Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@tidal-music/player
Advanced tools
npm install @tidal-music/player
(or similar for other package managers)
Then see the docs or the examples elsewhere in this repository.
The src/ folder contains the source code. Structured under api/ is the outside facing API. The player/ folder contains the underlying players and their integration into TIDAL player. The internal/ folder the business logic that the outside facing API end up calling.
The dist/ folder contains the latest built version of the code in src/.
Building is done with Vite.
pnpm build
to build the package to dist/
pnpm test
. You need a .env
file containing TEST_USER="base64string"
before running. base64string is base 64 encoded stringified JS object containing oAuthAccessToken, oAuthRefreshToken, oAuthExpirationDate and clientId.
To load TIDAL Player into a project locally without publishing to npm; using pnpm link
, yarn link
or npm link
can be problematic, especially if your project does not also use pnpm like this repo does. If so, you need to manually configure a "hard link" using the file:
protocol in package.json of the destination project like so:
"resolutions"
property on the top level. (this is an object)"@tidal-music/player": "file:/Users/<your-username>/dev/tidal-sdk-web/packages/player"
npm/yarn/pnpm install
in your destination project.!! Remove the entry in "resolution"
and run npm/yarn/pnpm install
again when you are done testing to have the NPM version of the package load instead.
Run the patch-shaka
script to get TS working for shaka-player.
FAQs
Player logic for TIDAL
We found that @tidal-music/player demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.