Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
@streem/sdk-node
Advanced tools
@streem/sdk-node
Streem library to interact with the Streem API and generate Embedded SSO tokens
Streem SDK for Node.JS
Server-side Node.JS library for interacting with the Streem API, and generation of Streem Tokens for use in client SDKs or Embedded SSO.
Installation
Add the Streem SDK dependency to your project. Yarn is required:
yarn add @streem/sdk-node
Usage
First, import the library:
import Streem from "@streem/sdk-node"
Then initialize the library with your API Key ID and Secret:
Streem.init(apiKeyId, apiKeySecret)
Streem Tokens
To create a Streem Token, first create a TokenBuilder:
const builder = new Streem.TokenBuilder()
Then specify the details for the currently logged-in user:
const user = // your logged in user
// required
builder.userId = user.id
// recommended
builder.name = user.name
builder.email = user.email
builder.avatarUrl = user.avatar
// optional
builder.tokenExpirationMs = ... // Determines how long this token is valid for starting a session (default 5 minutes)
builder.sessionExpirationMs = ... // Once the session has started, how long can the user remain logged in (default 4 hours)
// If using the Group Reservation feature, set the reservation sid from the API response
builder.reservationSid = "rsv_abc123"
Finally, call build() to generate the token string:
const token = builder.build()
Embedded SSO
Embedded SSO allows you to create Streem Tokens server-side, and automatically log your users into the Streem web application.
First, provide the token created above to your front-end browser client. Next, place the token in the hash portion of any Streem web application URL,
by appending #token=... with your token.
For example, to create an iframe to the root page in Streem, you might have:
<iframe src="https://{company-code}.streempro.app#token={token}"/>
Be sure to substitute {company-code} and {token} for the correct values.
Streem Client SDKs
If using the iOS or Android SDKs, you will provide the Streem Token to the client, and pass to the SDK via Streem.identify(). More
details can be found in documentation of the individual SDKs
License
This repo is available as open source under the terms of the MIT License.
0.3.1
- Upgrading
node-joseto 2.2.x
FAQs
Streem library to interact with the Streem API and generate Embedded SSO tokens
The npm package @streem/sdk-node receives a total of 1,109 weekly downloads. As such, @streem/sdk-node popularity was classified as popular.
We found that @streem/sdk-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 15 May 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025