Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
fca-utils-cjs
Advanced tools
fca-utils-cjs
A NodeJS package to help interacting with Facebook Messenger API (fca-unofficial)
BETA VERSION
fca-utils
A NodeJS package to interact with Facebook Messenger API (fca-unofficial)
Inspired by discord.js
Installation
npm install fca-utils
Basic Usages
Initialize
import { Client } from 'fca-utils'
const client = new Client({
prefix: "!", // Prefix for commands
ignoreMessageInCommandEvent: true, // Ignore message in command event
});
client.loginWithAppState(process.env.BASE64_ENCODED_APPSTATE);
client.on("ready", (api, curID) => {
console.log("LOGGED IN AS", curID);
console.log("Listening for messages...");
});
Login with username and password coming soon...
Message Events
client.on(EVENT, (msg) => {
// Do something
});
Events
error- Account error (locked/expired, etc.)message- When a message is receivedcommand- When a command is executed (only if prefix is set)reaction- When a reaction is added to a messageunsend- When a message is unsentevent- When an event is received, such as rename, kick/add users, etc.others- Others events:typ,read,presence,read_receipt
Message
client.on("message", (msg) => {
console.log("Message received:", msg.body);
if (msg.type === "message") {
try {
if (msg.args[0]?.toLowerCase() === "hi") {
msg.reply("Hello!");
}
} catch (e) {
console.error(e);
}
}
});
Screenshot
Basic msg properties:
msg.body- Message bodymsg.args- Array of message body splitted by spaces/line breaksmsg.senderID- ID of the sendermsg.threadID- ID of the thread/groupmsg.attachments- Array of attachmentsmsg.mentions- Array of mentions
Basic msg methods:
msg.send("your message")- Send a message back to the threadmsg.reply("your message")- Reply to the message
Command
client.on("command", async (cmd) => {
console.log("Command received:", cmd.name);
try {
if (cmd.name === "ping") {
await cmd.message.reply("Pong!");
}
} catch (e) {
console.error(e);
}
})
Screenshot
cmd properties:
cmd.message- same as the msg object in "message" eventcmd.name- name of the commandcmd.commandArgs- array of command arguments, for example:!ping hello world->["hello", "world"]
Reaction
client.on("reaction", (msg) => {
// Do something
});
Unsend
client.on("unsend", (msg) => {
// Do something
});
Event
client.on("event", (msg) => {
// Do something
});
Others
client.on("others", (msg) => {
// Do something
});
Comming soon...
FAQs
A NodeJS package to help interacting with Facebook Messenger API (fca-unofficial)
We found that fca-utils-cjs demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025