Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Universal Mastodon API client for JavaScript
Q&A | Examples | Read the Docs | Releases
In this quick start, we'll look at how to create a simple Mastodon bot that publishes a post using Masto.js.
First, you must install Node.js and npm in your environment. Follow the npm official guide for the setup, and proceed to the next step when it's ready. Alternatively, you can use yarn, pnpm or other package managers to install Masto.js, but this guide below uses npm.
The minimal required version of dependencies is as follows
>= 18.x
>= 9.x
>= 5.0.0
If you could successfully install Node.js and npm, create your first Masto.js project with the following command. Assume you're using a POSIX-compatible operating system.
Create a directory and initialise your project.
mkdir my-bot
cd my-bot
npm init es6 --yes
And install Masto.js using npm
npm install masto
Now you successfully initialised your project for developing a Mastodon bot. Next, you need to create an application to obtain an access token required to access your account.
Go to your settings page, open Development, and click the New Application button to earn your personal access token.
You need to fill out Application name, but the website and redirect URI are fine to be the default for now. What you need to select for Scopes is depending on your bot's ability, but you can access most of the functionality by granting read
and write
. See OAuth Scopes documentation for further information.
If you could create an application, save Your access token securely. This string is required to access your account through Masto.js.
Then you're almost there! Create a file named index.js
inside your project directory and add the following code. This is an example which will post a status from your account.
import { createRestAPIClient } from "masto";
const masto = createRestAPIClient({
url: process.env.URL,
accessToken: process.env.TOKEN,
});
const status = await masto.v1.statuses.create({
status: "Hello from #mastojs!",
visibility: "public",
});
console.log(status.url);
Finally, run the program with the following command. Replace {URL}
with your instance's URL such as https://mastodon.social
, and {TOKEN}
to your access token that you obtained in the previous section.
URL={URL} TOKEN={TOKEN} node ./index.js
Other available features are described in the documentation. You may also want to refer /examples directory on this repository.
See CONTRIBUTING.md
Masto.js is distributed under the MIT license
FAQs
Mastodon API client for JavaScript, TypeScript, Node.js, browsers
The npm package masto receives a total of 3,687 weekly downloads. As such, masto popularity was classified as popular.
We found that masto demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.ย It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVDโs backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.