Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The official Node.js library for the Coinbase API.
npm install coinbase
Version | GitHub repository |
---|---|
2.0.x | This repository |
0.1.x | mateodelnorte/coinbase |
Npm coinbase
package name used to refer to the unofficial coinbase library maintained by Matt Walters. Matt graciously allowed us to use the name for this package instead. You can still find that package on Github. Thanks, Matt.
The first thing you'll need to do is sign up for coinbase.
If you're writing code for your own Coinbase account, enable an API key. Next, create a Client
object for interacting with the API:
var Client = require('coinbase').Client;
var client = new Client({'apiKey': mykey, 'apiSecret': mysecret});
If you're writing code that will act on behalf of another user, start by creating a new OAuth 2 application. You will need to do some work to obtain OAuth credentials for your users; while outside the scope of this document, please refer to our OAuth 2 tutorial and documentation. Once you have these credentials, create a client:
var Client = require('coinbase').Client;
var client = new Client({'accessToken': accessToken, 'refreshToken': refreshToken});
With a client instance
, you can now make API calls. We've included some examples below, but in general the library has Javascript prototypes for each of the objects described in our REST API documentation. These classes each have methods for making the relevant API calls; for instance, coinbase.model.Transaction.complete
maps to the complete bitcoin request API endpoint. The comments of each method in the code references the endpoint it implements. Each API method returns an object
representing the JSON response from the API.
Listing available accounts
var coinbase = require('coinbase');
var client = new coinbase.Client({'apiKey': mykey, 'apiSecret': mysecret});
client.getAccounts({}, function(err, accounts) {
accounts.forEach(function(acct) {
console.log('my bal: ' + acct.balance.amount + ' for ' + acct.name);
});
});
Get Balance from an Account Id
var coinbase = require('coinbase');
var client = new coinbase.Client({'apiKey': mykey, 'apiSecret': mysecret});
client.getAccount('<ACCOUNT ID>', function(err, account) {
console.log('bal: ' + account.balance.amount + ' currency: ' + account.balance.currency);
});
Selling bitcoin
var args = {
"amount": "12",
"currency": "BTC"
};
account.sell(args, function(err, xfer) {
console.log('my xfer id is: ' + xfer.id);
});
Sending bitcoin
var args = {
"to": "user1@example.com",
"amount": "1.234",
"currency": "BTC",
"description": "Sample transaction for you"
};
account.sendMoney(args, function(err, txn) {
console.log('my txn id is: ' + txn.id);
});
Requesting bitcoin
var args = {
"to": "user1@example.com",
"amount": "1.234",
"currency": "BTC",
"description": "Sample transaction for you"
};
account.requestMoney(args, function(err, txn) {
console.log('my txn id is: ' + txn.id);
});
Listing current transactions
account.getTransactions(null, function(err, txns) {
txns.forEach(function(txn) {
console.log('my txn status: ' + txn.status);
});
});
Using pagination
account.getTransactions(null, function(err, txns, pagination) {
txns.forEach(function(txn) {
console.log('my txn: ' + txn.id);
});
console.log(pagination.next_uri);
account.getTransactions(pagination, function(err, txns) {
txns.forEach(function(txn) {
console.log('my txn: ' + txn.id);
});
});
});
Checking bitcoin prices
client.getBuyPrice({'currencyPair': 'BTC-USD'}, function(err, obj) {
console.log('total amount: ' + obj.data.amount);
});
Verifying merchant callback authenticity
if (client.verifyCallback(req.raw_body, req.headers['CB-SIGNATURE'])) {
// Process callback
}
Errors are thrown for invalid arguments but are otherwise returned as the first argument to callback functions using http-errors module.
Errors contain name
, status
, and message
fields for error handling. You can find
more information about error types here
Any and all contributions are welcome! The process is simple:
Tests are run via mocha and nock. To run the tests, clone the repository and then:
npm install
npm test
Please also scan the packages for known vulnerabilities.
npm install -g nsp
nsp check --output summary
You can also run the tests against various node environments using the Dockerfile.example file.
cp Dockerfile.example Dockerfile
[sudo] docker build -t coinbase-node .
[sudo] docker run -it coinbase-node
FAQs
The Coinbase API for Node.js
We found that conibase demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.