Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
node-outlook
Advanced tools
This library provides a light-weight implementation of the Outlook Mail, Calendar, and Contacts APIs.
For a sample app that uses this library, see Getting Started with the Outlook Mail API and Node.js.
The original version of this library was a simple wrapper intended to enable use of the Microsoft Office 365 APIs Client Libraries for Cordova Applications from a Node.js app. This version still includes the old interfaces, but no further development is being made on that part of this library. It is recommended that applications use the new interfaces moving forward.
Installing should be done via NPM:
npm install node-outlook
Once installed, add the following to your source file:
var outlook = require("node-outlook");
Configuration of the library is done via the base
namespace:
outlook.base.setApiEndpoint
- Use this to override the API endpoint. The default value uses the Outlook v2 enpoint: https://outlook.office.com/api/v1.0
.outlook.base.setAnchorMailbox
- Set this to the user's SMTP address to enable the API endpoint to efficiently route API requests.outlook.base.setPreferredTimeZone
- Use this to specify a time zone for the server to use to return date/time values in the Calendar API.The library has a namespace for each API.
outlook.mail
- The Mail APIoutlook.calendar
- The Calendar APIoutlook.contacts
- The Contacts APIEach namespace has minimal functions (more to come). Usage is similar between the namespaces. For example, this is how you call the getMessages
function in the outlook.mail
namespace:
// Specify an OData query parameters to include in the request
var queryParams = {
'$select': 'Subject,ReceivedDateTime,From',
'$orderby': 'ReceivedDateTime desc',
'$top': 10
};
// Set the API endpoint to use the v2.0 endpoint
outlook.base.setApiEndpoint('https://outlook.office.com/api/v2.0');
// Set the anchor mailbox to the user's SMTP address
outlook.base.setAnchorMailbox(email);
outlook.mail.getMessages({token: token, odataParams: queryParams},
function(error, result){
if (error) {
console.log('getMessages returned an error: ' + error);
}
else if (result) {
console.log('getMessages returned ' + result.value.length + ' messages.');
result.value.forEach(function(message) {
console.log(' Subject: ' + message.Subject);
var from = message.From ? message.From.EmailAddress.Name : "NONE";
console.log(' From: ' + from);
console.log(' Received: ' + message.ReceivedDateTime.toString());
});
}
});
If the library does not implement a function that does what you need, you can use the outlook.base.makeApiCall
method to call any API call implemented on the server. See the implementations of any methods in the outlook.mail
, outlook.calendar
, or outlook.contacts
namespaces for an example of how to use this method.
As a reminder, the old interface is no longer being developed. It's recommended that you use the new interface.
You can create an OutlookServices.Client
object like so:
var outlookClient = new outlook.Microsoft.OutlookServices.Client('https://outlook.office365.com/api/v1.0',
authHelper.getAccessTokenFn('https://outlook.office365.com/', session));
Where authHelper.getAccessTokenFn
is a callback method you implement to provide the needed OAuth2 access token.
Copyright (c) Microsoft. All rights reserved.
Connect with me on Twitter @JasonJohMSFT
Follow the Exchange Dev Blog
FAQs
A package for calling the Outlook APIs from Node.
The npm package node-outlook receives a total of 3,446 weekly downloads. As such, node-outlook popularity was classified as popular.
We found that node-outlook demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.