Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoqey/ib
Advanced tools
@stoqey/ib
is an Interactive Brokers TWS (or IB Gateway) Typescript API client library for Node.js. It is a direct port of Interactive Brokers' Java Client Version 9.76 from May 08 2019.
Refer to the Trader Workstation API for the official documentation and the C#/Java/VB/C++/Python client.
The module makes a socket connection to TWS (or IB Gateway) using the net module and all messages are entirely processed in Typescript. It uses EventEmitter to pass the result back to user.
$ npm install @stoqey/ib
or
$ yarn add @stoqey/ib
There are two APIs on this package, IBApi and IBApiNext.
IBApi replicates the official TWS API as close as possible, making it easy to migrate or port existing code. It implements all functions and provies same event callbacks as the official TWS API does.
IBApiNext is a preview of a new API that is currently in development. The goal of IBApiNext is it, to provide same functionality as IBApi, but focus on usability rather than replicating the official interface. It is not based on a request/event design anymore, but it does use RxJS instead. IBApiNext still is in preview stage. Not all functions are available yet, and we cannot guarantee stable interfaces (although are we confident that public signatures of already existing functions won't change anymore).
Platform | Port |
---|---|
IB Gateway live account | 4001 |
IB Gateway paper account | 4002 |
TWS Live Account | 7496 |
TWS papertrading account | 7497 |
IBApi is returning Number.MAX_SAFE_INTEGER
when there is no value from IB, commonly seen when there is no bid / offer or other missing market data.
/* Example: Print all portfolio positions to console. */
import { IBApi, EventName, ErrorCode, Contract } from "@stoqey/ib";
// create IBApi object
const ib = new IBApi({
// clientId: 0,
// host: '127.0.0.1',
port: 7497,
});
// register event handler
let positionsCount = 0;
ib.on(EventName.error, (err: Error, code: ErrorCode, reqId: number) => {
console.error(`${err.message} - code: ${code} - reqId: ${reqId}`);
})
.on(
EventName.position,
(account: string, contract: Contract, pos: number, avgCost: number) => {
console.log(`${account}: ${pos} x ${contract.symbol} @ ${avgCost}`);
positionsCount++;
}
)
.once(EventName.positionEnd, () => {
console.log(`Total: ${positionsCount} positions.`);
ib.disconnect();
});
// call API functions
ib.connect();
ib.reqPositions();
ib.once(EventName.nextValidId, (orderId: number) => {
const contract: Contract = {
symbol: "AMZN",
exchange: "SMART",
currency: "USD",
secType: SecType.STK,
};
const order: Order = {
orderType: OrderType.LMT,
action: OrderAction.BUY,
lmtPrice: 1,
orderId,
totalQuantity: 1,
account: 'YOUR_ACCOUNT_ID'
};
ib.placeOrder(orderId, contract, order);
});
ib.connect();
ib.reqIds();
The src/tools folder contains a collection of command line tools to run IBApiNext from command line. Have look on it if you search for IBApiNext sample code.
Example:
node ./dist/tools/account-summary.js -group=All -tags="NetLiquidation,MaintMarginReq" -watch -inc -port=4002
{
"all": [
[
"DU******",
[
[
"MaintMarginReq",
[
[
"EUR",
{
"value": "37688.07",
"ingressTm": 1616849611611
}
]
]
]
]
]
],
"added": [
[
...
! WARNING ! - Make sure to test on papertrading account as tests could contain actions that result in selling and buying financial instruments.
The easiest way to start testing and playing around with the code is to run included IB Gateway docker container. To set it up use following steps.
Copy sample.env
to file .env
yarn
to install dependenciescp sample.env .env
docker-compose up
(use flag -d
to run de-attached mode in background). Now the docker instance of IB Gateway should be running.docker-compose down
Once docker is up and running with correct credentials it should be ready to accept connections.
Tests can be run from CLI with jest
tool. Either a single one or multiple tests at once.
Running single/multiple tests
jest src/test/unit/api/api.test.ts
To run multiple, just use path instead of specific file.
To run all tests run the following command.
yarn test
Will be added later once it's stable
Public interfaces, that are planned to be removed, will be marked with a @deprecated.
The @deprecated tag will contain a description or link on how migrate to new API (example: IBApiCreationOptions.clientId).
VSCode will explicitly mark deprecated functions and attributes, so you cannot miss it.
If you write new code, don't use deprecated functions.
If you already use deprecated functions on existing code, migrate to new function on your next code-clean up session. There is no need for immediate change, the deprecated function will
continue to work for a least a half more year, but at some point it will be removed.
IB does regularly release new API versions, so this library will need permanent maintenance in oder to stay up-to-date with latest TWS features.
Also, there is not much testing code yet. Ideally there should be at least one test-case for each public function.
In addition to that, a little demo / example app would be nice, to demonstrate API usage (something like a little live-portoflio-viewer app for node.js console?).
Any kind of bugfixes are welcome as well.
If you want to contribute, read the Developer Guide and start coding.
FAQs
Interactive Brokers TWS/IB Gateway API client library for Node.js (TS)
The npm package @stoqey/ib receives a total of 488 weekly downloads. As such, @stoqey/ib popularity was classified as not popular.
We found that @stoqey/ib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.