confident that public signatures of already existing functions won't change anymore).
Platform | Port |
---|---|
IB Gateway live account | 4001 |
IB Gateway paper account | 4002 |
TWS Live Account | 7496 |
TWS papertrading account | 7497 |
/* Example: Print all portfolio positions to console. */
import { IBApi, EventName, ErrorCode, Contract } from "@stoqey/ib";
// create IBApi object
const ib = new IBApi({
// clientId: 0,
// host: '127.0.0.1',
port: 7497,
});
// register event handler
let positionsCount = 0;
ib.on(EventName.error, (err: Error, code: ErrorCode, reqId: number) => {
console.error(`${err.message} - code: ${code} - reqId: ${reqId}`);
})
.on(
EventName.position,
(account: string, contract: Contract, pos: number, avgCost?: number) => {
console.log(`${account}: ${pos} x ${contract.symbol} @ ${avgCost}`);
positionsCount++;
},
)
.once(EventName.positionEnd, () => {
console.log(`Total: ${positionsCount} positions.`);
ib.disconnect();
});
// call API functions
ib.connect();
ib.reqPositions();
ib.once(EventName.nextValidId, (orderId: number) => {
const contract: Contract = {
symbol: "AMZN",
exchange: "SMART",
currency: "USD",
secType: SecType.STK,
};
const order: Order = {
orderType: OrderType.LMT,
action: OrderAction.BUY,
lmtPrice: 1,
orderId,
totalQuantity: 1,
account: "YOUR_ACCOUNT_ID",
};
ib.placeOrder(orderId, contract, order);
});
ib.connect();
ib.reqIds();
While IBApi uses a request function / event callback design where subscriptions are managed by the user, IBApiNext does use RxJS 7 to manage subscriptions.
In general, there are two types of functions on IBApiNext:
One-shot functions, returning a Promise, such as IBApiNext.getCurrentTime
or IBApiNext.getContractDetails
. Such functions will send a request to TWS and return the result (or error) on the Promise.
Endless stream subscriptions, returning an Observable, such as IBApiNext.getAccountSummary
or IBApiNext.getMarketData
.
Such functions will deliver an endless stream of update events. The complete
callback will NEVER be invoked (do not try to convert to a Promise - it will never resolve!)
The src/tools folder contains a collection of command line tools to run IBApiNext from command line. Have look on it if you search for IBApiNext sample code.
Example:
node ./dist/tools/account-summary.js -group=All -tags="NetLiquidation,MaintMarginReq" -watch -inc -port=4002
{
"all": [
[
"DU******",
[
[
"MaintMarginReq",
[
[
"EUR",
{
"value": "37688.07",
"ingressTm": 1616849611611
}
]
]
]
]
]
],
"added": [
[
...
! WARNING ! - Make sure to test on papertrading account as tests could contain actions that result in selling and buying financial instruments.
The easiest way to start testing and playing around with the code is to run included IB Gateway docker container. To set it up use following steps.
Copy sample.env
to file .env
yarn
to install dependenciescp sample.env .env
IB_PORT
from 4002
to 4004
if using IB Gateway from docker-compose
(Step 6)yarn build
to compile TypeScript codedocker-compose up
(use flag -d
to run de-attached mode in background). Now the docker instance of IB Gateway should be running.docker-compose down
Once docker is up and running with correct credentials it should be ready to accept connections.
Tests can be run from CLI with jest
tool. Either a single one or multiple tests at once.
Running single/multiple tests
jest src/test/unit/api/api.test.ts
To run multiple, just use path instead of specific file.
To run all tests run the following command.
yarn test
Will be added later once it's stable
Public interfaces, that are planned to be removed, will be marked with a @deprecated.
The @deprecated tag will contain a description or link on how migrate to new API (example: IBApiCreationOptions.clientId).
VSCode will explicitly mark deprecated functions and attributes, so you cannot miss it.
If you write new code, don't use deprecated functions.
If you already use deprecated functions on existing code, migrate to new function on your next code-clean up session. There is no need for immediate change, the deprecated function will
continue to work for a least a half more year, but at some point it will be removed.
IB does regularly release new API versions, so this library will need permanent maintenance in order to stay up-to-date with latest TWS features.
Also, there is not much testing code yet. Ideally there should be at least one test-case for each public function.
In addition to that, a little demo / example app would be nice, to demonstrate API usage (something like a little live-portoflio-viewer app for node.js console?).
Any kind of bugfixes are welcome as well.
If you want to contribute, read the Developer Guide and start coding.
FAQs
Interactive Brokers TWS/IB Gateway API client library for Node.js (TS)
The npm package @icocoding/ib-node-api receives a total of 773 weekly downloads. As such, @icocoding/ib-node-api popularity was classified as not popular.
We found that @icocoding/ib-node-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.