Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
inves-broker
Advanced tools
inves-broker
provides a unified interface for dealing with multiple broker APIs in the Indian stock market.
npm install inves-broker
import { IConnect, BrokerName } from 'inves-broker';
const kite = IConnect(BrokerName.KITE, {
kiteAPIKey: process.env.KITE_API_KEY,
kiteAPISecret: process.env.KITE_API_SECRET
});
const kiteUrl = await kite.getLoginURL({});
const paytm = IConnect(BrokerName.PAYTM_MONEY, {
paytmMoneyAPIKey: process.env.PAYTM_API_KEY,
paytmMoneyAPISecret: process.env.PAYTM_API_SECRET
});
const paytmUrl = await paytm.getLoginURL({});
Building a platform to support order placement and retrieval via multiple brokers is an exhaustive task. To achieve the same end goal, each broker has a slightly different way of doing things. Integrating each broker would require extensive reading of all the documentation followed by a tedious implementation.
We enforce a standard of how you should place an order, get order information, etc. This standard closely conforms to Zerodha's way of doing things. If you are familiar with using the Kite API, you will find inves-broker
's interface to be similar. For exceptional cases where a broker cannot fit within a standard, we provide an extended support for that. Hence, all brokers under inves-broker
follow the Open-closed principle.
Each broker class will provide the methods listed here. In some cases, it will be necessary to deviate from the standard. This is described below.
Paytm Money and Dhan identify an instrument via its list of security ids. This list needs to be downloaded once a day. By default, when you place an order, this list is downloaded and stored in memory for the next 24 hours. Hence, the first call to place an order would be slow. Subsequent calls would just hit the cache. However, if you wish to pre-fetch this list, even before you invoke the placeOrder
method, you can do this via following:
import { IConnect, BrokerName, PaytmMoneyBroker } from 'inves-broker';
const broker = IConnect(BrokerName.PAYTM_MONEY, config);
if (broker instanceof PaytmMoneyBroker) {
await broker.triggerMemoizationOfSecurityList();
}
FAQs
Interact with multiple broker APIs in the Indian stock market.
The npm package inves-broker receives a total of 0 weekly downloads. As such, inves-broker popularity was classified as not popular.
We found that inves-broker demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.