Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
discord-player
Advanced tools
Discord Player is a powerful framework for JavaScript and TypeScript, built on top of @discord.js/voice library. It provides easy set of customizable tools to develop Discord Music bots.
Discord Player requires Discord.js 14.0 or higher. PLease make sure you have a compatible version using npm list discord.js
in your terminal. If you're using an earlier version please update it. The Discord.JS Guide has resources to help with that.
$ npm install discord-player # main library
$ npm install @discord-player/extractor # extractors provider
Discord Player recognizes
@discord-player/extractor
and loads it automatically by default.
Discord Player is a high level framework for Discord VoIP. Discord only accepts opus packets, thus you need to install opus library. You can install any of these:
$ npm install @discordjs/opus
$ npm install opusscript
FFmpeg or Avconv is required for media transcoding. You can get it from https://ffmpeg.org or by installing it from npm:
$ npm install ffmpeg-static
You can get avconv from https://libav.org/download.
You also need to install streaming library if you want to add support for youtube playback. You can install one of these libraries:
$ npm install ytdl-core
$ npm install play-dl
$ npm install @distube/ytdl-core
Done with all these? Let's write a simple music bot then.
Let's create a master player instance.
const { Player } = require('discord-player');
const client = new Discord.Client({
// Make sure you have 'GuildVoiceStates' intent enabled
intents: ['GuildVoiceStates' /* Other intents */]
});
// this is the entrypoint for discord-player based application
const player = new Player(client);
Did You Know? Discord Player is by default a singleton.
Now, let's add some event listeners:
// this event is emitted whenever discord-player starts to play a track
player.events.on('playerStart', (queue, track) => {
// we will later define queue.metadata object while creating the queue
queue.metadata.channel.send(`Started playing **${track.title}**!`);
});
Let's write the command part. You can define the command as you desire. We will only check the command handler part:
async function execute(interaction) {
const channel = interaction.message.member.voice.channel;
if (!channel) return interaction.reply('You are not connected to a voice channel!'); // make sure we have a voice channel
const query = interaction.options.getString('query', true); // we need input/query to play
// let's defer the interaction as things can take time to process
await interaction.deferReply();
try {
const { track } = await player.play(channel, query, {
nodeOptions: {
// nodeOptions are the options for guild node (aka your queue in simple word)
metadata: interaction // we can access this metadata object using queue.metadata later on
}
});
return interaction.followUp(`**${track.title}** enqueued!`);
} catch (e) {
// let's return error if something failed
return interaction.followUp(`Something went wrong: ${e}`);
}
}
That's all it takes to build your own music bot.
A curated list of resources (such as open source music bots, extractors, etc.) built by Discord Player community. https://discord-player.js.org/docs/guides/community-resources
FAQs
Complete framework to facilitate music commands using discord.js
The npm package discord-player receives a total of 2,638 weekly downloads. As such, discord-player popularity was classified as popular.
We found that discord-player demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.