Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
django-chatgpt
Advanced tools
Node.js client for the unofficial ChatGPT API.
This package is a Node.js wrapper around ChatGPT by OpenAI. TS batteries included. ✨
You can use it to start building projects powered by ChatGPT like chatbots, websites, etc...
npm install chatgpt
import { ChatGPTAPI } from 'chatgpt'
async function example() {
// sessionToken is required; see below for details
const api = new ChatGPTAPI({
sessionToken: process.env.SESSION_TOKEN
})
// ensure the API is properly authenticated
await api.ensureAuth()
// send a message and wait for the response
const response = await api.sendMessage(
'Write a python version of bubble sort.
)
// response is a markdown-formatted string
console.log(response)
}
ChatGPT responses are formatted as markdown by default. If you want to work with plaintext instead, you can use:
const api = new ChatGPTAPI({
sessionToken: process.env.SESSION_TOKEN,
markdown: false
})
If you want to automatically track the conversation, you can use ChatGPTAPI.getConversation()
:
const api = new ChatGPTAPI({
sessionToken: process.env.SESSION_TOKEN
})
const conversation = api.getConversation()
// send a message and wait for the response
const response0 = await conversation.sendMessage('What is OpenAI?')
// send a follow-up prompt to the previous message and wait for the response
const response1 = await conversation.sendMessage('Can you expand on that?')
// send another follow-up to the same conversation
const response2 = await conversation.sendMessage('Oh cool; thank you')
Sometimes, ChatGPT will hang for an extended period of time before beginning to respond. This may be due to rate limiting or it may be due to OpenAI's servers being overloaded.
To mitigate this issues, you can add a timeout like this:
// timeout after 2 minutes (which will also abort the underlying HTTP request)
const response = await api.sendMessage('this is a timeout test', {
timeoutMs: 2 * 60 * 1000
})
async function example() {
// To use ESM in CommonJS, you can use a dynamic import
const { ChatGPTAPI } = await import('chatgpt')
const api = new ChatGPTAPI({
sessionToken: process.env.SESSION_TOKEN
})
await api.ensureAuth()
const response = await api.sendMessage('Hello World!')
console.log(response)
}
See the auto-generated docs for more info on methods and parameters.
A basic demo is included for testing purposes:
# 1. clone repo
# 2. install node deps
# 3. set `SESSION_TOKEN` in .env
# 4. run:
npx tsx src/demo.ts
A conversation demo is also included:
# 1. clone repo
# 2. install node deps
# 3. set `SESSION_TOKEN` in .env
# 4. run:
npx tsx src/demo-conversation.ts
This package requires a valid session token from ChatGPT to access it's unofficial REST API.
To get a session token:
Application
> Cookies
.
__Secure-next-auth.session-token
and save it to your environment.If you want to run the built-in demo, store this value as SESSION_TOKEN
in a local .env
file.
Note This package will switch to using the official API once it's released.
Note Prior to v1.0.0, this package used a headless browser via Playwright to automate the web UI. Here are the docs for the initial browser version.
All of these awesome projects are built using the chatgpt
package. 🤯
If you create a cool integration, feel free to open a PR and add it to the list.
This package is ESM-only. It supports:
v1.4.0
chatgpt
from client-side browser code because it would expose your private session tokenchatgpt
, we recommend using it only from your backend APIMIT © Travis Fischer
If you found this project interesting, please consider sponsoring me or following me on twitter
FAQs
Node.js client for the unofficial ChatGPT API.
We found that django-chatgpt demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.