Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
google-docs-console-download
Advanced tools
Downloads HTML from Google Docs, authenticating via console
Downloads HTML from Google Docs, authorizing through an interactive console session.
Install the library like this:
npm install --save-dev google-docs-console-download
Then use it to download HTML:
const DocId = '1qLoJYmUEJvpQdP4Xplp6I5JBsMpRY9RZTnak2gPhiEQ'
const gdcd = require('google-docs-console-download')(null)
gdcd.download(DocId, (err, html) => {
if (err) {
// Failure: unauthenticated, unauthorized, network failure, missing file
// The error message will describe what's up
console.error(err)
} else {
// Do something with the HTML. Here, we write it to the console
console.log(html)
}
})
You probably want to use this library interactively on a console, which is why
we suggest --save-dev
instead of --save
. If you want to download from
Google Docs on an automated server, we kindly suggest you choose another
library to rely on.
That (null)
at the end is an option. And It's Complicated.
Google uses OAuth 2.0 for authentication. That means it asks what app is
downloading. When you pass (null)
, you're telling Google you're using an app
called "google-docs-console-download", administered by its project's
maintainers.
That's usually what you want. So usually, add (null)
after the require()
call.
But you may want to tell Google you're using a different project. (The most likely reason: you don't trust us to maintain this project.) In that case, you can pass some different JSON to the file. Here's how to get it:
Then instead of (null)
, pass the JSON you downloaded -- e.g.:
const auth_config = require('./config/google-docs-console-download-auth')
const gdcd = require('google-docs-console-download')(auth_config)
During your first call to gdcd.download()
, this library will prompt you to log
in. Here's an example session:
$ node ./example.js
Log in to: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.readonly&response_type=code&client_id=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob
Enter the code at that URL: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
For the next few hours you can skip this step by prepending this text to the command: GOOGLE_AUTH_TOKEN='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
<html><head><meta content="text/html; charset=UTF-8" http-equiv="....
Do not save this authentication data in your project's code repository.
It is secret. It gives people access to all your files. Also, beware: if you
pass GOOGLE_AUTH_TOKEN
to the program, your shell will probably save the
token in its history file.
FAQs
Downloads HTML from Google Docs, authenticating via console
The npm package google-docs-console-download receives a total of 3 weekly downloads. As such, google-docs-console-download popularity was classified as not popular.
We found that google-docs-console-download demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.