Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
A JavaScript package that leverages [Genius API](https://genius.com/developers) to search and fetch song lyrics and album art.It doesn't use any native node dependencies and therefore, can be used on the client-side.
A JavaScript package that leverages Genius API to search and fetch song lyrics and album art.
It doesn't use any native node dependencies and therefore, can be used on the client-side.
Install with npm
npm install --save genius-lyrics-api
Or install with Yarn
yarn add genius-lyrics-api
Get the Genius Developer Access Token
import { getLyrics, getSong } from 'genius-lyrics-api';
const options = {
apiKey: 'XXXXXXXXXXXXXXXXXXXXXXX',
title: 'Blinding Lights',
artist: 'The Weeknd',
optimizeQuery: true
};
getLyrics(options).then((lyrics) => console.log(lyrics));
getSong(options).then((song) =>
console.log(`
${song.id}
${song.title}
${song.url}
${song.albumArt}
${song.lyrics}`)
);
:warning: You may get a CORS block error while testing on localhost. To bypass this, you need to disable Same-Origin Policy in your browser. You may follow the instructions here.
type options {
title: string;
artist: string;
apiKey: string; // Genius developer access token
optimizeQuery?: boolean; // Setting this to true will optimize the query for best results
authHeader?: boolean; // Whether to include auth header in the search request. 'false' by default.
}
🚨 All properties in the options object are required except optimizeQuery
and authHeader
. If title
or artist
is unknown, pass an empty string.
type song {
id: number; // Genius song id
title: string; // Song title
url: string; // Genius webpage URL for the song
lyrics: string; // Song lyrics
albumArt: string; // URL of the album art image (jpg/png)
}
type searchResult {
id: number; // Genius song id
url: string; // Genius webpage URL for the song
title: string; // Song title
albumArt: string; // URL of the album art image (jpg/png)
}
genius-lyrics-api exposes the following methods:
getLyrics(options | url)
Accepts options or the url to a Genius song.
Returns a promise that resolves to a string containing lyrics. Returns null
if no lyrics are found.
getAlbumArt(options)
Accepts an options object.
Returns a promise that resolves to a url (string) to the song's album art. Returns null
if no url is found.
getSong(options)
Accepts an options object.
Returns a promise that resolves to an object of type song. Returns null
if song is not found.
searchSong(options)
Accepts an options object.
Returns a promise that resolves to an array of type searchResult. Returns null
if no matches are found.
getSongById(id: (number | string))
Accepts a valid Genius song ID. IDs can be found using the searchSong
method.
Returns a promise that resolves to an object of type song.
If you find this package useful, hit that sweet sweet ⭐️ button.
FAQs
A JavaScript package that leverages [Genius API](https://genius.com/developers) to search and fetch song lyrics and album art.It doesn't use any native node dependencies and therefore, can be used on the client-side.
We found that gnus_fider demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.