Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
SDK for creating MetaWear apps that run on node.js. Supported on Linux only.
This is a thin wrapper around the MetaWear C++ API so you will find the C++ documentation and API reference useful.
Also, check out the JavaScript examples.
Under the hood it uses Noble-Device and Noble for Bluetooth Low Energy communications. These third party libraries have been abandoned and we are currently supporting a custom fork (with help from @abandonware).
ADDITIONAL NOTES
You can try to get our JS SDK running on OSX or Windows at your own risk. This requires that you get Noble to work under those OSs yourself. We do not provide examples or support for this; experts ONLY. Please see the Noble README.
MetaWear is a complete development and production platform for wearable and connected device applications.
MetaWear features a number of sensors and peripherals all easily controllable over Bluetooth 4.0/5.0 Low Energy using this SDK, no firmware or hardware experience needed!
The MetaWear hardware comes pre-loaded with a wirelessly upgradeable firmware, so it keeps getting more powerful over time.
See the License.
Reach out to the community if you encounter any problems, or just want to chat :)
You need to make sure you have node and npm installed on your machine. Here's a quick rundown but you should google-fu proper steps for your specific OS and Node version.
We are currently supporting Node 10.23.0. Here are steps to install Node on Linux (Ubuntu). You have 3 options:
sudo apt install nodejs
sudo apt install npm
nodejs -v
This will install the latest Node. You may need to alias nodejs to node.
cd ~
curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt install nodejs
nodejs -v
This will install node v10.23.0 (latest stable release of node 10). You can replace the 10 with 12 if you want to install node 12. You may need to alias nodejs to node.
curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.35.3/install.sh -o install_nvm.sh
bash install_nvm.sh
source ~/.profile
nvm install 10.23.0
nvm use 10.23.0
node -v
Check the latest version of NVM before you install (it might be higher than v0.35.3). You can go online to learn how to use NVM to switch node versions on the fly.
It is important to note that because our scripts use OS level Bluetooth libraries, it may be required to use sudo (or you will get a warning and the scripts won't work). You need to decide if you are ok to use sudo or not. If you are not, follow this guide
You also need to check that the version of node you are using is as expected for sudo:
$ node -v
v0.10.23
$ sudo node -v
v0.11.8-pre
As you can see here, the sudo node version is not the same as the current user version. Here's a workaround. You can google-fu more about this topic.
n=$(which node); \
n=${n%/bin/node}; \
chmod -R 755 $n/bin/*; \
sudo cp -r $n/{bin,lib,share} /usr/local
At the time of this release, Node 10 is supported. Node 12 is not currently supported as node-ffi
and some other libraries have not been updated.
We have to use a custom fork of node-ffi until then (see package.json). Hopefully node-ffi will be updated to support Node 10 and Node 12 officially.
Bluez 5.50 works but 5.54 might not work. Here's a good tutorial
If you are not using a BLE dongle, you need to make sure your system is working and supports Bluetooth 4.0 or later (Bluetooth low energy).
If you are using a BLE dongle, you need to make sure it's working. You can google-fu how to use tools such as bluetoothctl
, hciconfig
, btmon
and more to confirm this.
This may or may not work on arm64. Works on armhf and raspberryPi 3 and RaspberryPi 4.
You have three options for installation:
The Mbient JavaScript SDK relies on Noble and Noble-Device for Bluetooth Low Energy communications.
You need to setup the relevant prerequisites for Noble and then install Noble. Make sure you use our versions of these libraries as the original packages have been abandoned.
Then you can simply install the MetaWear package lib with NPM using the command line:
npm install metawear
This step takes a long time as all the packages are installed and the MetaWear CPP library will be compiled on your machine. You may or may not need to update.
npm update metawear
You can install the metawear package straight from our repository by using:
npm install https://github.com/mbientlab/MetaWear-SDK-JavaScript.git
This step takes a long time as all the packages are installed and the MetaWear CPP library will be compiled on your machine.
We packaged everything for you already in this repository with the package.json file ready to be installed with npm.
Make sure that when you clone this repository, that you clone the submodule with it.
git clone --recurse-submodules https://github.com/mbientlab/MetaWear-SDK-JavaScript.git
Then you can simply install all the dependencies you need by building the npm project with command line:
npm install
This step takes a long time as all the packages are installed and the MetaWear CPP library will be compiled as well.
If you have any issues with the npm installation, make sure you are using the correct version of node, npm, nvm (if used), bluez, and that your machine is bluetoothLE compliant. Follow the errors and correct them as indicated by the npm output log.
If you have any issues compiling the MetaWear-CPP-SDK
(this is a post script that runs at the end of npm install), simply build it from source.
If you cloned the repo:
cd MetaWear-SDK-Cpp/
make
If you ran an npm command:
cd node_modules/
cd MetaWear-SDK-Cpp/
make
Once the install is successful, you can run our example scripts in the example folder (see the example folder in our repository):
node led.js
Please note that depending on your node and npm installation, you may need to run sudo:
sudo node led.js
Please note that the examples in our examples folder will use the local metawear libraries (as this repository is meant for development):
var MetaWear = require('../index')
This is using the local metawear code.
Simply change it to this:
var MetaWear = require('metawear');
This would be using the metawear code in your local npm node_modules
directory as installed with npn.
You should familiarize yourself with this README and our tutorials since there a few limitiations and other gotchas spelled out, such as the maximum number of simultaneous Bluetooth connections.
Require the metawear package
var MetaWear = require('metawear');
Discover the first MetaWear device seen
MetaWear.discover(function (device) { ... }
Or a specific MAC address
MetaWear.discoverByAddress('cb:7d:c5:b0:20:8f', function(device) { ... }
There are other options too, documented in Noble Device
After that, you must connect to the device
device.connectAndSetUp(function (error) { ... }
At this point you can call any of the MetaWear API's, for example, you can blink the LED green
var pattern = new MetaWear.LedPattern();
MetaWear.mbl_mw_led_load_p_pattern(pattern.ref(), MetaWear.LedPreset.BLINK);
MetaWear.mbl_mw_led_write_pattern(device.board, pattern.ref(), MetaWear.LedColor.GREEN);
MetaWear.mbl_mw_led_play(device.board);
var MetaWear = require('metawear');
MetaWear.discover(function (device) {
device.connectAndSetUp(function (error) {
var pattern = new MetaWear.LedPattern();
MetaWear.mbl_mw_led_load_preset_pattern(pattern.ref(), MetaWear.LedPreset.BLINK);
MetaWear.mbl_mw_led_write_pattern(device.board, pattern.ref(), MetaWear.LedColor.GREEN);
MetaWear.mbl_mw_led_play(device.board);
// After 5 seconds we reset the board to clear the LED, when we receive
// a disconnect notice we know the reset is complete, so exit the program
setTimeout(function () {
device.on('disconnect', function () {
process.exit(0);
});
MetaWear.mbl_mw_debug_reset(device.board);
}, 5000);
});
});
Tutorials can be found here.
FAQs
Official JavaScript SDK for MetaWear
The npm package metawear receives a total of 72 weekly downloads. As such, metawear popularity was classified as not popular.
We found that metawear demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.