Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
getstream
Advanced tools
stream-node is a Node/Javascript client for Stream.
npm install getstream
bower install getstream
var stream = require('getstream');
// Instantiate a new client (server side)
client = stream.connect('YOUR_API_KEY', 'API_KEY_SECRET');
// Instantiate a new client (client side)
client = stream.connect('YOUR_API_KEY');
// Find your API keys here https://getstream.io/dashboard/
// Instantiate a feed object server side
user1 = client.feed('user:1');
// Instantiate a feed object client side
// Generate a feed's token using server side signing
user1 = client.feed('user:1', 'FEED_TOKEN');
// Get activities from 5 to 10 (slow pagination)
user1.get({limit:5, offset:5}, callback);
// (Recommended & faster) Filter on an id less than a given UUID
user1.get({limit:5, id_lt:"e561de8f-00f1-11e4-b400-0cc47a024be0"}, callback);
// Create a new activity
activity = {'actor': 1, 'verb': 'tweet', 'object': 1};
user1.addActivity(activity, callback);
// Remove an activity by its id
user1.removeActivity("e561de8f-00f1-11e4-b400-0cc47a024be0");
// Follow another feed
user1.follow('flat:42');
// Stop following another feed
user1.unfollow('flat:42');
// all methods support callback as the last argument
user1.follow('flat:42', callback);
// with this signature
function(error, response, body) {
}
// adding multiple activities
activities = [
{'actor': 1, 'verb': 'tweet', 'object': 1},
{'actor': 2, 'verb': 'tweet', 'object': 3},
];
user1.addActivities(activities, callback);
// creating a feed token server side
token = user1.token;
// passed to client via template or api and initialized as such
user1 = client.feed('user:1', token);
Stream uses Faye for realtime notifications. Below is quick quide to subcribing to feed changes
var stream = require('getstream');
// NOTE: the site id is needed for subscribing
client = stream.connect('YOUR_API_KEY', 'API_KEY_SECRET', 'SITE_ID');
user1 = client.feed('user:1');
user1.subscribe(function callback() {
});
// now whenever something changes to the feed user 1
// the callback will be called
API Docs are available on GetStream.io.
First, make sure you can run the test suite. Tests are run via Mocha
mocha test/integration/index.js
# browser version
test/browser/test.html
# coverage
mocha test/integration/cov.js -R html-cov > cov.html
To release a new version
# package.json is leading and overwrites bower.json version
gulp bump
# builds the browserify, tags and submits to npm
gulp publish
FAQs
The official low-level GetStream.io client for Node.js and the browser.
The npm package getstream receives a total of 20,487 weekly downloads. As such, getstream popularity was classified as popular.
We found that getstream demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.