Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
A Node.JS module, which provides an object oriented wrapper for the GitHub v3 API.
Install with the Node.JS package manager npm :
$ npm install github
or
Install via git clone:
$ git clone git://github.com/mikedeboer/node-github.git
$ cd node-github
$ npm install
You can find the docs for the API of this client at http://mikedeboer.github.com/node-github/
Additionally, the official Github documentation is a very useful resource.
Print all followers of the user "mikedeboer" to the console.
var GitHubApi = require("github");
var github = new GitHubApi({
// required
version: "3.0.0",
// optional
debug: true,
protocol: "https",
host: "github.my-GHE-enabled-company.com",
pathPrefix: "/api/v3", // for some GHEs
timeout: 5000
});
github.user.getFollowingFromUser({
// optional:
// headers: {
// "cookie": "blahblah"
// },
user: "mikedeboer"
}, function(err, res) {
console.log(JSON.stringify(res));
});
First the GitHubApi class is imported from the node-github module. This class provides access to all of GitHub's APIs (e.g. user, issues or repo APIs). The getFollowingFromUser method lists all followers of a given GitHub user. Is is part of the user API. It takes the user name as first argument and a callback as last argument. Once the follower list is returned from the server, the callback is called.
Like in Node.JS, callbacks are always the last argument. If the functions fails an error object is passed as first argument to the callback.
Most GitHub API calls don't require authentication. As a rule of thumb: If you can see the information by visiting the site without being logged in, you don't have to be authenticated to retrieve the same information through the API. Of course calls, which change data or read sensitive information have to be authenticated.
You need the GitHub user name and the API key for authentication. The API key can be found in the user's Account Settings page.
This example shows how to authenticate and then change location field of the account settings to Argentina:
github.authenticate({
type: "basic",
username: username,
password: password
});
github.user.update({
location: "Argentina"
}, function(err) {
console.log("done!");
});
Note that the authenticate method is synchronous because it only stores the credentials for the next request.
Other examples for the various authentication methods:
// OAuth2
github.authenticate({
type: "oauth",
token: token
});
// OAuth2 Key/Secret
github.authenticate({
type: "oauth",
key: "clientID",
secret: "clientSecret"
})
// Deprecated Gihub API token (seems not to be working with the v3 API)
github.authenticate({
type: "token",
token: token
});
Create a new authorization for your application giving it access to the wanted scopes you need instead of relying on username / password and is the way to go if you have two-factor authentication on.
For example:
X-GitHub-OTP
header with the one-time-password you get on your token device.github.authorization.create({
scopes: ["user", "public_repo", "repo", "repo:status", "gist"],
note: "what this auth is for",
note_url: "http://url-to-this-auth-app",
headers: {
"X-GitHub-OTP": "two-factor-code"
}
}, function(err, res) {
if (res.token) {
//save and use res.token as in the Oauth process above from now on
}
});
The unit tests are based on the mocha
module, which may be installed via npm. To run the tests make sure that the
npm dependencies are installed by running npm install
from the project directory.
Before running unit tests:
npm install mocha -g
At the moment, test classes can only be run separately. This will e.g. run the Issues Api test:
mocha api/v3.0.0/issuesTest.js
Note that a connection to the internet is required to run the tests.
MIT license. See the LICENSE file for details.
FAQs
DEPRECATED: renamed to @octokit/rest
We found that github demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.