Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
grammY makes it easy to create Telegram bots. Both for beginners and at scale.
You want grammY because it is easy to use. It is very powerful and always up to date. It has the best documentation in town. It is extremely efficient and scales up effortlessly. It has a thriving ecosystem of plugins, a friendly community chat, seamless integrations with web frameworks and databases, and so much more.
Are you ready? π€π
Bots are written in TypeScript (or JavaScript) and run on Node.js or Deno.
If you are new to Telegram bots, read the official Introduction for Developers written by the Telegram team.
Visit @BotFather and create a new bot. You will obtain a bot token.
Create a new directory and run
npm install grammy
inside it. Then create a file bot.js
with this content:
const { Bot } = require("grammy");
// Create a bot object
const bot = new Bot(""); // <-- place your bot token in this string
// Register listeners to handle messages
bot.on("message:text", (ctx) => ctx.reply("Echo: " + ctx.message.text));
// Start the bot (using long polling)
bot.start();
Now you can run the bot via
node bot.js
and it will echo all received text messages.
Congrats! You just wrote a Telegram bot :)
grammY has an excellent documentation, and an API Reference. It even integrates with your code editor, e.g. VS Code. You can hover over any element of grammY to get a detailed description of what that thing does or means.
If you are still stuck, just join the Telegram chat and ask for help. People are nice there and we appreciate your question, no matter what it is :)
Here are some more resources to support you:
βmain project website and documentation. Gets you started and explains all concepts.
βreference of everything that grammY exports. Useful to look up descriptions about any element of grammY.
βrepository full of example bots. Includes a setup to easily run any of them.
βlist of awesome projects built with grammY. Helpful if you want to see some real-world usage.
βThe chat where you can ask any question about grammY or bots in general. We are also open for feedback, ideas, and contributions!
The Russian community chat can be found here.
βThe channel where updates to grammY and the ecosystem are posted. We are also on Twitter.
βdocumentation of the API that Telegram offers, and that grammY connects to under the hood.
All grammY packages published by @grammyjs run natively on Deno. We are compiling every codebase to still run on Node.js.
However, given that most bot developers are still using Node.js, all documentation is written Node.js-first. We may migrate it if Deno overtakes Node.js. If you are already on Deno today, import grammY from https://deno.land/x/grammy/mod.ts
.
You may also be interested in why we support Deno.
The grammY core package in this repository is available as a JavaScript bundle via https://bundle.deno.dev/.
This lets you transpile all published versions including current main
branch to standalone JavaScript files.
For example, the most recent source on main
is available from https://bundle.deno.dev/https://raw.githubusercontent.com/grammyjs/grammY/main/src/mod.ts.
Being compatible with browsers is especially useful for running bots on Cloudflare Workers.
For this reason, we also include a web bundle in our npm package.
You can simply do import { Bot } from "grammy/web"
.
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!
FAQs
The Telegram Bot Framework.
We found that grammy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.