Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
endomondo-api-handler
Advanced tools
Readme
This a handler for unofficial Endomondo API, which is used on their web app and mobile app. It allows you to read various of information and update them. This library is focused on searching, updating and creating workouts. Other endpoints you can find by sniffing your browser. Cooperation is welcome.
The library is based on my PHP library that do the similar.
The library is compiled for node 9.6. You are using this library on your own danger.
I use a library for handling REST API request - rest-api-handler. It is based on browser fetch feature so it needs polyfill.
Since this is not official API you need to use your login and password to log in.
Install npm library:
npm install endomondo-api-handler --save
Include fetch polyfill. I recommend cross-fetch:
import 'cross-fetch/polyfill';
There are two APIs. One is based on the web app and the second on the mobile app. You need Mobile API to create new workouts. Regular API will do everything else.
If you need to create new workouts you need to authentize both to API and Mobile API.
const { Api, MobileApi } = require('endomondo-api-handler');
(async () => {
const api = new Api();
const mobileApi = new MobileApi();
await Promise.all([
api.login(login, password),
mobileApi.login(login, password),
]);
console.log(await api.get('rest/session'));
})();
To get single workout use getWorkout method:
const workout = await api.getWorkout(775131509);
Search for workouts:
const { DateTime } = require('luxon');
const { workouts } = await api.getWorkouts({
after: DateTime.fromObject({
year: 2018,
month: 3,
day: 1,
}),
limit: 2,
});
console.log(workouts);
To create workout, use WorkoutFactory and MobileApi:
const { DateTime, Duration } = require('luxon');
const math = require('mathjs');
const { Point, Workout } = require('endomondo-api-handler');
const start = DateTime.fromObject({
year: 2018,
month: 3,
day: 27,
hour: 5,
minute: 2,
});
const workout = Workout.get(
Workout.SPORT.RUNNING,
start,
Duration.fromObject({ minutes: 3 }),
math.unit(3, 'km'),
[
Point.get(start, 50.02957153, 14.51805568),
Point.get(start.plus({ minutes: 1 }), 50.03057153, 14.52205568),
Point.get(start.plus({ minutes: 2 }), 50.03357153, 14.53805568),
],
);
const workoutId = await mobileApi.createWorkout(workout);
require('cross-fetch/polyfill');
const fs = require('fs');
const { Api } = require('endomondo-api-handler');
const api = new Api();
(async () => {
await api.login(LOGIN, PASSWORD);
await api.processWorkouts({}, async (workout) => {
console.log(workout.toString());
if (workout.hasGPSData()) {
fs.writeFileSync(`tmp/${workout.getId()}.gpx`, await api.getWorkoutGpx(workout.getId()), 'utf8');
}
});
})();
Note - In old example gpx was generated by data from json response of Endomondo. I changed it to use getWorkoutGpx method which download gpx file directly from Endomondo and it's not processed by app.
Note 2 - When you are exporting tcx export of workout (by using method api.getWorkoutTcx) Endomondo sometimes creates workouts with duplicit IDs. To avoid this you can process tcx with simple replace:
tcx.replace(/<Id>([0-9]|-|T|:|Z)*<\/Id>/g, `<Id>${workout.getStart().toISO()}</Id>`)
FAQs
Unofficial handler for Endomondo API
We found that endomondo-api-handler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.