
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
linkedin-web-api
Advanced tools
npm install linkedin-web-api
import { Client } from 'linkedin-web-api';
const username = process.env.USERNAME as string;
const password = process.env.PASSWORD as string;
const proxy = process.env.PROXY as string;
(async () => {
// Login
const client = new Client();
await client.login.userPass({ username, password, proxy });
// search for companies
const companiesScroller = await client.search.searchCompanies({ keywords: 'Microsoft' });
const [{ company: microsoft }] = await companiesScroller.scrollNext();
// Search for profiles and send an invitation
const peopleScroller = await client.search.searchPeople({
keywords: 'Bill Gates',
filters: {
pastCompany: microsoft.companyId,
},
});
const [{ profile: billGates }] = await peopleScroller.scrollNext();
await client.invitation.sendInvitation({
profileId: billGates.profileId,
trackingId: billGates.trackingId,
});
// Search in my connections
const ownConnectionsScroller = await client.search.searchOwnConnections({ keywords: 'Bill Gates', limit: 1 });
const connections = await ownConnectionsScroller.scrollNext();
// Get conversation
const [billConversation] = await client.conversation
.getConversations({
recipients: billGates.profileId,
})
.scrollNext();
const conversationMessages = await client.message
.getMessages({
conversationId: billConversation.conversationId,
})
.scrollNext();
// Send a message
const sentMessage = await client.message.sendMessage({
profileId: billGates.profileId,
text: 'Hey Bill!',
});
})();
Classes that expose methods for communicating with linkedin API.
Each repository describes a LinkedIn entity that we can operate on it. Example: InvitationRepository
.
The methods are divided into 3 types:
Single entity getters - example: conversation.getConversation({ conversationId: CONVERSATION_ID })
Single entity getters return a LinkedIn Entity.
Multiple entities getters - for example invitation.getSentInvitations({ skip: 10, limit: 5 })
Multiple entities getters return a Scroller.
Mutations - for example invitation.sendInvitation({ ... })
Mutations return a Response entity
Wrapper classes that enable a convenient work with paginated responses. For example - PeopleScroller
.
Most of LinkedIn requests return paginated responses, (just like in the UI), scrollers just provide a structured way to navigate between pages.
There are two types of scrollers:
Index scroller - Accepts 2 properties:
skip (number)
- Starting index (How many entities to skip).
limit (number)
- How many entities to fetch on each iteration.
Time scrollers - Accepts one property:
createdBefore (Date)
- Defines the point of time to start fetching entities.
Example:
// index scroller
let companiesScroller = client.search.searchCompanies();
let companies = await companiesScroller.scrollNext(); // returns first page with 10 results
companies = await companiesScroller.scrollNext(); // next page
companies = await companiesScroller.scrollBack(); // previous page
// overriding skip and limit
companiesScroller = client.search.searchCompanies({ skip: 100, limit: 1 });
companies = await companiesScroller.scrollNext(); // returns first page with 1 results
companies = await companiesScroller.scrollNext(); // next page
companies = await companiesScroller.scrollBack(); // previous page
// overriding createdBefore for time scroller
const twoDaysAgo = moment().subtract(2, 'days').toDate();
let messagesScroller = client.message.getMessages({
conversationId: CONVERSATION_ID,
createdBefore: twoDaysAgo,
});
messages = await companiesScroller.scrollNext();
A lot!
This is a new project, and as such, there's a lot that need to be done.
Some new features that I expect to develop soon:
Want a specific feature? Please open a feature request :)
Also, i'll be more than happy to welcome new contributors to this project.
This code is in no way affiliated with, authorized, maintained, sponsored or endorsed by Linkedin or any of its affiliates or subsidiaries. This is an independent and unofficial API. Use at your own risk.
Note that using this API might cause your account being banned.
Always take care; we cannot be held for any account being banned.
FAQs
## Installation
We found that linkedin-web-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.