Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
bluesky-account-migrator
Advanced tools
A Node.js CLI for migrating Bluesky accounts from one PDS to another.
[!WARNING] This is community-maintained software. It has no affiliation with Bluesky the company. Use at your own risk.
bluesky-account-migrator
is currently in a beta state. If a migration fails, you will have to figure out how to recover on your own. See troubleshooting for more details.
# In a package
npm install bluesky-account-migrator
# Globally
npm install -g bluesky-account-migrator
Or the equivalent incantation using your package manager of choice.
Migrating your Bluesky account is a potentially destructive operation that can result in losing access to the account. This CLI files away some of the rough edges, but it's far from perfect, and can't help you recover if the migration fails (although you may be able to do so yourself, see troubleshooting).
To get a better understanding of the risks and steps involved in account migration, see Bluesky's account migration guide. The implementation of this package is based on the snippet in that guide.
did:plc
Bluesky account
The CLI has a single command migrate
, which you can run using e.g. npx
:
npx bluesky-account-migrator migrate
This will interactively walk you through migrating your Bluesky account from one PDS to another. It will collect most of the necessary information upfront, such as the PDS URLs, account handles, etc., then ask if you want to start the migration:
? Perform the migration with these credentials? (Y/n)
Migrating your account requires completing an email challenge. Assuming all goes well, the migration will run until the challenge email has been sent. You will have to retrieve the confirmation token in this email and provide it to the CLI to complete the migration:
An email should have been sent to the old account's email address.
? Enter the confirmation token from the challenge email
If the challenge token is correct, the migration should complete successfully. At the end of the migration, the private recovery key will be printed to the terminal. You must save this key in a secure location, or you could lose access to your account.
The migration is implemented as a state machine in the form of the Migration
class.
You can run a migration programmatically as follows:
import { Migration, MigrationState } from 'bluesky-account-migrator';
const credentials = {
oldPdsUrl: 'https://old.bsky.social',
oldHandle: 'old.handle.com',
oldPassword: 'oldpass123',
inviteCode: 'invite-123',
newPdsUrl: 'https://new.bsky.social',
newHandle: 'new.handle.com',
newEmail: 'new@email.com',
newPassword: 'newpass123',
};
const migration = new Migration({ credentials });
let result = await migration.run();
if (result !== MigrationState.RequestedPlcOperation) {
// Something has gone extremely wrong if this happens
throw new Error('unexpected migration state');
}
// You have to get this from the challenge email and make it available
// to your program somehow
const confirmationToken = '...';
migration.confirmationToken = confirmationToken;
result = await migration.run();
if (result !== MigrationState.Finalized) {
// Again, something has gone extremely wrong if this happens
throw new Error('unexpected migration state');
}
// This is the recovery private key for the account, which must be stored
// somewhere or risk the loss of the account
storeSomewhereSafe(migration.newPrivateKey);
[!IMPORTANT] If you encounter any problems with
bluesky-account-migrator
, please file an issue.
If your migration fails, you are alone in strange territory. However, all is not lost.
While bluesky-account-migrator
is not (yet) equipped to resume partial migrations,
the error should tell you where it failed. In addition, the migration is implemented
as a state machine, and you should be able to figure out what's left to do by consulting
this file. In brief, each state maps to an "operation",
which is essentially a function wrapping a set of logically associated API calls. By
identifying the error and the remaining API calls, you can likely compose a script that
completes the rest of the migration.
com.atproto.server.checkAccountStatus
.[0.2.0]
migrate
the default CLI commandfoo.com
even if your old PDS is something else, like bsky.social
.FAQs
A CLI for migrating Bluesky accounts from one PDS to another.
The npm package bluesky-account-migrator receives a total of 95 weekly downloads. As such, bluesky-account-migrator popularity was classified as not popular.
We found that bluesky-account-migrator demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.