Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
discord-player
Advanced tools
Discord Player is a robust framework for developing Discord Music bots using JavaScript and TypeScript. It is built on top of the discord-voip library and offers a comprehensive set of customizable tools, making it one of the most feature enrich framework in town.
Eris compat mode does not support
VoiceStateUpdate
handler. You need to handle it manually.
Discord Player requires Discord.js 14.0 or higher. Please ensure that you have a compatible version by running npm list discord.js
in your terminal. If you're using an earlier version, please update it. The discord.js Guide provides resources to assist you with the update process.
$ npm install --save discord-player # main library
$ npm install --save @discord-player/extractor # extractors provider
Discord Player recognizes
@discord-player/extractor
and loads it automatically by default. Just invokeawait player.extractors.loadDefault()
.
Since Discord only accepts opus packets, you need to install the opus library. Discord Player supports multiple opus libraries, such as:
Among these, mediaplex is the recommended library as it adds more functionalities to discord-player than just libopus interface. You can install opus libraries by running:
$ npm install --save mediaplex
# or
$ npm install --save @discordjs/opus
# or
$ npm install --save opusscript
# or
$ npm install --save @evan/opus
# or
$ npm install --save node-opus
FFmpeg or Avconv is required for media transcoding. You can obtain it from https://ffmpeg.org or via npm.
We do not recommend installing ffmpeg via npm because binaries pulled from npm is known to be unstable. It is recommended to install it from the official source.
$ npm install --save ffmpeg-static
# or
$ npm install --save @ffmpeg-installer/ffmpeg
# or
$ npm install --save @node-ffmpeg/node-ffmpeg-installer
# or
$ npm install --save ffmpeg-binaries
Use
FFMPEG_PATH
environment variable to load ffmpeg from custom path.
The following method is deprecated and will be removed in the future. Please switch to discord-player-youtubei.
Not recommended:
YouTube streaming is not supported without installing one of the following package. If you want to add support for YouTube playback, you need to install a streaming library. This step is not needed if you do not plan on using youtube source.
$ npm install --save youtube-ext
# or
$ npm install --save play-dl
# or
$ npm install --save @distube/ytdl-core
# or
$ npm install --save yt-stream
# or
$ npm install --save ytdl-core
Once you have completed these installations, let's proceed with writing a simple music bot.
Let's create a main player instance. This instance handles and keeps track of all the queues and its components.
const { Player } = require('discord-player');
const client = new Discord.Client({
// Make sure you have 'GuildVoiceStates' intent enabled
intents: ['GuildVoiceStates' /* Other intents */]
});
// this is the entrypoint for discord-player based application
const player = new Player(client);
// Now, lets load all the default extractors, except 'YouTubeExtractor'. You can remove the filter if you want to include youtube.
await player.extractors.loadDefault((ext) => ext !== 'YouTubeExtractor');
Discord Player is mostly events based. It emits different events based on the context and actions. Let's add a basic event listener to notify the user when a track starts to play:
// this event is emitted whenever discord-player starts to play a track
player.events.on('playerStart', (queue, track) => {
// we will later define queue.metadata object while creating the queue
queue.metadata.channel.send(`Started playing **${track.cleanTitle}**!`);
});
Discord Player has limited support for Eris. You can use the following code to set up Discord Player with Eris:
const { Player, createErisCompat } = require('discord-player');
const player = new Player(createErisCompat(client));
Let's move on to the command part. You can define the command as per your requirements. We will only focus on the command part:
const { useMainPlayer } = require('discord-player');
export async function execute(interaction) {
const player = useMainPlayer();
const channel = interaction.member.voice.channel;
if (!channel) return interaction.reply('You are not connected to a voice channel!'); // make sure we have a voice channel
const query = interaction.options.getString('query', true); // we need input/query to play
// let's defer the interaction as things can take time to process
await interaction.deferReply();
try {
const { track } = await player.play(channel, query, {
nodeOptions: {
// nodeOptions are the options for guild node (aka your queue in simple word)
metadata: interaction // we can access this metadata object using queue.metadata later on
}
});
return interaction.followUp(`**${track.cleanTitle}** enqueued!`);
} catch (e) {
// let's return error if something failed
return interaction.followUp(`Something went wrong: ${e}`);
}
}
That's all it takes to build your own music bot. Please check out the Documentation for more features/functionalities.
Explore a curated list of resources built by the Discord Player community, including open-source music bots and extractors. Visit https://discord-player.js.org/showcase for more information.
FAQs
Complete framework to facilitate music commands using discord.js
The npm package discord-player receives a total of 2,638 weekly downloads. As such, discord-player popularity was classified as popular.
We found that discord-player demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.