Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Node.js & JavaScript SDK for Binance REST APIs & WebSockets, with TypeScript & end-to-end tests.
Updated & performant JavaScript & Node.js SDK for the Binance REST APIs and WebSockets:
reconnected
event when dropped connection is restored.npm install binance --save
Refer to the examples folder for implementation demos.
Check out my related JavaScript/TypeScript/Node.js projects:
Most methods accept JS objects. These can be populated using parameters specified by Binance's API documentation.
This project uses typescript. Resources are stored in 3 key structures:
Create API credentials at Binance
There are several REST API modules as there are some differences in each API group.
MainClient
for most APIs, including: spot, margin, isolated margin, mining, BLVT, BSwap, Fiat & sub-account management.USDMClient
for USD-M futures APIs.CoinMClient
for COIN-M futures APIs.Vanilla Options connectors are not yet available, though contributions are welcome!
Start by importing the spot client. API credentials are optional, though an error is thrown when attempting any private API calls without credentials.
const { MainClient } = require('binance');
const API_KEY = 'xxx';
const API_SECRET = 'yyy';
const client = new MainClient({
api_key: API_KEY,
api_secret: API_SECRET,
});
client
.getAccountTradeList({ symbol: 'BTCUSDT' })
.then((result) => {
console.log('getAccountTradeList result: ', result);
})
.catch((err) => {
console.error('getAccountTradeList error: ', err);
});
client
.getExchangeInfo()
.then((result) => {
console.log('getExchangeInfo inverse result: ', result);
})
.catch((err) => {
console.error('getExchangeInfo inverse error: ', err);
});
See spot-client.ts for further information.
Start by importing the usd-m client. API credentials are optional, though an error is thrown when attempting any private API calls without credentials.
const { USDMClient } = require('binance');
const API_KEY = 'xxx';
const API_SECRET = 'yyy';
const client = new USDMClient({
api_key: API_KEY,
api_secret: API_SECRET,
});
client
.getBalance()
.then((result) => {
console.log('getBalance result: ', result);
})
.catch((err) => {
console.error('getBalance error: ', err);
});
client
.get24hrChangeStatististics()
.then((result) => {
console.log('get24hrChangeStatististics inverse futures result: ', result);
})
.catch((err) => {
console.error('get24hrChangeStatististics inverse futures error: ', err);
});
See usdm-client.ts for further information.
Start by importing the coin-m client. API credentials are optional, though an error is thrown when attempting any private API calls without credentials.
const { CoinMClient } = require('binance');
const API_KEY = 'xxx';
const API_SECRET = 'yyy';
const client = new CoinMClient({
api_key: API_KEY,
api_secret: API_SECRET,
});
client
.getSymbolOrderBookTicker()
.then((result) => {
console.log('getSymbolOrderBookTicker result: ', result);
})
.catch((err) => {
console.error('getSymbolOrderBookTicker error: ', err);
});
See coinm-client.ts for further information.
All websockets are accessible via the shared WebsocketClient
. As before, API credentials are optional unless the user data stream is required.
const { WebsocketClient } = require('binance');
const API_KEY = 'xxx';
const API_SECRET = 'yyy';
// optionally override the logger
const logger = {
...DefaultLogger,
silly: (...params) => {},
};
const wsClient = new WebsocketClient(
{
api_key: key,
api_secret: secret,
beautify: true,
// Disable ping/pong ws heartbeat mechanism (not recommended)
// disableHeartbeat: true
},
logger,
);
// receive raw events
wsClient.on('message', (data) => {
console.log('raw message received ', JSON.stringify(data, null, 2));
});
// notification when a connection is opened
wsClient.on('open', (data) => {
console.log('connection opened open:', data.wsKey, data.ws.target.url);
});
// receive formatted events with beautified keys. Any "known" floats stored in strings as parsed as floats.
wsClient.on('formattedMessage', (data) => {
console.log('formattedMessage: ', data);
});
// read response to command sent via WS stream (e.g LIST_SUBSCRIPTIONS)
wsClient.on('reply', (data) => {
console.log('log reply: ', JSON.stringify(data, null, 2));
});
// receive notification when a ws connection is reconnecting automatically
wsClient.on('reconnecting', (data) => {
console.log('ws automatically reconnecting.... ', data?.wsKey);
});
// receive notification that a reconnection completed successfully (e.g use REST to check for missing data)
wsClient.on('reconnected', (data) => {
console.log('ws has reconnected ', data?.wsKey);
});
// Recommended: receive error events (e.g. first reconnection failed)
wsClient.on('error', (data) => {
console.log('ws saw error ', data?.wsKey);
});
// Call methods to subcribe to as many websockets as you want.
// Each method spawns a new connection, unless a websocket already exists for that particular request topic.
// wsClient.subscribeSpotAggregateTrades(market);
// wsClient.subscribeSpotTrades(market);
// wsClient.subscribeSpotKline(market, interval);
// wsClient.subscribeSpotSymbolMini24hrTicker(market);
// wsClient.subscribeSpotAllMini24hrTickers();
// wsClient.subscribeSpotSymbol24hrTicker(market);
// wsClient.subscribeSpotAll24hrTickers();
// wsClient.subscribeSpotSymbolBookTicker(market);
// wsClient.subscribeSpotAllBookTickers();
// wsClient.subscribeSpotPartialBookDepth(market, 5);
// wsClient.subscribeSpotDiffBookDepth(market);
wsClient.subscribeSpotUserDataStream();
wsClient.subscribeMarginUserDataStream();
wsClient.subscribeIsolatedMarginUserDataStream('BTCUSDT');
wsClient.subscribeUsdFuturesUserDataStream();
// each method also restores the WebSocket object, which can be interacted with for more control
// const ws1 = wsClient.subscribeSpotSymbolBookTicker(market);
// const ws2 = wsClient.subscribeSpotAllBookTickers();
// const ws3 = wsClient.subscribeSpotUserDataStream(listenKey);
// optionally directly open a connection to a URL. Not recommended for production use.
// const ws4 = wsClient.connectToWsUrl(`wss://stream.binance.com:9443/ws/${listenKey}`, 'customDirectWsConnection1');
See websocket-client.ts for further information. Also see ws-userdata.ts for user data examples.
Pass a custom logger which supports the log methods silly
, debug
, notice
, info
, warning
and error
, or override methods from the default logger as desired.
const { WebsocketClient, DefaultLogger } = require('binance');
// Enable all logging on the silly level
DefaultLogger.silly = (...params) => {
console.log('sillyLog: ', params);
};
const ws = new WebsocketClient(
api_key: 'xxx',
api_secret: 'yyyy',
DefaultLogger
);
This is the "modern" way, allowing the package to be directly imported into frontend projects with full typescript support.
npm install crypto-browserify stream-browserify
tsconfig.json
{
"compilerOptions": {
"paths": {
"crypto": [
"./node_modules/crypto-browserify"
],
"stream": [
"./node_modules/stream-browserify"
]
}
(window as any).global = window;
This is the "old" way of using this package on webpages. This will build a minified js bundle that can be pulled in using a script tag on a website.
Build a bundle using webpack:
npm install
npm build
npm pack
The bundle can be found in dist/
. Altough usage should be largely consistent, smaller differences will exist. Documentation is still TODO.
However, note that browser usage will lead to CORS errors due to Binance.
Have my projects helped you? Share the love, there are many ways you can show your thanks:
0xA3Bda8BecaB4DCdA539Dc16F9C54a592553Be06C
Contributions are encouraged, I will review any incoming pull requests. See the issues tab for todo items.
FAQs
Node.js & JavaScript SDK for Binance REST APIs & WebSockets, with TypeScript & end-to-end tests.
The npm package binance receives a total of 1,775 weekly downloads. As such, binance popularity was classified as popular.
We found that binance demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.