
Security News
Next.js moves to scheduled security releases
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.
@sohu-bpd/wechat
Advanced tools
WeChat JS-SDK utility library with automatic SDK loading, initialization, and SPA support.
config() and share() APIs for common tasksnpm install @sohu-bpd/wechat
# or
pnpm add @sohu-bpd/wechat
# or
yarn add @sohu-bpd/wechat
import { config } from '@sohu-bpd/wechat'
config({
sdkUrl: 'https://res.wx.qq.com/open/js/jweixin-1.6.0.js',
getSignature: async (url) => {
// Fetch signature from your backend
const response = await fetch(`/api/wechat/signature?url=${encodeURIComponent(url)}`)
return response.json()
},
debug: false,
spa: true, // Enable SPA mode (default)
})
import { share } from '@sohu-bpd/wechat'
// Set share content
await share({
title: 'My Page Title',
desc: 'Share description',
imgUrl: 'https://example.com/image.jpg',
link: 'https://example.com/page', // optional, defaults to current URL
})
import { config, share } from '@sohu-bpd/wechat'
// or
const { config, share } = require('@sohu-bpd/wechat')
<script src="https://unpkg.com/@sohu-bpd/wechat/dist/index.global.js"></script>
<script>
const { config, share } = SohuWechat
config({
sdkUrl: 'https://res.wx.qq.com/open/js/jweixin-1.6.0.js',
getSignature: async (url) => {
const res = await fetch('/api/wechat/signature?url=' + encodeURIComponent(url))
return res.json()
}
})
share({
title: 'My Page',
desc: 'Description',
imgUrl: 'https://example.com/image.jpg'
})
</script>
Set global configuration for WeChat JS-SDK.
interface GlobalConfig {
/** WeChat JS-SDK URL */
sdkUrl: string
/** Function to fetch signature, receives current URL */
getSignature: (url: string) => Promise<SignatureResult>
/** Enable debug mode, default false */
debug?: boolean
/** Enable SPA mode (auto re-init on URL change), default true */
spa?: boolean
}
function config(options: GlobalConfig): void
Example:
config({
sdkUrl: 'https://res.wx.qq.com/open/js/jweixin-1.6.0.js',
getSignature: async (url) => {
const res = await fetch(`/api/wechat/signature?url=${encodeURIComponent(url)}`)
return res.json()
},
debug: process.env.NODE_ENV === 'development',
spa: true,
})
Set WeChat share content for both friends and moments.
interface ShareOptions {
/** Share title */
title: string
/** Share description (for friends) */
desc?: string
/** Share link, defaults to current URL */
link?: string
/** Share image URL */
imgUrl: string
}
function share(options: ShareOptions): Promise<void>
Example:
await share({
title: 'Amazing Product',
desc: 'Check out this amazing product!',
imgUrl: 'https://example.com/product.jpg',
link: 'https://example.com/product/123',
})
Get current global configuration (throws if not configured).
function getConfig(): GlobalConfig
Check if global configuration has been set.
function isConfigured(): boolean
For advanced use cases, you can use the low-level APIs:
Load WeChat JS-SDK script (automatically called by high-level APIs).
function loadSDK(sdkUrl: string): Promise<void>
Initialize WeChat SDK with specified APIs (automatically called by high-level APIs).
function initSDK(jsApiList: string[]): Promise<void>
Get the global wx object after SDK is loaded.
function getWx(): any
Reset SDK state (useful for testing or manual re-initialization).
function resetSDK(): void
For use cases that don't need global configuration:
interface InitConfig {
/** Public account appId */
appId: string
/** Signature timestamp */
timestamp: number | string
/** Signature nonce string */
nonceStr: string
/** Signature */
signature: string
/** JS API list to use */
jsApiList: string[]
/** Enable debug mode */
debug?: boolean
}
function init(config: InitConfig): Promise<void>
By default, spa: true is enabled, which means:
share()), the SDK is initialized with the current URLTo disable SPA mode:
config({
// ...
spa: false, // Only initialize once
})
On iOS WeChat, the signature URL should be the first entry URL of the app, not the current URL. This library handles this automatically:
You don't need to do anything special - it just works.
Your backend should provide an endpoint that generates WeChat JS-SDK signatures. Here's an example implementation:
// Node.js + Express example
app.get('/api/wechat/signature', async (req, res) => {
const url = req.query.url as string
// Generate signature using WeChat's algorithm
const signature = await generateWeChatSignature(url)
res.json({
appId: 'your-app-id',
timestamp: signature.timestamp,
nonceStr: signature.nonceStr,
signature: signature.signature,
})
})
Refer to WeChat JS-SDK Documentation for signature generation details.
Full TypeScript definitions are included:
import type {
GlobalConfig,
SignatureResult,
ShareOptions
} from '@sohu-bpd/wechat'
const config: GlobalConfig = {
sdkUrl: '...',
getSignature: async (url: string): Promise<SignatureResult> => {
// ...
}
}
.mjs) - Modern JavaScript modules.js) - Node.js and bundlers.global.js) - Browser <script> tag with global SohuWechatconfig() and share() APIsMIT
FAQs
WeChat JS-SDK utility library
The npm package @sohu-bpd/wechat receives a total of 6 weekly downloads. As such, @sohu-bpd/wechat popularity was classified as not popular.
We found that @sohu-bpd/wechat demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.

Research
/Security News
4 compromised asyncapi packages deliver miasma botnet loader on macOS, Linux and Windows.