Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
ibm-watson
Advanced tools
Node.js client library to use the Watson APIs.
Version v5.0.0 of the SDK has been released and includes a number of breaking changes - see what's changed in the migration guide.
The SDK will no longer be tested with Node versions 6 and 8. Support will be officially dropped in v5.
This package has been moved under the name ibm-watson
. The package is still available at watson-developer-cloud
, but that will no longer receive updates. Use ibm-watson
to stay up to date.
npm install ibm-watson
import DiscoveryV1 from 'ibm-watson/discovery/v1';
import { IamAuthenticator } from 'ibm-watson/auth';
const discoveryClient = new DiscoveryV1({
authenticator: new IamAuthenticator({ apikey: '{apikey}' }),
version: '{version}',
});
// ...
The examples folder has basic and advanced examples. The examples within each service assume that you already have service credentials.
Starting with v5.0.0, the SDK should work in the browser, out of the box, with most bundlers.
See the examples/
folder for Browserify and Webpack client-side SDK examples (with server-side generation of auth tokens.)
Note: not all services currently support CORS, and therefore not all services can be used client-side. Of those that do, most require an auth token to be generated server-side via the Authorization Service.
Watson services are migrating to token-based Identity and Access Management (IAM) authentication.
Authentication is accomplished using dedicated Authenticators for each authentication scheme. Import authenticators from ibm-watson/auth
or rely on externally-configured credentials which will be read from a credentials file or environment variables.
To learn more about the Authenticators and how to use them with your services, see the detailed documentation.
To find out which authentication to use, view the service credentials. You find the service credentials for authentication the same way for all Watson services:
On this page, you should be able to see your credentials for accessing your service instance.
In your code, you can use these values in the service constructor or with a method call after instantiating your service.
There are two ways to supply the credentials you found above to the SDK for authentication:
With a credentials file, you just need to put the file in the right place and the SDK will do the work of parsing it and authenticating. You can get this file by clicking the Download button for the credentials in the Manage tab of your service instance.
The file downloaded will be called ibm-credentials.env
. This is the name the SDK will search for and must be preserved unless you want to configure the file path (more on that later). The SDK will look for your ibm-credentials.env
file in the following places (in order):
IBM_CREDENTIALS_FILE
As long as you set that up correctly, you don't have to worry about setting any authentication options in your code. So, for example, if you created and downloaded the credential file for your Discovery instance, you just need to do the following:
const DiscoveryV1 = require('ibm-watson/discovery/v1');
const discovery = new DiscoveryV1({ version: '2019-02-01' });
And that's it!
If you're using more than one service at a time in your code and get two different ibm-credentials.env
files, just put the contents together in one ibm-credentials.env
file and the SDK will handle assigning credentials to their appropriate services.
If you would like to configure the location/name of your credential file, you can set an environment variable called IBM_CREDENTIALS_FILE
. This will take precedence over the locations specified above. Here's how you can do that:
export IBM_CREDENTIALS_FILE="<path>"
where <path>
is something like /home/user/Downloads/<file_name>.env
. If you just provide a path to a directory, the SDK will look for a file called ibm-credentials.env
in that directory.
The SDK also supports setting credentials manually in your code, using an Authenticator.
Some services use token-based Identity and Access Management (IAM) authentication. IAM authentication uses a service API key to get an access token that is passed with the call. Access tokens are valid for approximately one hour and must be regenerated.
To use IAM authentication, you must use an IamAuthenticator
or a BearerTokenAuthenticator
.
IamAuthenticator
to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, and refreshes it if necessary.BearerTokenAuthenticator
if you want to manage the lifecycle yourself. For details, see Authenticating with IAM tokens. If you want to switch your authenticator, you must override the authenticator
property directly.To use the SDK in a Cloud Pak, use the CloudPakForDataAuthenticator
. This will require a username, password, and URL.
You can set or reset the base URL after constructing the client instance using the setServiceUrl
method:
const DiscoveryV1 = require('ibm-watson/discovery/v1');
const discovery = DiscoveryV1({
/* authenticator, version, url, etc... */
});
discovery.setServiceUrl('<new url>');
All SDK methods are asynchronous, as they are making network requests to Watson services. To handle receiving the data from these requests, the SDK offers support for both Promises and Callback functions. Note that support for Callbacks is being deprecated and will be removed in a future major release. Using Promises is recommended.
const DiscoveryV1 = require('ibm-watson/discovery/v1');
const discovery = new DiscoveryV1({
/* authenticator, version, url, etc... */
});
// using Promises
discovery.listEnvironments()
.then(body => {
console.log(JSON.stringify(body, null, 2));
})
.catch(err => {
console.log(err);
});
// using Promises provides the ability to use async / await
async function callDiscovery() { // note that callDiscovery also returns a Promise
const body = await discovery.listEnvironments();
}
// using a Callback function
discovery.listEnvironments((err, res) => {
if (err) {
console.log(err);
} else {
console.log(JSON.stringify(res, null, 2));
}
});
Custom headers can be passed with any request. Each method has an optional parameter headers
which can be used to pass in these custom headers, which can override headers that we use as parameters.
For example, this is how you can pass in custom headers to Watson Assistant service. In this example, the 'custom'
value for 'Accept-Language'
will override the default header for 'Accept-Language'
, and the 'Custom-Header'
while not overriding the default headers, will additionally be sent with the request.
const assistant = new watson.AssistantV1({
/* authenticator, version, url, etc... */
});
assistant.message({
workspaceId: 'something',
input: {'text': 'Hello'},
headers: {
'Custom-Header': 'custom',
'Accept-Language': 'custom'
}
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
The SDK now returns the full HTTP response by default for each method.
Here is an example of how to access the response headers for Watson Assistant:
const assistant = new AssistantV1({
/* authenticator, version, url, etc... */
});
assistant.message(params).then(
response => {
console.log(response.headers);
},
err => {
console.log(err);
/*
`err` is an Error object. It will always have a `message` field
and depending on the type of error, it may also have the following fields:
- body
- headers
- name
- code
*/
}
);
Every SDK call returns a response with a transaction ID in the x-global-transaction-id header. This transaction ID is useful for troubleshooting and accessing relevant logs from your service instance.
const assistant = new AssistantV1({
/* authenticator, version, url, etc... */
});
assistant.message(params).then(
response => {
console.log(response.headers['x-global-transaction-id']);
},
err => {
console.log(err);
}
);
const speechToText = new SpeechToTextV1({
/* authenticator, version, url, etc... */
});
const recognizeStream = recognizeUsingWebSocket(params);
// getTransactionId returns a Promise that resolves to the ID
recognizeStream.getTransactionId().then(
globalTransactionId => console.log(globalTransactionId),
err => console.log(err),
);
By default, all requests are logged. This can be disabled of by setting the X-Watson-Learning-Opt-Out
header when creating the service instance:
const myInstance = new watson.WhateverServiceV1({
/* authenticator, version, url, etc... */
headers: {
"X-Watson-Learning-Opt-Out": true
}
});
The SDK provides the user with full control over the HTTPS Agent used to make requests. This is available for both the service client and the authenticators that make network requests (e.g. IamAuthenticator
). Outlined below are a couple of different scenarios where this capability is needed. Note that this functionality is for Node environments only - these configurtions will have no effect in the browser.
To use the SDK (which makes HTTPS requests) behind an HTTP proxy, a special tunneling agent must be used. Use the package tunnel
for this. Configure this agent with your proxy information, and pass it in as the HTTPS agent in the service constructor. Additionally, you must set proxy
to false
in the service constructor. If using an Authenticator that makes network requests (IAM or CP4D), you must set these fields in the Authenticator constructor as well.
See this example configuration:
const tunnel = require('tunnel');
const AssistantV1 = require('ibm-watson/assistant/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const httpsAgent = tunnel.httpsOverHttp({
proxy: {
host: 'some.host.org',
port: 1234,
},
});
const assistant = new AssistantV1({
authenticator: new IamAuthenticator({
apikey: 'fakekey-1234'
httpsAgent, // not necessary if using Basic or BearerToken authentication
proxy: false,
}),
version: '2020-01-28',
httpsAgent,
proxy: false,
});
To send custom certificates as a security measure in your request, use the cert
, key
, and/or ca
properties of the HTTPS Agent. See this documentation for more information about the options. Note that the entire contents of the file must be provided - not just the file name.
const AssistantV1 = require('ibm-watson/assistant/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const certFile = fs.readFileSync('./my-cert.pem');
const keyFile = fs.readFileSync('./my-key.pem');
const assistant = new AssistantV1({
authenticator: new IamAuthenticator({
apikey: 'fakekey-1234',
httpsAgent: new https.Agent({
key: keyFile,
cert: certFile,
})
}),
version: '2019-02-28',
httpsAgent: new https.Agent({
key: keyFile,
cert: certFile,
}),
});
The HTTP client can be configured to disable SSL verification. Note that this has serious security implications - only do this if you really mean to! ⚠️
To do this, set disableSslVerification
to true
in the service constructor and/or authenticator constructor, like below:
const discovery = new DiscoveryV1({
url: '<service_url>',
version: '<version-date>',
authenticator: new IamAuthenticator({ apikey: '<apikey>', disableSslVerification: true }), // this will disable SSL verification for requests to the token endpoint
disableSslVerification: true, // this will disable SSL verification for any request made with this client instance
});
You can find links to the documentation at https://cloud.ibm.com/developer/watson/documentation. Find the service that you're interested in, click API reference, and then select the Node tab.
There are also auto-generated JSDocs available at http://watson-developer-cloud.github.io/node-sdk/master/
If you have issues with the APIs or have a question about the Watson services, see Stack Overflow.
The Authorization service can generate auth tokens for situations where providing the service username/password is undesirable.
Tokens are valid for 1 hour and may be sent using the X-Watson-Authorization-Token
header or the watson-token
query param.
Note that the token is supplied URL-encoded, and will not be accepted if it is double-encoded in a querystring.
NOTE: Authenticating with the
X-Watson-Authorization-Token
header or thewatson-token
query param is now deprecated. The token continues to work with Cloud Foundry services, but is not supported for services that use Identity and Access Management (IAM) authentication. For details see Authenticating with IAM tokens or the README in the IBM Watson SDK you use. The Authorization SDK now supports returning IAM Access Tokens when instantiated with an IAM API key.
const watson = require('ibm-watson');
const { IamAuthenticator } = require('ibm-watson/auth');
const { BasicAuthenticator } = require('ibm-watson/auth');
// to get an IAM Access Token
const authorization = new watson.AuthorizationV1({
authenticator: new IamAuthenticator({ apikey: 'fakekey-1234' }),
});
authorization.getToken(function (err, token) {
if (!token) {
console.log('error: ', err);
} else {
// Use your token here
}
});
// to get a Watson Token - NOW DEPRECATED
const authorization = new watson.AuthorizationV1({
authenticator: new BasicAuthenticator({ username: 'TTS username', password: 'TTS password' }),
url: 'https://stream.watsonplatform.net/authorization/api', // Speech tokens
});
authorization.getToken({
url: 'https://stream.watsonplatform.net/text-to-speech/api'
},
function (err, token) {
if (!token) {
console.log('error: ', err);
} else {
// Use your token here
}
});
Use the Assistant service to determine the intent of a message.
Note: You must first create a workspace via IBM Cloud. See the documentation for details.
const AssistantV2 = require('ibm-watson/assistant/v2');
const { IamAuthenticator } = require('ibm-watson/auth');
const assistant = new AssistantV2({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/assistant/api/',
version: '2018-09-19'
});
assistant.message(
{
input: { text: "What's the weather?" },
assistantId: '<assistant id>',
sessionId: '<session id>',
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Use the Assistant service to determine the intent of a message.
Note: You must first create a workspace via IBM Cloud. See the documentation for details.
const AssistantV1 = require('ibm-watson/assistant/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const assistant = new AssistantV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/assistant/api/',
version: '2018-02-16'
});
assistant.message(
{
input: { text: "What's the weather?" },
workspaceId: '<workspace id>'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Use the Compare Comply service to compare and classify documents.
const fs = require('fs');
const CompareComplyV1 = require('ibm-watson/compare-comply/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const compareComply = new CompareComplyV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/compare-comply/api',
version: '2018-12-06'
});
compareComply.compareDocuments(
{
file1: fs.createReadStream('<path-to-file-1>'),
file1Filename: '<filename-1>',
file1Label: 'file-1',
file2: fs.createReadStream('<path-to-file-2>'),
file2Filename: '<filename-2>',
file2Label: 'file-2',
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Use the Discovery Service to search and analyze structured and unstructured data.
const DiscoveryV1 = require('ibm-watson/discovery/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const discovery = new DiscoveryV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/discovery/api/',
version: '2017-09-01'
});
discovery.query(
{
environmentId: '<environment_id>',
collectionId: '<collection_id>',
query: 'my_query'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Translate text from one language to another or idenfity a language using the Language Translator service.
const LanguageTranslatorV3 = require('ibm-watson/language-translator/v3');
const { IamAuthenticator } = require('ibm-watson/auth');
const languageTranslator = new LanguageTranslatorV3({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/language-translator/api/',
version: 'YYYY-MM-DD',
});
languageTranslator.translate(
{
text: 'A sentence must have a verb',
source: 'en',
target: 'es'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
languageTranslator.identify(
{
text:
'The language translator service takes text input and identifies the language used.'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
Use Natural Language Classifier service to create a classifier instance by providing a set of representative strings and a set of one or more correct classes for each as training. Then use the trained classifier to classify your new question for best matching answers or to retrieve next actions for your application.
const NaturalLanguageClassifierV1 = require('ibm-watson/natural-language-classifier/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const classifier = new NaturalLanguageClassifierV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://gateway.watsonplatform.net/natural-language-classifier/api/'
});
classifier.classify(
{
text: 'Is it sunny?',
classifierId: '<classifier-id>'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
See this example to learn how to create a classifier.
Use Natural Language Understanding is a collection of natural language processing APIs that help you understand sentiment, keywords, entities, high-level concepts and more.
const fs = require('fs');
const NaturalLanguageUnderstandingV1 = require('ibm-watson/natural-language-understanding/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const nlu = new NaturalLanguageUnderstandingV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
version: '2018-04-05',
url: 'https://gateway.watsonplatform.net/natural-language-understanding/api/'
});
nlu.analyze(
{
html: file_data, // Buffer or String
features: {
concepts: {},
keywords: {}
}
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
Analyze text in English and get a personality profile by using the Personality Insights service.
const PersonalityInsightsV3 = require('ibm-watson/personality-insights/v3');
const { IamAuthenticator } = require('ibm-watson/auth');
const personalityInsights = new PersonalityInsightsV3({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
version: '2016-10-19',
url: 'https://gateway.watsonplatform.net/personality-insights/api/'
});
personalityInsights.profile(
{
content: 'Enter more than 100 unique words here...',
contentType: 'text/plain',
consumptionPreferences: true
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log('error: ', err);
});
Use the Speech to Text service to recognize the text from a .wav
file.
const fs = require('fs');
const SpeechToTextV1 = require('ibm-watson/speech-to-text/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const speechToText = new SpeechToTextV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://stream.watsonplatform.net/speech-to-text/api/'
});
const params = {
// From file
audio: fs.createReadStream('./resources/speech.wav'),
contentType: 'audio/l16; rate=44100'
};
speechToText.recognize(params)
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
// or streaming
fs.createReadStream('./resources/speech.wav')
.pipe(speechToText.recognizeUsingWebSocket({ contentType: 'audio/l16; rate=44100' }))
.pipe(fs.createWriteStream('./transcription.txt'));
Use the Text to Speech service to synthesize text into an audio file.
const fs = require('fs');
const TextToSpeechV1 = require('ibm-watson/text-to-speech/v1');
const { IamAuthenticator } = require('ibm-watson/auth');
const textToSpeech = new TextToSpeechV1({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
url: 'https://stream.watsonplatform.net/text-to-speech/api/'
});
const params = {
text: 'Hello from IBM Watson',
voice: 'en-US_AllisonVoice', // Optional voice
accept: 'audio/wav'
};
// Synthesize speech, correct the wav header, then save to disk
// (wav header requires a file length, but this is unknown until after the header is already generated and sent)
// note that `repairWavHeaderStream` will read the whole stream into memory in order to process it.
// the method returns a Promise that resolves with the repaired buffer
textToSpeech
.synthesize(params)
.then(response => {
const audio = response.result;
return textToSpeech.repairWavHeaderStream(audio);
})
.then(repairedFile => {
fs.writeFileSync('audio.wav', repairedFile);
console.log('audio.wav written with a corrected wav header');
})
.catch(err => {
console.log(err);
});
// or, using WebSockets
textToSpeech.synthesizeUsingWebSocket(params);
synthStream.pipe(fs.createWriteStream('./audio.ogg'));
// see more information in examples/text_to_speech_websocket.js
Use the Tone Analyzer service to analyze the emotion, writing and social tones of a text.
const ToneAnalyzerV3 = require('ibm-watson/tone-analyzer/v3');
const { IamAuthenticator } = require('ibm-watson/auth');
const toneAnalyzer = new ToneAnalyzerV3({
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
version: '2016-05-19',
url: 'https://gateway.watsonplatform.net/tone-analyzer/api/'
});
toneAnalyzer.tone(
{
toneInput: 'Greetings from Watson Developer Cloud!',
contentType: 'text/plain'
})
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Use the Visual Recognition service to recognize the following picture.
const fs = require('fs');
const VisualRecognitionV3 = require('ibm-watson/visual-recognition/v3');
const { IamAuthenticator } = require('ibm-watson/auth');
const visualRecognition = new VisualRecognitionV3({
url: '<service_url>',
version: '2018-03-19',
authenticator: new IamAuthenticator({ apikey: '<apikey>' }),
});
const params = {
imagesFile: fs.createReadStream('./resources/car.png')
};
visualRecognition.classify(params)
.then(response => {
console.log(JSON.stringify(response.result, null, 2));
})
.catch(err => {
console.log(err);
});
Sample code for integrating Tone Analyzer and Assistant is provided in the examples directory.
The SDK always expects an authenticator to be passed in. To make an unautuhenticated request, use the NoAuthAuthenticator
.
const watson = require('ibm-watson');
const { NoAuthAuthenticator } = require('ibm-watson/auth');
const assistant = new watson.AssistantV1({
authenticator: new NoAuthAuthenticator(),
});
This library relies on the axios
npm module written by
axios to call the Watson Services. To debug the apps, add
'axios' to the NODE_DEBUG
environment variable:
$ NODE_DEBUG='axios' node app.js
where app.js
is your Node.js file.
Running all the tests:
$ npm test
Running a specific test:
$ jest '<path to test>'
Find more open source projects on the IBM Github Page.
See CONTRIBUTING.
We love to highlight cool open-source projects that use this SDK! If you'd like to get your project added to the list, feel free to make an issue linking us to it.
This library is licensed under Apache 2.0. Full license text is available in COPYING.
FAQs
Client library to use the IBM Watson Services
The npm package ibm-watson receives a total of 7,050 weekly downloads. As such, ibm-watson popularity was classified as popular.
We found that ibm-watson demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.