Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@moderation-api/sdk
Advanced tools
Moderation API Node.js library
The Moderation API Node library provides convenient access to the Stripe API from applications written in server-side JavaScript.
Use the Moderation API to analyze text and images for offensive content, profanity, toxicity, discrimination, sentiment, language and more - or detect, hide, and extract data entities like emails, phone numbers, addresses and more.
Documentation
See the moderation-api-node API docs for Node.js.
Installation
Install the package with:
npm install @moderation-api/sdk
# or
yarn add @moderation-api/sdk
Usage
The package needs to be configured with your projects's API key, which is available in your Project Dashboard. Instantiate the client with your key:
import ModerationAPi from '@moderation-api/sdk';
const moderationApi = new ModerationAPi({
key: 'proj_...',
});
const analysis = await moderationApi.moderate.text({
value: 'Hello world!',
})
console.log(analysis.flagged)
Usage with TypeScript
The client works with TypeScript and is fully typed.
Available Features
The SDK provides the following main features:
Content Moderation
// Text moderation
const textAnalysis = await moderationApi.moderate.text({
value: 'Your text here',
});
// Image moderation
const imageAnalysis = await moderationApi.moderate.image({
url: 'https://example.com/image.jpg',
});
// Video moderation
const videoAnalysis = await moderationApi.moderate.video({
url: 'https://example.com/video.mp4',
});
// Audio moderation
const audioAnalysis = await moderationApi.moderate.audio({
url: 'https://example.com/audio.mp3',
});
// Object moderation (for complex data structures)
const objectAnalysis = await moderationApi.moderate.object({
value: {
text: 'Some text',
metadata: {type: 'comment'},
},
});
Queue Management
// List queue actions
const actions = await moderationApi.queueActions.list();
// Get queue stats
const stats = await moderationApi.queueView.getStats();
// Get queue items
const items = await moderationApi.queueView.getItems();
// Resolve/unresolve items
await moderationApi.queueView.resolveItem('item_id');
await moderationApi.queueView.unresolveItem('item_id');
Wordlist Management
// Get wordlists
const wordlists = await moderationApi.wordlist.list();
// Add words to wordlist
await moderationApi.wordlist.addWords('wordlist_id', {
words: ['word1', 'word2'],
});
// Remove words from wordlist
await moderationApi.wordlist.removeWords('wordlist_id', {
words: ['word1'],
});
User Reports
// List authors
const authors = await moderationApi.userReports.listAuthors();
// Get author details
const authorDetails = await moderationApi.userReports.getAuthorDetails(
'author_id'
);
Account Management
// Get account information
const account = await moderationApi.account.get();
Webhook signing
Moderation API can optionally sign the webhook events it sends to your endpoint, allowing you to validate that they were not sent by a third-party. You can read more about it here.
Please note that you must pass the raw request body, exactly as received from Moderation API, to the constructEvent() function; this will not work with a parsed (i.e., JSON) request body.
Here's what it looks like using Next.js:
import {buffer} from 'micro';
const handler = async (req, res) => {
const webhookRawBody = await buffer(req);
const webhookSignatureHeader = req.headers['modapi-signature'];
const payload = await moderationApi.webhooks.constructEvent(
webhookRawBody,
webhookSignatureHeader,
process.env.MODAPI_WEBHOOK_SECRET
);
};
// disable body parser so we can access raw body
export const config = {
api: {
bodyParser: false,
},
};
export default handler;
Error Handling
The SDK uses typed errors for better error handling:
try {
const analysis = await moderationApi.moderate.text({
value: 'Hello world!',
});
} catch (error) {
if (error.status === 401) {
console.error('Invalid API key');
} else if (error.status === 429) {
console.error('Rate limit exceeded');
} else {
console.error('An error occurred:', error.message);
}
}
Support
New features and bug fixes are released on the latest major version of the @moderation-api/sdk package. If you are on an older major version, we recommend that you upgrade to the latest in order to use the new features and bug fixes including those for security vulnerabilities. Older major versions of the package will continue to be available for use, but will not be receiving any updates.
Email support
Reach out at support@moderationapi.com
More Information
FAQs
Automatically moderate your content with Moderation API
The npm package @moderation-api/sdk receives a total of 197 weekly downloads. As such, @moderation-api/sdk popularity was classified as not popular.
We found that @moderation-api/sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025