Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
node-twitter-api
Advanced tools
Simple module for using Twitter's API in node.js
npm install node-twitter-api
var twitterAPI = require('node-twitter-api');
var twitter = new twitterAPI({
consumerKey: 'your consumer Key',
consumerSecret: 'your consumer secret',
callback: 'http://yoururl.tld/something'
});
twitter.getRequestToken(function(error, requestToken, requestTokenSecret, results){
if (error) {
console.log("Error getting OAuth request token : " + error);
} else {
//store token and tokenSecret somewhere, you'll need them later; redirect user
}
});
If no error has occured, you now have a requestToken
and a requestTokenSecret
. You should store them somewhere (e.g. in a session, if you are using express), because you will need them later to get the current user's access token, which is used for authentification.
Redirect the user to https://twitter.com/oauth/authenticate?oauth_token=[requestToken]
. twitter.getAuthUrl(requestToken)
also returns that URL.
If he allows your app to access his data, Twitter will redirect him to your callback-URL (defined in Step 1) containing the get-parameters: oauth_token
and oauth_verifier
. You can use oauth_token
(which is the requestToken
in Step 2) to find the associated requestTokenSecret
. You will need requestToken
, requestTokenSecret
and oauth_verifier
to get an Access Token.
twitter.getAccessToken(requestToken, requestTokenSecret, oauth_verifier, function(error, accessToken, accessTokenSecret, results) {
if (error) {
console.log(error);
} else {
//store accessToken and accessTokenSecret somewhere (associated to the user)
//Step 4: Verify Credentials belongs here
}
});
If no error occured, you now have an accessToken
and an accessTokenSecret
. You need them to authenticate later API-calls.
twitter.verifyCredentials(accessToken, accessTokenSecret, function(error, data, response) {
if (error) {
//something was wrong with either accessToken or accessTokenSecret
//start over with Step 1
} else {
//accessToken and accessTokenSecret can now be used to make api-calls (not yet implemented)
//data contains the user-data described in the official Twitter-API-docs
//you could e.g. display his screen_name
console.log(data["screen_name"]);
}
});
(Allmost) all function names replicate the endpoints of the Twitter API 1.1. If you want to post a status e. g. - which is done by posting data to statuses/update - you can just do the following:
twitter.statuses("update", {
status: "Hello world!"
},
accessToken,
accessTokenSecret,
function(error, data, response) {
if (error) {
// something went wrong
} else {
// data contains the data sent by twitter
}
}
);
Most of the functions use the scheme:
twitter.[namespace]([type], [params], [accessToken], [accessTokenSecret], [callback]);
For Timelines you can also use the function getTimeline which has the following types:
user
or user_timeline
(Note that you need to either specify user_id or screen_name when using this timeline)home
or home_timeline
mentions
or mentions_timeline
retweets
or retweets_of_me
For more information on the different types of timelines see https://dev.twitter.com/rest/reference/get/statuses/home_timeline (analog for the other types)
For Streams you must use getStream which has two instead of just one callback: a dataCallback and an endCallback. (c.f. data and end events of node's http response)
To upload media to Twitter, call twitter.uploadMedia(params, accessToken, accessTokenSecret, callback)
with params containing the following:
For a example result see https://dev.twitter.com/rest/reference/post/media/upload. You can pass multiple media_ids to the statuses/update endpoint by seperating them with commas (e.g. "[id1],[id2],[id3],[id4]").
FAQs
Simple module for using Twitter's API in node.js
The npm package node-twitter-api receives a total of 1,736 weekly downloads. As such, node-twitter-api popularity was classified as popular.
We found that node-twitter-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.