Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
coinbase-pro-deno
Advanced tools
Deno port for the Coinbase Pro API for Node.js, written in TypeScript and covered by tests.
🌟 Better than the original Coinbase API. See why. 🌟
Community-maintained Coinbase API for Node.js & Deno, written in TypeScript and covered by tests.
The purpose of this coinbase-pro-node package is to maintain a recent Coinbase API for Node.js with type safety through TypeScript.
npm
npm install coinbase-pro-node
Yarn
yarn add coinbase-pro-node
JavaScript
const {CoinbasePro} = require('coinbase-pro-node');
const client = new CoinbasePro();
TypeScript
import {CoinbasePro} from 'coinbase-pro-node';
const client = new CoinbasePro();
The demo section provides many examples on how to use "coinbase-pro-node". There is also an automatically generated API documentation. For a quick start, here is a simple example for a REST request:
import {CoinbasePro} from 'coinbase-pro-node';
// API Keys can be generated here:
// https://pro.coinbase.com/profile/api
// https://public.sandbox.pro.coinbase.com/profile/api
const auth = {
apiKey: '',
apiSecret: '',
passphrase: '',
// The Sandbox is for testing only and offers a subset of the products/assets:
// https://docs.cloud.coinbase.com/exchange/docs#sandbox
useSandbox: true,
};
const client = new CoinbasePro(auth);
client.rest.account.listAccounts().then(accounts => {
const message = `You can trade "${accounts.length}" different pairs.`;
console.log(message);
});
If you want to listen to WebSocket messages, have a look at these demo scripts:
All demo scripts are executable from the root directory. If you want to use specific credentials with a demo script, simply add a .env
file to the root of this package to modify environment variables used in init-client.ts.
npx ts-node ./src/demo/dump-candles.ts
Tip: There is a .env.defaults file which serves as a template. Just remove its .defaults
extension and enter your credentials to get started. Do not commit this file (or your credentials) to any repository!
The "coinbase-pro-node" library was built to be used in Node.js environments BUT you can also make use of it in web frontend applications (using React, Vue.js, etc.). However, due to the CORS restrictions of modern web browser, you will have to use a proxy server.
A proxy server can be setup with webpack's DevServer proxy configuration or http-proxy-middleware.
Here is an example:
Backend
import {createProxyMiddleware} from 'http-proxy-middleware';
import express from 'express';
const app = express();
app.use(
'/api-coinbase-pro',
createProxyMiddleware({
target: 'https://api.exchange.coinbase.com',
changeOrigin: true,
pathRewrite: {
[`^/api-coinbase-pro`]: '',
},
})
);
Later on, you can use the proxy URL (/api-coinbase-pro
from above) in your web application to initialize "coinbase-pro-node" with it:
Frontend
const client = new CoinbasePro({
httpUrl: '/api-coinbase-pro',
apiKey: '',
apiSecret: '',
passphrase: '',
useSandbox: false,
});
Checkout GitHub's dependency graph to see who uses "coinbase-pro-node" in production. There are also npm packages depending on "coinbase-pro-node".
Contributions, issues and feature requests are welcome!
Feel free to check the issues page.
The following commits will help you getting started quickly with the code base:
All resources can be found in the Coinbase Exchange API reference. For the latest updates, check Coinbase's API Changelog.
This project is MIT licensed.
Please leave a star if you find this project useful.
If you like this project, you might also like these related projects:
There are official Coinbase APIs for Node.js, but they all come with some disadvantages leading to decreased developer experience (DX):
Coinbase is versioning its API through ReadMe.com, so you can generate an API client from their OpenAPI Specification. ReadMe provides a Node.js package named "api" which allows you to retrieve an automatically generated Node.js client:
npm install api@^4.5.1
import api from 'api';
const sdk = api('@coinbase-exchange/v1.0#qgumw1pl3iz4yut');
sdk['ExchangeRESTAPI_GetProductTrades']({
product_id: 'BTC-USD',
}).then(response => {
console.log(`Found "${response.length}" trades.`);
});
The current Coinbase Node.js SDK (provided by the api package) does not support typings for response payloads:
FAQs
Deno port for the Coinbase Pro API for Node.js, written in TypeScript and covered by tests.
We found that coinbase-pro-deno demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.