Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
botframework
Advanced tools
Bot Framework allows you to write bots for Facebook Messenger. But it has been designed to allow integration of other bots.
npm install botframework
In order to setup the Facebook Bot in next step you need to define a
For testing I can recommend http://localtunnel.me/
follow https://developers.facebook.com/docs/messenger-platform/quickstart to set up your bot. Note the access_token. We will need it
var bf = require('../');
var bot = new bf.Bot({
fb: {
page_id: <your facebook page id>,
verify_id: <your verify id>,
port: 3000,
callback_path: '/facebook/receive',
access_token: <access_token from facebook>
}
}, new ctrl());
function ctrl() {
this.newUser = function (data) {
console.log('user'+ JSON.stringify(data));
reply.text('hi');
};
this.textMessage = function(data, reply) {
reply.text('Servus: ' + data.text);
};
// newUser?(msg: INewUserMessage, reply: IBotReply): void;
// imageMessage?(imageMessage: IImageMessage, reply: IBotReply): void;
// linkMessage?(linkMessage: ILinkMessage, reply: IBotReply): void;
// locationMessage?(locationMessage: ILocationMessage, reply: IBotReply): void;
// catchAll?(user: IBotUser, msg: Object, reply: IBotReply): void;
}
import {IBotSettings, , IBotController} from 'botframework';
let botSettings: IBotSettings = {
fb: {
page_id: <your facebook page id>,
verify_id: <your verify id>,
port: 3000,
callback_path: '/facebook/receive',
access_token: <access_token from facebook>
}
} ;
class BotController implements IBotController {
textMessage(msg: ITextMessage, reply: IBotReply): any {
reply.text('hi');
}
// newUser?(msg: INewUserMessage, reply: IBotReply): void;
// imageMessage?(imageMessage: IImageMessage, reply: IBotReply): void;
// linkMessage?(linkMessage: ILinkMessage, reply: IBotReply): void;
// locationMessage?(locationMessage: ILocationMessage, reply: IBotReply): void;
// catchAll?(user: IBotUser, msg: Object, reply: IBotReply): void;
}
var bot = new Bot(botSettings, new BotController());
bot.setWelcomeMessage('
Botframework detects the facebook message type and calls the according handler callback function if its defined.
You can implement more handlers. Following callbacks are currently supported:
export interface IBotController {
newUser?(msg: INewUserMessage, reply: IBotReply): void; // handles facebook Authentication callback
textMessage?(textMessage: ITextMessage, reply: IBotReply): void; // handles text only messages
imageMessage?(imageMessage: IImageMessage, reply: IBotReply): void; // handles received images
linkMessage?(linkMessage: ILinkMessage, reply: IBotReply): void; // handles received links from mobile phone sendTo Plugin
locationMessage?(locationMessage: ILocationMessage, reply: IBotReply): void; // handles received locations
catchAll?(user: IBotUser, msg: Object, reply: IBotReply): void;
}
The Reply interfaces currently supports replying with a simple text message and a list message.
// reply with list
let botItems: Array<IBotReplyListItem> = response.data.map( (obj: Object) => {
let buttons = [
{
title: 'Open Link',
url: obj.href,
type: 'web_url'
}
];
return {
title: obj.name,
image_url: obj.img_url
subtitle: obj.desc || '',
buttons
}
});
reply.list(botItems);
//////
//reply with text
reply.text('Hi there');
//reply with buttons
let buttons: IBotReplyListItemAction[] = [
{
title: 'Open Link',
url: obj.href,
type: 'web_url'
},
{
title: 'Show Updates',
payload: 'SHOW_UPDATES',
type: 'postback'
}
];
reply.buttons('Please choose:', );
FAQs
Framework for messaging bots
The npm package botframework receives a total of 6 weekly downloads. As such, botframework popularity was classified as not popular.
We found that botframework demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.