Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
A Node.js wrapper for GitHub API.
Install via npm
$ npm install github
or
Install via git clone
$ git clone https://github.com/mikedeboer/node-github.git
$ cd node-github
$ npm install
Client API: https://mikedeboer.github.io/node-github/
GitHub API: https://developer.github.com/v3/
Create test auth file for running tests/examples.
$ > testAuth.json
{
"token": "<TOKEN>"
}
Get all followers for user "defunkt":
var GitHubApi = require("github");
var github = new GitHubApi({
// optional
debug: true,
protocol: "https",
host: "github.my-GHE-enabled-company.com", // should be api.github.com for GitHub
pathPrefix: "/api/v3", // for some GHEs; none for GitHub
headers: {
"user-agent": "My-Cool-GitHub-App" // GitHub is happy with a unique user agent
},
Promise: require('bluebird'),
followRedirects: false, // default: true; there's currently an issue with non-get redirects, so allow ability to disable follow-redirects
timeout: 5000
});
github.users.getFollowingForUser({
// optional:
// headers: {
// "cookie": "blahblah"
// },
user: "defunkt"
}, function(err, res) {
console.log(JSON.stringify(res));
});
There are a few pagination-related methods:
hasNextPage(link)
hasPreviousPage(link)
hasFirstPage(link)
hasLastPage(link)
getNextPage(link, headers, callback)
getPreviousPage(link, headers, callback)
getFirstPage(link, headers, callback)
getLastPage(link, headers, callback)
NOTE: link is the response object or the contents of the Link header
See here and here for examples.
Most GitHub API calls don't require authentication. As a rule of thumb: If you can see the information by visiting the site without being logged in, you don't have to be authenticated to retrieve the same information through the API. Of course calls, which change data or read sensitive information have to be authenticated.
You need the GitHub user name and the API key for authentication. The API key can be found in the user's Account Settings.
// basic
github.authenticate({
type: "basic",
username: USERNAME,
password: PASSWORD
});
// OAuth2
github.authenticate({
type: "oauth",
token: AUTH_TOKEN
});
// OAuth2 Key/Secret (to get a token)
github.authenticate({
type: "oauth",
key: CLIENT_ID,
secret: CLIENT_SECRET
})
Note: authenticate
is synchronous because it only stores the
credentials for the next request.
Once authenticated you can update a user field like so:
github.users.update({
location: "Argentina"
}, function(err) {
console.log("done!");
});
Create a new authorization for your application giving it access to the wanted scopes you need instead of relying on username / password and is the way to go if you have two-factor authentication on.
For example:
X-GitHub-OTP
header with the one-time-password you get on your token device.github.authorization.create({
scopes: ["user", "public_repo", "repo", "repo:status", "gist"],
note: "what this auth is for",
note_url: "http://url-to-this-auth-app",
headers: {
"X-GitHub-OTP": "two-factor-code"
}
}, function(err, res) {
if (res.token) {
//save and use res.token as in the Oauth process above from now on
}
});
Some APIs are in a preview period and require a custom Accept
header.
See examples/getReactionsForIssue.js for an example.
For updates on endpoints under preview, see https://developer.github.com/changes/.
Preview API | Accept header val |
---|---|
Deployment | application/vnd.github.ant-man-preview+json |
Git signing | application/vnd.github.cryptographer-preview |
Imports | application/vnd.github.barred-rock-preview |
License | application/vnd.github.drax-preview+json |
Migrations | application/vnd.github.wyandotte-preview+json |
OAuth grants | application/vnd.github.damage-preview |
Pages | application/vnd.github.mister-fantastic-preview |
Projects | application/vnd.github.inertia-preview+json |
Protected Branches | application/vnd.github.loki-preview+json |
Pull Request Squash | application/vnd.github.polaris-preview |
Reactions | application/vnd.github.squirrel-girl-preview |
Repository Traffic | application/vnd.github.spiderman-preview |
Timeline | application/vnd.github.mockingbird-preview |
When updating routes.json, you'll want to update/generate docs/tests:
$ node lib/generate.js
Dev note for updating apidoc for github pages:
$ npm install apidoc -g
$ apidoc -i doc/ -o apidoc/
Run all tests
$ npm test
Or run a specific test
$ npm test test/issuesTest.js
MIT license. See the LICENSE file for details.
FAQs
DEPRECATED: renamed to @octokit/rest
We found that github demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.