Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Interactive Brokers API addon for Node.js compatible with IB API 9.72
This addon uses the latest stable Interactive Brokers POSIX C++ API.
Author: Jae Yang - [dchem] (https://keybase.io/dchem)
The inbound messages' are in the order it was received. Also, the outbound messages are rate limited to 50 msg/sec as IB requires it. Default behavior is that if your outbound rate is greater than that the 51st message will be handled in the next second.
If you would like to see the jsdoc of this project, just run it on ibapi.js file.
svrError
to error
sudo apt-get install unzip
npm install ibapi
npm install --global --production windows-build-tools
mingw-get install msys-unzip
npm install ibapi
npm install ibapi
IMPORTANT: You do not need to do the following if installing windows-build-tools succeeded
For Windows with MSVS 2017:
npm install ibapi --msvs_version=2017
Alternatively, include GYP_MSVS_VERSION=2017
in environment variables for Windows.
npm install ibapi
node install -g node-gyp
#define IB_USE_STD_STRING
into the following files in /import directory:
EClientSocketBase.cpp
EPosixClientSocket.cppnode-gyp rebuild
node-gyp --msvs_version=2012 rebuild
// This file shows you one example of a barebones program that handles
// server error messages.
// Required package name is 'ibapi' If you use your own project path,
// just use require('ibapi') from your project root as you would
// normally do.
var addon = require('../ibapi'),
messageIds = addon.messageIds,
contract = addon.contract,
order = addon.order;
// The api object handles the client methods. For details, refer to
// IB API documentation.
var api = new addon.NodeIbapi();
// Interactive Broker requires that you use orderId for every new order
// inputted. The orderId is incremented everytime you submit an order.
// Make sure you keep track of this.
var orderId = -1;
// Here we specify the event handlers.
// Please follow this guideline for event handlers:
// 1. Add handlers to listen to messages
// 2. Each handler must have be a function (message) signature
var handleValidOrderId = function (message) {
orderId = message.orderId;
console.log('next order Id is ' + orderId);
};
var handleServerError = function (message) {
console.log('Error: ' + message.id.toString() + '-' +
message.errorCode.toString() + '-' +
message.errorString.toString());
};
var handleClientError = function (message) {
console.log('clientError');
console.log(JSON.stringify(message));
};
var handleDisconnected = function (message) {
console.log('disconnected');
process.exit(1);
};
// After that, you must register the event handler with a messageId
// For list of valid messageIds, see messageIds.js file.
api.handlers[messageIds.nextValidId] = handleValidOrderId;
api.handlers[messageIds.error] = handleServerError;
api.handlers[messageIds.clientError] = handleClientError;
api.handlers[messageIds.disconnected] = handleDisconnected;
// Connect to the TWS client or IB Gateway
var connected = api.connect('127.0.0.1', 7496, 0, false);
// Once connected, start processing incoming and outgoing messages
if (connected) {
api.beginProcessing();
}
These are used as state stores and abstraction for IB API. You also have to pass instance of the object, such as 'order' to some of the client request functions.
Each of theese come with a constructor:
beginProcessing()
: Entry point - starts the message processing.doAction(action)
: An action, custom function or API requests, can be
bound to each eventsplaceSimpleOrder()
: Simpler order input method.processMsg()
: Msg processor - a POSIX implementation of network message
handler. This does not need to be called explicitly by the user
Following commands are used for requesting specific action through IB API:
.connect(host,port,clientId)
.disconnect()
.isConnected()
.serverVersion() // returns right away
.twsConnectionTime() // returns right away
.reqMktData(reqId, contract, genericTickType, snapShot)
.cancelMktData(reqId)
// placeOrder can take either
.placeOrder(orderId, contrct, order)
// or
.placeOrder(orderId, contract, action, quantity, orderType, price, auxPrice)
.cancelOrder(orderId)
.reqOpenOrders()
.reqAccountUpdates(subscribe, acctCode)
.reqExecutions(reqId, clientId, acctCode, time, symbol, secType, exchange, side)
.reqIds(num) // only accepts 1 for the time being (9.71)
.reqContractDetails(reqId, contract)
.reqMktDepth(tickerId, contract, numRows )
.cancelMktDepth(tickerId)
.reqNewsBulletins(allMsgs)
.cancelNewsBulletins()
.setServerLogLevel(level)
.reqAutoOpenOrders(bAutoBind)
.reqAllOpenOrders()
.reqManagedAccts()
.requestFA( ) // not yet implemented
.replaceFA( ) // not yet implemented
.reqHistoricalData(id, contract, endDateTime, durationStr, barSizeSetting, whatToShow, useRTH, formatDate)
.exerciseOptions(tickerId, contract, exerciseAction, exerciseQuantity, account, override )
.cancelHistoricalData(tickerId)
.reqRealtimeBars(tickerId, contract, barSize, whatToShow, useRTH)
.cancelRealTimeBars(tickerId)
.cancelScannerSubscription(tickerId)
.reqScannerParameters()
.reqScannerSubscription(tickerId, subscription)
.reqCurrentTime() // not implemented
.reqFundamentalData( reqId, contract, reportType )
.cancelFundamentalData(reqId)
.calculateImpliedVolatility( reqId, contract, optionPrice, underPrice )
.calculateOptionPrice( reqId, contract, volatility, underPrice )
.cancelCalculateImpliedVolatility(reqId)
.cancelCalculateOptionPrice(reqId)
.reqGlobalCancel()
.reqMarketDataType(marketDataType)
.reqPositions()
.cancelPositions()
.reqAccountSummary( reqId, groupName, tags )
.cancelAccountSummary(reqId)
.verifyRequest( apiName, apiVersion )
.verifyMessage( apiData )
.queryDisplayGroups( reqId )
.subscribeToGroupEvents( reqId, groupId )
.updateDisplayGroup( reqId, contractInfo )
.unsubscribeFromGroupEvents( reqId )
.reqPositionsMulti(reqId, account, modelCode)
.cancelPositionsMulti(reqId)
.reqAccountUpdatesMulti(reqId, account, modelCode, ledgerAndNLV)
.cancelAccountUpdatesMulti(reqId)
.reqSecDefOptParams(reqId, underlyingSymbol, futFopExchange, underlyingSecType, underlyingConId)
.reqSoftDollarTiers(reqId)
See messageIds.js
tickPrice
tickSize
tickOptionComputation
tickGeneric
tickString
tickEFP
orderStatus
openOrder
openOrderEnd
clientError
connectionClosed
updateAccountValue
updatePortfolio
updateAccountTime
accountDownloadEnd
nextValidId
contractDetails
bondContractDetails
contractDetailsEnd
execDetails
execDetailsEnd
error
updateMktDepth
updateMktDepthL2
updateNewsBulletin
managedAccounts
receiveFA
historicalData
scannerParameters
scannerData
scannerDataEnd
realtimeBar
fundamentalData
deltaNeutralValidation
tickSnapshotEnd
marketDataType
commissionReport
position
positionEnd
accountSummary
accountSummaryEnd
verifyMessageAPI
verifyCompleted
displayGroupList
displayGroupUpdated
nextValidId
disconnected
positionMulti
positionMultiEnd
accountUpdateMulti
accountUpdateMultiEnd
securityDefinitionOptionalParameter
securityDefinitionOptionalParameterEnd
softDollarTiers
Uses mocha, so install it.
Copyright (c) 2019 Jae Yang. See LICENSE file for license rights and limitations (MIT).
Because they are terrible.
FAQs
Interactive Brokers API addon for NodeJS
The npm package ibapi receives a total of 8 weekly downloads. As such, ibapi popularity was classified as not popular.
We found that ibapi demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.