Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
---------
[](http://gruntjs.com/)
[](https://travis-ci.org/Askrround/botly)
[](https://codeclimate.com/github/Askrround/botly/coverage)
[](http://badge.fury.io/js/botly)
[](https://david-dm.org/Askrround/botly)
[](https://david-dm.org/Askrround/botly#info=devDependencies)
[](https://img.shields.io/npm/dm/botly.svg)
[](LICENSE)
[](https://nodei.co/npm/botly/)
Simple Facebook Messenger Platform Bot API
- Install
- Example
- API
- send (options[, callback])
- sendText (options[, callback])
- sendAttachment (options[, callback])
- sendImage (options[, callback])
- sendButtons (options[, callback])
- sendGeneric (options[, callback])
- sendReceipt (options[, callback])
- setGetStarted (options[, callback])
- setPersistentMenu (options[, callback])
- getUserProfile (userId[, callback])
- createWebURLButton (title, url)
- createPostbackButton (title, payload)
- createQuickReply (title, payload)
- createButtonTemplate (text, buttons)
- createGenericTemplate (elements)
- handleMessage (req)
- Events
- Change Log
Install
npm i botly --save
Example
const express = require("express");
const Botly = require("botly");
const botly = new Botly({
accessToken: pageAccessToken, //page access token provided by facebook
verifyToken: verificationToken, //needed when using express - the verification token you provided when defining the webhook in facebook
webHookPath: yourWebHookPath, //defaults to "/",
notificationType: Botly.CONST.REGULAR //already the default (optional)
});
botly.on("message", (senderId, message, data) => {
let text = `echo: ${data.text}`;
botly.sendText(senderId, text);
});
const app = express();
app.use("/webhook", botly.router());
app.listen(3000);
You can also clone the repository and run a complete bot example from the example folder.
API
send (options[, callback])
botly.send({
id: userId,
message: {text: "Hi There!"}
}, function (err, data) {
//log it
});
sendText (options[, callback])
botly.sendText({id: userId, text: "Hi There!"}, function (err, data) {
//log it
});
sendAttachment (options[, callback])
botly.sendAttachment({
id: userId,
type: Botly.CONST.ATTACHMENT_TYPE.IMAGE,
payload: {url: "http://example.com/image.png"}
}, function (err, data) {
//log it
});
sendImage (options[, callback])
botly.sendImage({id: userId, url: "http://example.com/image.png"}, function (err, data) {
//log it
});
sendButtons (options[, callback])
let buttons = [];
buttons.push(botly.createWebURLButton("Go to Askrround", "http://askrround.com"));
buttons.push(botly.createPostbackButton("Continue", "continue"));
botly.sendButtons({id: userId, text: "What do you want to do next?", buttons: buttons}
, function (err, data) {
//log it
});
sendGeneric (options[, callback])
let buttons = [];
buttons.push(botly.createWebURLButton("Go to Askrround", "http://askrround.com"));
buttons.push(botly.createPostbackButton("Continue", "continue"));
let element = {
title: "What do you want to do next?",
item_url: "http://example.com",
image_url: "http://example.com/image.png",
subtitle: "Choose now!",
buttons: buttons
}
botly.sendGeneric({id: userId, elements: element}, function (err, data) {
console.log("send generic cb:", err, data);
});
sendReceipt (options[, callback])
let payload = {
"recipient_name": "Stephane Crozatier",
"order_number": "12345678902",
"currency": "USD",
"payment_method": "Visa 2345",
"order_url": "http://petersapparel.parseapp.com/order?order_id=123456",
"timestamp": "1428444852",
"elements": [
{
"title": "Classic White T-Shirt",
"subtitle": "100% Soft and Luxurious Cotton",
"quantity": 2,
"price": 50,
"currency": "USD",
"image_url": "http://petersapparel.parseapp.com/img/whiteshirt.png"
},
{
"title": "Classic Gray T-Shirt",
"subtitle": "100% Soft and Luxurious Cotton",
"quantity": 1,
"price": 25,
"currency": "USD",
"image_url": "http://petersapparel.parseapp.com/img/grayshirt.png"
}
],
"address": {
"street_1": "1 Hacker Way",
"street_2": "",
"city": "Menlo Park",
"postal_code": "94025",
"state": "CA",
"country": "US"
},
"summary": {
"subtotal": 75.00,
"shipping_cost": 4.95,
"total_tax": 6.19,
"total_cost": 56.14
},
"adjustments": [
{
"name": "New Customer Discount",
"amount": 20
},
{
"name": "$10 Off Coupon",
"amount": 10
}
]
};
botly.sendReceipt({id: sender, payload: payload}, function (err, data) {
console.log("send generic cb:", err, data);
});
setGetStarted (options[, callback])
botly.setGetStarted({pageId: "myPage", payload: "GET_STARTED_CLICKED"}, function (err, body) {
//log it
});
setPersistentMenu (options[, callback])
botly.setPersistentMenu({pageId: "myPage", buttons: [botly.createPostbackButton('reset', 'reset_me')]}, function (err, body) {
//log it
});
getUserProfile (userId[, callback])
botly.getUserProfile(senduserIder, function (err, info) {
//cache it
});
createWebURLButton (title, url)
createPostbackButton (title, payload)
createQuickReply (title, payload)
sendAttachment and sendText both support optional quick_replies
createButtonTemplate (text, buttons)
Where buttons can be a single button or an array of buttons.
createGenericTemplate (elements)
Where elements can be a single element or an array of elements.
handleMessage (req)
If you are not using express, you can use this function to parse the request from facebook in order to generate the proper events.
req should have a body property.
Events
botly.on("message", (sender, message, data) => {
/**
* where data can be a text message or an attachment
* data = {
* text: "text entered by user"
* }
* OR
* data = {
* attachments: {
* image: ["imageURL1", "imageURL2"],
* video: ["videoURL"],
* audio: ["audioURL1"],
* location: [{coordinates}]
* }
* }
*/
});
botly.on("postback", (sender, message, postback) => {
/**
* where postback is the postback payload
*/
});
botly.on("delivery", (sender, message, mids) => {
/**
* where mids is an array of mids
*/
});
botly.on("optin", (sender, message, optin) => {
/**
* where optin is the ref pass through param
*/
});
botly.on("error", (ex) => {
/* handle exceptions */
});
Change Log
version 1.0.1
- quick replies are considered as postback and not regular message
version 1.0.0
- removed
createTemplatefunction - was too verbose - moved to object parameters - too many parameters
- added support for quick replies
- add support for persistent menu
- added support for audio/video/file attachments
- renamed setWelcomeScreen to setGetStarted since no longer supported by facebook.
FAQs
Simple Facebook Messenger Bot API
The npm package botly receives a total of 245 weekly downloads. As such, botly popularity was classified as not popular.
We found that botly demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 Jul 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025