Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
bitbucket-server-nodejs
Advanced tools
Rest client for Atlassian client
Provides access to some of client's APIs.
Installation
npm install bitbucket-server-nodejs
Initializing Client
Supports public, basic auth and OAuth1.
Specify auth's type as 'public', 'basic' or 'oauth'. Defaults to 'public'.
var Client = require('bitbucket-server-nodejs').Client;
- BASIC AUTH -
var auth = {
"type": "basic",
"username": "username",
"password": "password"
};
- OR OAUTH1 -
var auth = {
"type": "oauth",
"consumer_secret": "consumer_secret",
"signature_method": "signature_method",
"token": "token",
"token_secret": "token_secret"
};
- OR NO AUTH AT ALL, FOR PUBLIC ACCESS -
var client = new Client('http://localhost:7990/rest/api/1.0');
- OR -
var client = new Client('http://localhost:7990/rest/api/1.0', auth);
APIS
projects
Get all projects.
client.projects.get(); // Promise
repos
Get all repos for a project.
client.repos.get(projectKey); // Promise
Get all repos, using pagination.
client.repos.getAll(); // Promise
Get all repos for all projects.
client.repos.getCombined(); // Promise
Get one repo for a project.
client.repos.getRepo(projectKey, repo); // Promise
branches
Get all branches for a repo.
client.branches.get(projectKey, repoKey); // Promise
To get branches from a user repo rather than a project repo, use user's slug as the project key, prepended by '~'.
client.branches.get('~userslug', repoKey); // Promise
pull requests
Get all pull requests for a repo.
client.prs.get(projectKey, repoSlug); // Promise
Get all pull requests for a project.
client.prs.getCombined(projectKey); // Promise
Get all pull requests on all projects.
client.prs.getCombined(); // Promise
Get all pull requests by a specific author.
client.prs.getCombined(null, null, { author: "ben" }); // Promise
Get all pull requests in a specific state (defaults OPEN).
client.prs.getCombined(null, null, { state: "MERGED" }); // Promise
Possible states: ALL, OPEN, DECLINED or MERGED.
hooks
Get all hooks for a repo.
client.hooks.get(projectKey, repoSlug); // Promise
Get all pre-recieve hooks.
client.hooks.getPreReceive(projectKey, repoSlug); // Promise
Get all post-recieve hooks.
client.hooks.getPostReceive(projectKey, repoSlug); // Promise
Get details for a single hook.
client.hooks.getHook(projectKey, repoSlug, hookKey); // Promise
settings
Get user's settings. Username and Password must be valid.
client.settings.get(username); // Promise
users
Get full list of users. You will probably need to have admin access.
client.users.get(); // Promise
Get one user.
client.users.getUser(userSlug); // Promise
API Coverage
- /rest/api/1.0/users [GET]
- /rest/api/1.0/users/{userSlug} [GET]
- /rest/api/1.0/users/{userSlug}/settings [GET]
- /rest/api/1.0/projects [GET]
- /rest/api/1.0/projects/{projectKey}/repos [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug} [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/browse [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/branches [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/pull-requests [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/settings/hooks [GET]
- /rest/api/1.0/projects/{projectKey}/repos/{repositorySlug}/settings/hooks/{hookKey}/enabled [PUT]
FAQs
Provides access to some of Bitbucket-Server's APIs.
The npm package bitbucket-server-nodejs receives a total of 50 weekly downloads. As such, bitbucket-server-nodejs popularity was classified as not popular.
We found that bitbucket-server-nodejs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 26 Oct 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025