Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
asr-api-client
Advanced tools
asr-api-client library
Library is created for implementing dictation. There is no UI components as this package is meant to be only as service for comunication.
Build
Library is compiled with webpack. To prepare solution for packaging, execute npm run build. Packaged library is written into dist folder and npm publish should be run from that folder.
Examples
Execute this code when you need to start recording voice, and replace configuration values as necessary.
First, you need to create new AsrClient. For more info about configuration - check asr-client-configuration interface.
const config: AsrClientConfiguration = {
appId: YOUR_APP_ID, // ask from person responsible for implementation
appSecret: YOUR_APP_SECRET, // ask from person responsible for implementation
language: LANGUAGE, // input language
apiUrl: API_URL, // defaults to "runa.tilde.lv"
visualizerId: VISUALIZER_ID, // id for canvas element if you would like to see audio visualization
onResult: result => console.log(result), // partial or final result
onRecordingStartStop: isRecording=> console.log(isRecording), // boolean value emitted whenever isRecording changes
onError: error=> console.error(error) // error callback
}
const asrClient = new AsrClient(config);
then you have access to method to start recording
asrClient.beginVoiceRecognition();
to stop recording
asrClient.endVoiceRecognition();
When you have created client, you can also access visualizer and see input visualization
asrClient.audioVisualizer?.visualizeAudio()
Good to know
To autonomate build and publish process, there is additional scripts that are executed.
auto_version_patch.ps1 - script for automatically updating package patch version. To execute it - just run npm run autoVersionUpdate in console.
set-up-package.js - this file is responsible for cleaning up package.json from devdependencies and scripts, since they are not necessary in release build. This script also makes sure that this edited package.json file is copied to dist folder, together with readme file.
NOTE - autoversion script should be executed before set-up-package.js, so that correct version is in package.json end file
FAQs
Library with services for communicating with Tilde TSP platform
The npm package asr-api-client receives a total of 0 weekly downloads. As such, asr-api-client popularity was classified as not popular.
We found that asr-api-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Jun 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025