![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
ebay-api
Advanced tools
Changelog
Readme
This module aims to support all of eBay's APIs (Trading, Shopping, Finding, Merchandising, etc), with an interface that is both a) somewhat consistent across APIs and b) not too different from the underlying interface.
eBay's APIs are primarily XML-based, so this module unfortunately has to do a lot of JSON<->XML conversion.
I don't have time to build this out to support every endpoint, so if you are using this module, or would like to use this module, please submit pull requests!
The 1.x branch is currently under active development, and there may be breaking changes between minor releases.
(I realize this is contrary to best practice, but the module is not yet settled enough to major-bump every time.)
If you are using the 1.x branch, I recommend that you a) let me know your use case, b) help develop it, c) watch the commit and release logs carefully.
npm install ebay-api
var ebay = require('ebay-api');
(See the examples)
eBay has an enormous collection of APIs built over the years. Enter the labyrinth here: http://developer.ebay.com or here: https://www.x.com/developers/ebay/products
Sign up for an API key here: https://publisher.ebaypartnernetwork.com/PublisherToolsAPI (You'll need a key to run the examples.)
Make sure to obey the eBay API License and Terms when using this library.
xmlRequest(options, callback)
Makes an XML POST to an eBay API endpoints.
options
must contain:
serviceName
: e.g. 'Finding'opType
: e.g. 'findItemsAdvanced'appId
: your eBay API application IDand can optionally contain:
params
: (see examples and API documentation)reqOptions
: passed to the request module,
e.g. for additional headers
, or timeout
.xmlConverter
: function which takes the response XML and converts to JSON.
Module uses xml2js by default, but can be overridden.parser
: function which takes the response data (as JSON object) and extracts items
(or other units depending on the query).
Module includes a default parser.sandbox
: boolean (default false = production). May need to add additional endpoint URLs to the code as needed.raw
: boolean, set true
to skip parsing and return the raw XML response.parseDepth
: how many levels down to try to parse/interpret the response.
The default parser is still experimental. Set this to 0 or 1 to let your app do all the parsing.
(Default: unlimited)for authentication, include:
devId
certId
authToken
callback
gets (error, data)
.
paginateGetRequest(options, callback)
Make a multi-page request to a GET service, running them in parallel and combining the results.
Note: this is currently broken in 1.x. Fixes/refactors are welcome.
options
contains the same parameters as ebayApiGetRequest
, plus:
parser
here needs to return an array, so the results can be concatenated and passed to callback
.
Note: Because the pages all run in parallel, they can cause spikes on CPU and network activity. In the future, I might switch this to using an async queue
(instead of forEach
) with a variable concurrency. (A forEachSeries
can also be used, but negates the purpose of running the requests asynchronously.)
callback
gets (error, items)
flatten(obj)
Simplifies the JSON format of the API responses:
{ @key:KEY, __value__:VALUE }
is flattened to its key:value pair.Its purpose is to make the data easier to handle in code, and to model/query in MongoDB.
Runs synchronously, returns flattened object.
The default parser will flatten()
the response to a finite depth
(because infinite recursion on an indeterminate response size would cause an unnecessary performance hit).
If you want to flatten further, use this method directly.
parseResponseJson(data, options, callback)
The default parser. Can be overridden (see options
on xmlRequest()
).
convertXmlToJson(xmlBody, options, callback)
The default XML->JS converter. Uses xml2js. Can be overridden (see options
on xmlRequest()
).
getLatestApiVersions(callback)
Disabled in 1.x. Please submit a PR with a fix/refactor if you use this.
Get the version numbers of the APIs that make their version available.
The client exports and attempts to differentiate between EbaySystemError
, EbayRequestError
, and EbayClientError
.
See http://developer.ebay.com/DevZone/Shopping/docs/CallRef/types/ErrorClassificationCodeType.html and http://developer.ebay.com/devzone/xml/docs/Reference/ebay/Errors/ErrorMessages.htm.
See the examples directory.
There are two examples, one with a single-page findItemsByKeywords
request,
the other a paginated findItemsAdvanced
request. It should be reasonably apparent from the examples
how these functions are used.
To run the examples, you need to add your own app key (I don't want my keys to be disabled for abuse!) -
you can get one here.
This module uses the debug module for internal logging.
Run your app (or node REPL) with DEBUG=ebay* ...
to see output.
Enjoy!
FAQs
Unknown package
The npm package ebay-api receives a total of 2,983 weekly downloads. As such, ebay-api popularity was classified as popular.
We found that ebay-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.