Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
Metrafin API Node
Official Metrafin API Client for Node.js
GitHub | NPM | Official API Documentation
Install
npm i metrafin
const App = require('metrafin')
Use
Create application
Create an application with its private token.
const myApp = new App('VLeIjSNigss5eqLcNf5Snv2kh_d-HWOv1-ojr952gpW0CyKt')
Resolve users
// in async context
const userInfoA = await myApp.resolveUser('username', 'ethan')
// or...
const userInfoB = await myApp.resolveUser('userId', '9175009b-b215-4be8-a3a8-88322757804d')
Use an authToken
const auth = await myApp.getAuth('rmxQPAll1kEhsc8u-IPwBkwyNdixJCSf')
console.log('Auth userId: ' + auth.userId)
console.log('Auth scopes: ' + auth.scopes)
console.log('Auth expires: ' + auth.expires)
Get user profile
See profile information documentation for details about the profile response.
await auth.getProfile()
Get user permissions
await auth.getPermissions()
Get user HonorScore
await auth.getHonorScore()
Create reputation event
See reputation event documentation for details about reputation events.
await auth.createReputationEvent({
'context': 'public_comment',
'tag': 'spam',
'type': 'negative',
'description': 'Excessive commenting on a video'
})
List reputation events
await auth.getReputationEvents()
Update active status of reputation event
await auth.setReputationEventActive('ef8c4ce3-2f02-4647-ab5e-727387184e15', false)
// This will deactivate the reputation event with ID ef8c4ce3-2f02-4647-ab5e-727387184e15.
Feedback and questions
If you have questions or feedback about the package, feel free to let us know in GitHub issues.
Feel free to contribute through PRs as well. :)
Keywords
FAQs
Official Metrafin API Client for Node.js
The npm package metrafin receives a total of 2 weekly downloads. As such, metrafin popularity was classified as not popular.
We found that metrafin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Sep 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025