Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Table of contents
import HLTV from 'hltv'
// Or if you're stuck with CommonJS
const { HLTV } = require('hltv')
You can create an instance of HLTV with a custom config.
const myHLTV = HLTV.createInstance({hltvUrl: 'my-proxy-server', loadPage: /* my custom request library */})
Parses most information from a match page
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | The match id |
HLTV.getMatch({id: 2306295}).then(res => {
...
})
Parses all matches from the hltv.org/matches/
page
Option | Type | Default Value | Description |
---|---|---|---|
- | - | - | - |
HLTV.getMatches().then((res) => {
...
})
See schema for Upcoming Matches
Parses all matches from the hltv.org/stats/matches
page
Option | Type | Default Value | Description |
---|---|---|---|
startDate | string? | - | - |
endDate | string? | - | - |
matchType | MatchType? | - | - |
maps | Map[]? | - | - |
HLTV.getMatchesStats({startDate: '2017-07-10', endDate: '2017-07-18'}).then((res) => {
...
})
Parses info from the all maps stats page (hltv.org/stats/matches/*/*
)
Option | Type | Default Value | Description |
---|---|---|---|
id | number | - | - |
HLTV.getMatchStats({id: 62979}).then((res) => {
...
})
Parses info from the single map stats page (hltv.org/stats/matches/mapstatsid/*/*
)
Option | Type | Default Value | Description |
---|---|---|---|
id | number | - | - |
HLTV.getMatchMapStats({id: 49968}).then((res) => {
...
})
Parses all matches from the hltv.org/results/
page
Option | Type | Default Value | Description |
---|---|---|---|
pages | int | 1 | Number of pages with results to be parsed |
HLTV.getResults({pages: 2}).then((res) => {
...
})
Parses all streams present on the front page of HLTV
Option | Type | Default Value | Description |
---|---|---|---|
loadLinks | boolean | false | Enables parsing of the stream links. Its an option since it can slow down the response (every stream is a separate request). |
HLTV.getStreams().then((res) => {
...
})
Parses the latest threads on the front page of HLTV
Option | Type | Default Value | Description |
---|---|---|---|
- | - | - | - |
HLTV.getRecentThreads().then((res) => {
...
})
Parses the info from the hltv.org/ranking/teams/
page
Option | Type | Default Value | Description |
---|---|---|---|
year | string | - | - |
month | string | - | Must be lowercase and in MMMM format |
day | string | - | - |
country | string | - | Must be capitalized ('Brazil' , 'France' etc) |
// If you don't provide a filter the latest ranking will be parsed
HLTV.getTeamRanking()
HLTV.getTeamRanking({country: 'Thailand'})
HLTV.getTeamRanking({year: '2017', month: 'may', day: '29'}).then((res) => {
...
})
Parses the info from the hltv.org/team/
page
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | The team id |
HLTV.getTeam({id: 6137}).then(res => {
...
})
Parses the info from the hltv.org/stats/teams/
page
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | The team id |
HLTV.getTeamStats({id: 6137}).then(res => {
...
})
Parses the info from the hltv.org/player/
page
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | The player id |
HLTV.getPlayer({id: 6137}).then(res => {
...
})
Parses the info from hltv.org/stats/players/*
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | - |
startDate | string | - | - |
endDate | string | - | - |
HLTV.getPlayerStats({id: 7998}).then(res => {
...
})
Parses the info from hltv.org/stats/players
page
Option | Type | Default value | Description |
---|---|---|---|
startDate | string | - | - |
endDate | string | - | - |
// If you don't provide a filter the latest ranking will be parsed
HLTV.getPlayerRanking({startDate: '2018-07-01', endDate: '2018-10-01'}).then(res => {
...
})
Parses the info from the hltv.org/event/
page
Option | Type | Default value | Description |
---|---|---|---|
id | int | - | The event id |
HLTV.getEvent({id: 3389}).then(res => {
...
})
Presents an interface to receive data when the HLTV scorebot updates
NOTE: While connectToScorebot
returns a Promise, the promise will never resolve. Instead you should pass the callbacks described below.
Option | Type | Default Value | Description |
---|---|---|---|
id | int | - | The match ID |
onScoreboardUpdate | function? | - | Callback that is called when there is new scoreboard data |
onLogUpdate | function? | - | Callback that is called when there is new game log data |
onFullLogUpdate | function? | - | It's still unclear when this is called and with what data, if you find out please let me know! |
onConnect | function? | - | Callback that is called when a connection with the scorebot is established |
onDisconnect | function? | - | Callback that is called when the scorebot disconnects |
HLTV.connectToScorebot({id: 2311609, onScoreboardUpdate: (data) => {
...
}, onLogUpdate: (data) => {
...
}})
The onLogUpdate
callback is passed an LogUpdate object
The onScoreboardUpdate
callback is passed an ScoreboardUpdate object
FAQs
The unofficial HLTV Node.js API
The npm package hltv receives a total of 138 weekly downloads. As such, hltv popularity was classified as not popular.
We found that hltv demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.