Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
bitmex-realtime-api
Advanced tools
This is a reference adapter for receiving realtime data from the BitMEX API.
The following is runnable in example.js.
To get started, create a new client:
const BitMEXClient = require('bitmex-realtime-api');
// See 'options' reference below
const client = new BitMEXClient({testnet: true});
Then subscribe to a symbol and table, and pass a callback.
client.addStream('XBTUSD', 'instrument', function (data, symbol, tableName) {
// Do something with the table data...
});
Options:
{
testnet: false, // set `true` to connect to the testnet site (testnet.bitmex.com)
// Set API Key ID and Secret to subscribe to private streams.
// See `Available Private Streams` below.
apiKeyID: '',
apiKeySecret: '',
maxTableLen: 10000 // the maximum number of table elements to keep in memory (FIFO queue)
}
Subscribe to a data stream. Pass a symbol to subscribe to all public data for an instrument.
Pass tableName
to receive data for a specific table.
client.addStream('XBTUSD', 'quote', function (data, symbol, tableName) {
if (!data.length) return;
const quote = data[data.length - 1]; // the last data element is the newest quote
// Do something with the quote (.bidPrice, .bidSize, .askPrice, .askSize)
});
The client also doubles as a basic EventEmitter. The following events are fired:
"initialize" // Socket initialized, client.streams available
"error"
"open"
"close"
Example:
client.on('initialize', () => {
console.log(client.streams); // Log .public, .private and .all stream names
});
Note: Don't forget to attach an error
handler! If one is not attached, errors will be thrown
and crash your client.
Use this function to access data directly. Pass either a symbol, or tableName, or both. Data returned by this method is safe to modify as it is cloned from the internal stores.
If speed is a concern, all data is accessible directly inside the client via the client._data
property.
Do not modify this data, or you will corrupt further updates!
Same as above, but returns all tables for a given symbol.
Same as above, but returns all symbols for a given table.
client.addStream('XBTUSD', 'trade', () => {});
setTimeout(() => {
console.log('XBTUSD trades during the last few seconds:', client.getTable('trade').XBTUSD);
}, 5000);
The streams below echo the models described in the API Explorer.
"chat", // Trollbox
"instrument", // Instrument updates including turnover and bid/ask
"liquidation", // Liquidations
"orderBookL2_25", // Top 25 levels of level 2 order book
"orderBook10", // Last 10 bids and asks (price and size)
"quote", // Top level of the book
"trade" // Trades
... // See https://www.bitmex.com/app/wsAPI#Subscriptions for more streams
The following streams require authentication via an API key.
"execution", // Individual order placements and executions, settlements, commissions
"margin", // Your account's margin details
"order", // Order creations, cancellations, and updates
"position" // Your positions, per instrument
... // See https://www.bitmex.com/app/wsAPI#Subscriptions for more streams
For much more information on what this module is doing, run it with the DEBUG
environment variable. For example:
# Display all debug messages
DEBUG=* node example.js
# Display all high-level debug messages
DEBUG=BitMEX:* node example.js
https://www.bitmex.com/app/wsAPI#Heartbeats
you can implement a more thorough solution, but hope this helps along
setInterval(() => {
client.socket.send("ping")
}, 30 * 1000); // sends ping every 30 s
FAQs
A library for interacting with BitMEX's websocket API.
The npm package bitmex-realtime-api receives a total of 43 weekly downloads. As such, bitmex-realtime-api popularity was classified as not popular.
We found that bitmex-realtime-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.