Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
light-spotify
Advanced tools
light-spotify is a Spotify wrapper to make it easy to work with Spotify's API.
For npm:
npm i light-spotify
For yarn:
yarn add light-spotify
Its important to make sure that you have a valid access token to make requests. To make an access token, you can use the simple code below.
const baseUrl = "https://accounts.spotify.com/api/token";
const getData = await fetch(baseUrl, {
method: "POST",
headers: {
"Content-Type": "application/x-www-form-urlencoded",
Authorization:
"Basic " +
new Buffer.from(`${CLIENT_ID}:${CLIENT_SECRET}`).toString("base64"),
},
body: "grant_type=client_credentials",
})
.then(res => res.json())
.then(data => {
console.log(data)
/*{
access_token: 'GENERATED ACCESS TOKEN',
token_type: 'Bearer',
expires_in: 3600
}*/.
})
Then, create a new instance of the package.
import { LightSpotify } from 'light-spotify';
const SpotifyAPI = new LightSpotify();
//set access token here.
SpotifyAPI.setAccessToken = 'ACCESS_TOKEN';
//if you ever need to get the access token.
console.log(Spotify.getAccessToken); //returns the token.
Making requests with light-spotify is easy. Want to get multiple albums? Easy.
const { LightSpotify } = require("light-spotify");
const spotify = new LightSpotify();
const albumIds = ['ID1', 'ID2', 'ID3']; // max 20 ids;
//set the access token first.
spotify.setAccessToken = 'asd'; // get the auth token;
//param 1: token || param 2: the album id or album ids || param 3: the market (valid ISO 3161 code).
spotify
.getMultipleAlbums(spotify.getAccessToken, albumIds, 'US') // returns Promise of AxiosResponse
//Handle the resolved promise.
.then((i) => {
console.log(i.data);
})
//handle errors
.catch(console.error);
Oh yeah. And we also have full Typescript support. :)
Check out /docs/TOC.md for all data requests that you can make.
Any contributions are welcome. Check out CONTRIBUTING.md for more info.
FAQs
A Spotify wrapper that makes it easy to work with Spotify's api.
The npm package light-spotify receives a total of 8 weekly downloads. As such, light-spotify popularity was classified as not popular.
We found that light-spotify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.