Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@qodestack/dl-yt-playlist
Advanced tools
Download all videos from a YouTube playlist. You can optionally download the audio and thumbnail images as well.
You'll need a few things to use this project:
API_KEY
env variable.The type signature looks like this:
downloadYoutubePlaylist({
// YouTube playlist id.
playlistId: string
// YouTube API key.
apiKey: string
// Full path to the directory where you want to save your data.
directory: string
/**
* 'audio' - will only save videos as mp3 files and include json metadata
* 'video' - will only save videos as mp4 files and incluide json metadata
* 'both' - will save videos as mp3 and mp4 files and include json metadata
* 'none' - will only save json metadata
*/
downloadType: DownloadType
/**
* Optional - default value `false`
*
* Boolean indicating if the full playlist data get's fetched or not.
*
* `true` - download all items in the playlist
* `false` - download only the 50 most recent items in the playlist
*/
includeFullData?: boolean
/**
* Optional - default value `Infinity`
*
* The maximum duration a playlist item can be to be downloaded.
*/
maxDurationSeconds?: number
/**
* Optional - default value `false`
*
* Boolean indicating whether to download the video thumbnails as jpg files.
*/
downloadThumbnails?: boolean
/**
* Optiona - default value `false`
*
* Boolean indicated whether to save the response data directly from the
* YouTube API. This can be helpful for debugging. If set to `true`, two files
* will be saved:
*
* - youtubePlaylistResponses.json
* - youtubeVideoResponses.json
*/
saveRawResponses?: boolean
/**
* Optional - default value `false`
*
* Boolean indicating wether to silence all internal console.log's. This will
* not silence messages indicating missing `yt-dlp` or being offline.
*/
silent?: boolean
}): Promise<{
failures: {
url: string // The url of failed resource.
title: string // The video title.
error: unknown
/**
* 'video' - the attempted download was a YouTube video.
* 'thumbnail' - the attempted download was a thumbnail image.
* 'ffmpeg' - ffmpeg failed to convert the downloaded video into an mp3 file.
*/
type: 'video' | 'thumbnail' | 'ffmpeg'
}[]
failureCount: number
date: string // new Date().toLocaleDateString()
dateNum: number // Date.now()
totalVideosDownloaded: number
totalThumbnailsDownloaded: number
}>
Downloads will be organized into the following folder structure:
directory-you-provided
/<playlist name>
/video
<title> [<video id>].mp4
...
/audio
<title> [<video id>].mp3
...
/thumbnails
<video id>.jpg
...
metadata.json
youtubePlaylistResponses.json (only if `saveRawResponses` is true)
youtubeVideoResponses.json (only if `saveRawResponses` is true)
/video | This folder will contain all the mp4 video files |
/audio | This folder will contain all the mp3 audio files |
/thumbnails | This folder will contain all the jpg thumbnail files |
metadata.json | This file will contain an array of metadata on each video. See shape below |
youtubePlaylistResponses.json | This file will contain an array of raw responses from YouTube's PlaylistItems: list api. |
youtubeVideoResponses.json | This file will contain an array of raw responses from YouTube's Videos: list api. |
Each video will have metadata stored in the metadata.json
with the following shape:
{
id: string
title: string
channelId: string
channelName: string
dateAddedToPlaylist: string
durationInSeconds: number | null
url: string
thumbnaillUrl: string
dateCreated: string
/**
* This value will be changed to `true` when future API calls are made and the
* video is found to be unavailable. This will allow us to retain previously
* fetch metadata.
*/
isUnavailable?: boolean
}
FAQs
Download all videos (or audio only) from a YouTube playlist!
The npm package @qodestack/dl-yt-playlist receives a total of 94 weekly downloads. As such, @qodestack/dl-yt-playlist popularity was classified as not popular.
We found that @qodestack/dl-yt-playlist demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.