
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
This is an unnoficial Node.js API client for DeGiro's trading platform. Using this module you can easily automate your orders (buy and sell) and get information about orders, funds or products.
DeGiro is Europe's fastest growing online stockbroker. DeGiro distinguishes itself by offering institutional fees to retail investors.
# using npm
npm install --save degiro
# using yarn
yarn add degiro
const DeGiro = require('degiro');
const degiro = Degiro.create({username: 'johndoe', password: '1234'});
You can also provide your user and pass via environment variables:
// run as:
// DEGIRO_USER=johndow DEGIRO_PASS=1234 node app.js
const DeGiro = require('degiro');
// now you don't need to provide your credentials
const degiro = Degiro.create();
Performs the login to DeGiro using the username and password and gets a new session id and the account number.
degiro.login().then(session => console.log(session));
// prints session info (session id and account number)
You can reuse your sessions if you provide the id and account number
via environment variables (DEGIRO_SID
and DEGIRO_ACCOUNT
), direct assignment
or constructor parameters.
// set session info via constructor
const degiro = DeGiro.create({sessionId: '', account: 123456})
// set session assigning session variables
degiro.session.id = 'your-session-id' ;
degiro.session.account = 'your-account-number';
degiro.getCashFunds().then(cash => console.log(cash));
// {
// cashFunds: [
// {id: '2', name: 'EUR', value: 1935.8, valueBaseCurr: 1935.8, rate: 1},
// {id: '9885', name: 'USD', value: 0, valueBaseCurr: 0, rate: 0.9102},
// ...
// ]
// }
This example sets a permanent buy order 10 Apple shares at a fixed price of $110
degiro.buy({
orderType: DeGiro.OrderTypes.limited,
productSymbol: 'AAPL',
productType: DeGiro.ProductTypes.shares,
timeType: DeGiro.TimeTypes.permanent,
size: 10,
price: 110,
}).then(r => console.log(r)); // prints the order id
orderType
: number
productSymbol
: stringproductType
: number
timeType
: number
price
: number - Required for limited
and stopLimited
ordersstopPrice
: number - Required for stopLoss
and stopLimited
ordersThis example puts a sell order of 15 Apple shares at market price
degiro.sell({
orderType: DeGiro.OrderTypes.marketOrder,
productSymbol: 'AAPL',
productType: DeGiro.ProductTypes.shares,
size: 15,
}).then(r => console.log(r)); // prints the order id
Same options as buy
.
MIT
FAQs
DeGiro (unnoficial) API
The npm package degiro receives a total of 17 weekly downloads. As such, degiro popularity was classified as not popular.
We found that degiro demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.