Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@slack/webhook
Advanced tools
@slack/webhook is an npm package that allows you to send messages to Slack channels using Incoming Webhooks. It provides a simple interface to post messages, which can include text, attachments, and other rich content, to Slack.
Send a simple message
This feature allows you to send a simple text message to a Slack channel using an Incoming Webhook URL.
const { IncomingWebhook } = require('@slack/webhook');
const url = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX';
const webhook = new IncomingWebhook(url);
(async () => {
await webhook.send('Hello, Slack!');
})();
Send a message with attachments
This feature allows you to send a message with attachments, which can include additional information like titles, links, and colors.
const { IncomingWebhook } = require('@slack/webhook');
const url = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX';
const webhook = new IncomingWebhook(url);
(async () => {
await webhook.send({
text: 'New issue reported',
attachments: [
{
title: 'Issue #1234',
title_link: 'http://example.com/issues/1234',
text: 'Description of the issue',
color: '#ff0000'
}
]
});
})();
Send a message with blocks
This feature allows you to send a message using Slack's Block Kit, which provides a more flexible and rich way to format messages.
const { IncomingWebhook } = require('@slack/webhook');
const url = 'https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX';
const webhook = new IncomingWebhook(url);
(async () => {
await webhook.send({
blocks: [
{
type: 'section',
text: {
type: 'mrkdwn',
text: 'A message with *blocks*'
}
},
{
type: 'divider'
},
{
type: 'section',
text: {
type: 'mrkdwn',
text: 'Another block of text'
}
}
]
});
})();
slack-node is another npm package that allows you to interact with Slack's Incoming Webhooks. It provides similar functionality to @slack/webhook but with a slightly different API. It supports sending messages with text, attachments, and other rich content.
slack-webhook is a lightweight npm package for sending messages to Slack via Incoming Webhooks. It offers basic functionality for sending text messages and attachments, similar to @slack/webhook, but with a simpler interface.
The @slack/webhook
package contains a helper for making requests to Slack's Incoming
Webhooks. Use it in your app to send a notification to a channel.
$ npm install @slack/webhook
The package exports a IncomingWebhook
class. You'll need to initialize it with the URL you received from Slack.
The URL can come from installation in your development workspace, which is shown right in the app configuration pages.
Or, the URL could be in the response from oauth.access
when the app is
distributed and installed into another workspace.
const IncomingWebhook = require('@slack/webhook');
// Read a url from the environment variables
const url = process.env.SLACK_WEBHOOK_URL;
// Initialize
const webhook = new IncomingWebhook(url);
The webhook can be initialized with default arguments that are reused each time a notification is sent. Use the second parameter to the constructor to set the default arguments.
const IncomingWebhook = require('@slack/webhook');
const url = process.env.SLACK_WEBHOOK_URL;
// Initialize with defaults
const webhook = new IncomingWebhook(url, {
icon_emoji: ':bowtie:',
});
Something interesting just happened in your app, so its time to send the notification! Just call the
.send(options)
method on the webhook. The options
parameter is an object that should describe the contents of
the message. The method returns a Promise
that resolves once the notification is sent.
const IncomingWebhook = require('@slack/webhook');
const url = process.env.SLACK_WEBHOOK_URL;
const webhook = new IncomingWebhook(url);
// Send the notification
(async () => {
await webhook.send({
text: 'I\'ve got news for you...',
});
})();
The webhook allows you to customize the HTTP
Agent
used to create the connection to Slack.
Using this option is the best way to make all requests from your app through a proxy, which is a common requirement in
many corporate settings.
In order to create an Agent
from some proxy information (such as a host, port, username, and password), you can use
one of many npm packages. We recommend https-proxy-agent
. Start
by installing this package and saving it to your package.json
.
$ npm install https-proxy-agent
Import the HttpsProxyAgent
class, and create an instance that can be used as the agent
option of the
IncomingWebhook
.
const { IncomingWebhook } = require('@slack/webhook');
const { HttpsProxyAgent } = require('https-proxy-agent');
const url = process.env.SLACK_WEBHOOK_URL;
// One of the ways you can configure HttpsProxyAgent is using a simple string.
// See: https://github.com/TooTallNate/node-https-proxy-agent for more options
const proxy = new HttpsProxyAgent(process.env.http_proxy || 'http://168.63.76.32:3128');
// Initialize with the proxy agent option
const webhook = new IncomingWebhook(token, { agent: proxy });
// Sending this webhook will now go through the proxy
(async () => {
await webhook.send({
text: 'I\'ve got news for you...',
});
})();
FAQs
Official library for using the Slack Platform's Incoming Webhooks
We found that @slack/webhook demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 13 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.