Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
botkit-discord
Advanced tools
A Botkit connector for Discord with support for text, voice, attachments, embedded messages, and more.
🤖👾 A Botkit connector for Discord with support for text, voice, attachments, embedded messages, and more.
This Botkit platform connector is intended to be used for Discord. Underneath the hood, this connector is utilizing discord.js. Currently the connector supports the following features:
$ npm install botkit-discord
const BotkitDiscord = require('botkit-discord');
const config = {
token: '**' // Discord bot token
}
const discordBot = BotkitDiscord(config);
discordBot.hears('hello','direct_message',(bot, message) => {
bot.reply(message, 'how goes there :)!');
});
discordBot.hears('.*', 'direct_mention', (bot, message) => {
bot.reply(message, 'leave me to be please.');
});
const BotkitDiscord = require('botkit-discord');
const config = {
token: '**' // Discord bot token
}
// Let's join the user's voice channel if we recieve a "b!play"
// play a song and leave, get rating from user, and save result
// if no rating is stored, we can end convoersation
discordBot.hears('b!play', 'ambient', (bot, message) => {
bot.api.joinVoiceChannel().then(connection => {
dispatcher = connection.play('./music/funny.mp3')
dispatcher.setVolume(0.5)
dispatcher.on('finish', () => {
bot.createConversation(message, (err, convo) => {
convo.addQuestion('How would rate that from a scale of 0 to 5?', (response, convo) => {
const numberRating = response.text.match(/[0-5]/g);
if (numberRating.length < 1) {
convo.say('Uhh... not a valid rating, try again later!');
convo.next();
}
convo.say('Oh wow! Thanks for letting me know!');
db.save(message.member.id, numberRating[0]);
convo.next();
});
});
})
bot.api.leaveVoiceChannel();
}).catch(err => {
// If the user is not in a voice channel, tell them to join one
bot.reply('Dude, you\'ll need to join a voice channel and try again');
});
});
Refer to Botkit documentation to utilize all of the other Botkit features.
When you want your bot to respond to particular events that may be relevant, you can use the .on
method.
discordBot.on(EVENT_NAME, event => {
// do stuff
});
Event | Description |
---|---|
ambient | a channel the bot is in has a new message |
direct_message | the bot received a direct message from a user |
direct_mention | the bot was addressed directly in a channel ("@bot hello") |
mention | the bot was mentioned by someone in a message ("hello @bot") |
Event | Description |
---|---|
disconnect | Bot has disconnected or failed to login |
ready | Bot is connected |
Along with standard events, all Discord.js events have been migrated for your use. Please refer to the docs for usage.
Server Greeting Referenced in Docs
discordBot.on('guildMemberAdd', member => {
const channel = member.guild.channels.find(ch => ch.name === 'member-log');
if (!channel) return;
channel.send(`Welcome to the server, ${member}`);
});
This connector utilizes the built-in discord.js
audio functionality, but requires additional steps to work properly:
node-opus
or opusscript
(discord.js recommends node-opus
for performance reasons, but opusscript
works for development purposes)
npm install node-opus
npm install opusscript
brew update && brew install ffmpeg
apt update && apt install ffmpeg
For convenience, you'll be able to use the voice functionality if the sender of the message is already in a voice channel. This will be available in the .api
properties of the bot object passed as a parameter in the event handler.
joinVoiceChannel()
leaveVoiceChannel()
Example Usage:
discordBot.hears('!audio', 'ambient', (bot, message) => {
if (!bot.api.joinVoiceChannel) {
return bot.reply(message, 'I would if you were in a voice channel!');
}
bot.api.joinVoiceChannel().then(connection => {
dispatcher = connection.play('./music/troll.mp3')
dispatcher.setVolume(0.5)
}).catch(err => {
console.log(`Failed to play audio: ${err}`);
});
})
To use embeds, it's preferred to use the Discord.js RichEmbed builder, discordBot.RichEmbed()
.
discordBot.hears('!rpg', ['direct_message', 'ambient'], (bot, message) => {
const embed = new discordBot.RichEmbed()
embed.setAuthor(
"Quick RPG Stats",
"https://rpglink.com/icon/here"
);
embed.addField("Power Level 👊", "Equivalent to a Goblin Archer 🏹");
embed.addField("Skills Acquired 🥕", "🏹 Archery, 🍳 Cooking");
embed.setColor('GREEN');
bot.reply(message, embed)
});
It's recommended to use the attachment helper, discordBot.Attachment
:
discordBot.hears('!file', ['direct_message', 'ambient'], (bot, message) => {
const attachment = new discordBot.Attachment('./temp.js', "Awesome Script!")
bot.reply(message, attachment)
});
Ⓒ MIT Brandon Him / brh55
Please let me know if you plan on forking or would like professional support. Open-source is a hobby, but it would be great as a full-time gig :)
This wouldn't be possible without all the tremendous effort and contributors behind discord.js.
FAQs
A Botkit connector for Discord with support for text, voice, attachments, embedded messages, and more.
The npm package botkit-discord receives a total of 28 weekly downloads. As such, botkit-discord popularity was classified as not popular.
We found that botkit-discord demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.