Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The official Node.js library for the GDAX API (formerly Coinbase Exchange).
Note: this library may be subtly broken or buggy. The code is released under the MIT License – please take the following message to heart:
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
# From NPM
npm install gdax
# From Github
npm install coinbase/gdax-node
The GDAX API has both public and private endpoints. If you're only
interested in the public endpoints, you should use a PublicClient
.
var Gdax = require('gdax');
var publicClient = new Gdax.PublicClient();
All API methods are callback based. Your callback should accept three arguments:
var callback = function(err, response, data) {
// your code here.
};
This callback will be passed directly to the underlying request
library's
request
method. err
will be either
null
or an Error
. response
will be a generic HTTP response abstraction
created by the request
library. data
will be the result of JSON-decoding
the server's response, or null
if the response was not parseable. You can
learn about the API responses of each endpoint by reading our
documentation.
publicClient.getProducts(callback);
// Get the order book at the default level of detail.
publicClient.getProductOrderBook(callback);
// Get the order book at a specific level of detail.
publicClient.getProductOrderBook({'level': 3}, callback);
publicClient.getProductTicker(callback);
publicClient.getProductTrades(callback);
// To make paginated requests, include page parameters
publicClient.getProductTrades({'after': 1000}, callback);
getProductTradeStream
Wraps around getProductTrades
, fetches all trades with IDs >= tradesFrom
and <= tradesTo
.
Handles pagination and rate limits.var trades = publicClient.getProductTradeStream(8408000, 8409000);
// tradesTo can also be a function
var trades publicClient.getProductTradeStream(8408000, function(trade) {
return Date.parse(trade.time) >= 1463068e6
})
publicClient.getProductHistoricRates(callback);
// To include extra parameters:
publicClient.getProductHistoricRates({'granularity': 3000}, callback);
publicClient.getProduct24HrStats(callback);
publicClient.getCurrencies(callback);
publicClient.getTime(callback);
The private exchange API endpoints require you to authenticate with an API key. You can create a new API key in your exchange account's settings.
var Gdax = require('gdax');
var authedClient = new Gdax.AuthenticatedClient(
key, b64secret, passphrase);
Like the PublicClient
, all API methods are callback based. The callback
should be in the same format:
var callback = function(err, response, data) {
// your code here.
};
The AuthenticatedClient
inherits all of the API methods defined by the
PublicClient
, so if you're hitting both public and private API endpoints you
only need to create a single client.
authedClient.getAccounts(callback);
var accountID = '7d0f7d8e-dd34-4d9c-a846-06f431c381ba';
authedClient.getAccount(accountID, callback);
var accountID = '7d0f7d8e-dd34-4d9c-a846-06f431c381ba';
authedClient.getAccountHistory(accountID, callback);
// For pagination, you can include extra page arguments
authedClient.getAccountHistory(accountID, {'before': 3000}, callback);
var accountID = '7d0f7d8e-dd34-4d9c-a846-06f431c381ba';
authedClient.getAccountHolds(accountID, callback);
// For pagination, you can include extra page arguments
authedClient.getAccountHolds(accountID, {'before': 3000}, callback);
// Buy 1 BTC @ 100 USD
var buyParams = {
'price': '100.00', // USD
'size': '1', // BTC
'product_id': 'BTC-USD',
};
authedClient.buy(buyParams, callback);
// Sell 1 BTC @ 110 USD
var sellParams = {
'price': '110.00', // USD
'size': '1', // BTC
'product_id': 'BTC-USD',
};
authedClient.sell(sellParams, callback);
var orderID = 'd50ec984-77a8-460a-b958-66f114b0de9b';
authedClient.cancelOrder(orderID, callback);
authedClient.cancelOrders(callback);
// `cancelOrders` may require you to make the request multiple times until
// all the orders are deleted.
// `cancelAllOrders` will handle making these requests for you asyncronously.
// Also you can add a product_id param to only delete orders of that product
// The response will be the response of the last call and the data will
// have the order ID's of all your deleted orders
authedClient.cancelAllOrders({product_id: 'BTC-USD'}, callback);
authedClient.getOrders(callback);
// For pagination, you can include extra page arguments
authedClient.getOrders({'after': 3000}, callback);
var orderID = 'd50ec984-77a8-460a-b958-66f114b0de9b';
authedClient.getOrder(orderID, callback);
authedClient.getFills(callback);
// For pagination, you can include extra page arguments
authedClient.getFills({'before': 3000}, callback);
// Deposit to your Exchange USD account from your Coinbase USD account.
var depositParamsUSD = {
'amount': '100.00', // USD,
'coinbase_account_id': '60680c98bfe96c2601f27e9c', // USD Coinbase Account ID
};
authedClient.deposit(depositParamsUSD, callback);
// Withdraw from your Exchange USD account to your Coinbase USD account.
var withdrawParamsUSD = {
'amount': '100.00', // USD,
'coinbase_account_id': '60680c98bfe96c2601f27e9c', // USD Coinbase Account ID
};
authedClient.withdraw(withdrawParamsUSD, callback);
// Deposit to your Exchange BTC account from your Coinbase BTC account.
var depositParamsBTC = {
'amount': '2.0', // BTC,
'coinbase_account_id': '536a541fa9393bb3c7000023', // BTC Coinbase Account ID
};
authedClient.deposit(depositParamsBTC, callback);
// Withdraw from your Exchange BTC account to your Coinbase BTC account.
var withdrawParamsBTC = {
'amount': '2.0', // BTC,
'coinbase_account_id': '536a541fa9393bb3c7000023', // BTC Coinbase Account ID
};
authedClient.withdraw(withdrawParamsBTC, callback);
The WebsocketClient
allows you to connect and listen to the
exchange websocket messages.
var Gdax = require('gdax');
var websocket = new Gdax.WebsocketClient();
websocket.on('message', function(data) { console.log(data); });
The following events can be emitted from the WebsocketClient
:
open
message
close
Orderbook
is a data structure that can be used to store a local copy of the orderbook.
var Gdax = require('gdax');
var orderbook = new Gdax.Orderbook();
The orderbook has the following methods:
state(book)
get(orderId)
add(order)
remove(orderId)
match(match)
change(change)
OrderbookSync
creates a local mirror of the orderbook on GDAX using
Orderbook
and WebsocketClient
as described here.
var Gdax = require('gdax');
var orderbookSync = new Gdax.OrderbookSync();
console.log(orderbookSync.book.state());
FAQs
Client for the GDAX API
The npm package gdax receives a total of 212 weekly downloads. As such, gdax popularity was classified as not popular.
We found that gdax demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.