Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The npm-api package provides a simple interface to interact with the npm registry programmatically. It allows users to fetch information about packages, users, and other entities on the npm registry.
Get Package Information
This feature allows you to fetch detailed information about a specific npm package. In this example, it retrieves information about the 'express' package.
const NpmApi = require('npm-api');
const repo = new NpmApi().repo('express');
repo.package().then(pkg => console.log(pkg));
Get User Information
This feature allows you to fetch information about a specific npm user. In this example, it retrieves information about the user 'isaacs'.
const NpmApi = require('npm-api');
const user = new NpmApi().user('isaacs');
user.info().then(info => console.log(info));
Search for Packages
This feature allows you to search for packages on the npm registry. In this example, it searches for packages related to 'express'.
const NpmApi = require('npm-api');
const npm = new NpmApi();
npm.search('express').then(results => console.log(results));
The npm-registry-fetch package provides a low-level interface to interact with the npm registry. It is more flexible and allows for more customized requests compared to npm-api, but it requires more setup and understanding of the npm registry API.
The package-json package allows you to get metadata of a package from the npm registry. It is simpler and more focused on fetching package information compared to npm-api, which offers a broader range of functionalities.
The npm package itself can be used programmatically to interact with the npm registry. It provides a comprehensive set of features but is more complex to use compared to npm-api, which offers a more streamlined and simplified interface.
Base class for retrieving data from the npm registry.
Install with npm:
$ npm install --save npm-api
var NpmApi = require('npm-api');
NpmApi constructor. Create an instance to work with maintainer and repository information.
Example
var npm = new NpmApi();
Create a new instance of View
or get an existing instance to work with npm couchdb views.
Params
name
{String}: Name of the couchdb view to work with.returns
{Object} View
: instanceExample
var view = npm.view('byUser');
Create a new instance of List
or get an existing instance to work with npm couchdb list.
Params
name
{String}: Name of the couchdb list to work with.view
{String|Object}: Name or instance of a view
to work with.returns
{Object} List
: instanceExample
var list = npm.list('sortCount', 'byUser');
Create an instance of a repo
to work with.
Params
name
{String}: Name of the repo as it's published to npm.returns
{Object}: Instance of a Repo
model to work with.Example
var repo = npm.repo('micromatch');
Create an instance of a maintainer
to work with.
Params
name
{String}: Npm username of the maintainer.returns
{Object}: Instance of a Maintainer
model to work with.Example
var maintainer = npm.maintainer('doowb');
Base model to include common plugins.
Params
store
{Object}: Cache store intance to use.Maintainer constructor. Create an instance of an npm maintainer by maintainer name.
Params
name
{String}: Name of the npm maintainer to get information about.store
{Object}: Optional cache store instance for caching results. Defaults to a memory store.Example
var maintainer = new Maintainer('doowb');
Get the repositories owned by this maintainer.
returns
{Promise}: Returns array of repository names when promise resolves.Example
maintainer.repos()
.then(function(repos) {
console.log(repos);
}, function(err) {
console.error(err);
});
Repo constructor. Create an instance of an npm repo by repo name.
Params
name
{String}: Name of the npm repo to get information about.store
{Object}: Optional cache store instance for caching results. Defaults to a memory store.Example
var repo = new Repo('micromatch');
Get the repo's published package.json.
returns
{Promise}: Returns the package.json object when promise resolves.Example
repo.package()
.then(function(pkg) {
console.log(pkg);
}, function(err) {
console.error(err);
});
Get the repo's published package.json value for the specified version.
Params
version
{String}: Specific version to retrieve.returns
{Promise}: Returns the package.json object for the specified version when promise resolves.Example
repo.version('0.2.0')
.then(function(pkg) {
console.log(pkg);
}, function(err) {
console.error(err);
});
Get the repo's dependencies for the specified version.
Params
version
{String}: Specific version to retrieve. Defaults to latest
.returns
{Promise}: Returns the dependencies object for the specified version when promise resolves.Example
repo.dependencies()
.then(function(dependencies) {
console.log(dependencies);
}, function(err) {
console.error(err);
});
Get the repo's devDependencies for the specified version.
Params
version
{String}: Specific version to retrieve. Defaults to latest
.returns
{Promise}: Returns the devDependencies object for the specified version when promise resolves.Example
repo.devDependencies()
.then(function(devDependencies) {
console.log(devDependencies);
}, function(err) {
console.error(err);
});
Get the specified property from the repo's package.json for the specified version.
Params
prop
{String}: Name of the property to get.version
{String}: Specific version to retrieve. Defaults to latest
.returns
{Promise}: Returns the property for the specified version when promise resolves.Example
repo.prop('author')
.then(function(author) {
console.log(author);
}, function(err) {
console.error(err);
});
View constructor. Create an instance of a view associated with a couchdb view in the npm registry.
Params
name
{String}: Name of couchdb view to use.returns
{Object}: instance of View
Example
var view = new View('dependedUpon');
Query the couchdb view with the provided parameters.
Params
params
{Object}: URL query parameters to pass along to the couchdb view.returns
{Promise}: Results of the query when promise is resolved.Example
view.query({ group_level: 2, startkey: JSON.stringify(['micromatch']), endkey: JSON.stringify(['micromatch', {}])})
.then(function(results) {
console.log(results);
}, function(err) {
console.log(err);
});
Query the couchdb view with the provided parameters and return a stream of results.
Params
params
{Object}: URL query parameters to pass along to the couchdb view.returns
{Stream}: Streaming results of the query.Example
view.stream({ group_level: 2, startkey: JSON.stringify(['micromatch']), endkey: JSON.stringify(['micromatch', {}])})
.on('data', function(data) {
console.log(data);
});
Build a formatted url with the provided parameters.
Params
params
{Object}: URL query parameters.returns
{String}: formatted url stringList constructor. Create an instance of a list associated with a couchdb list in the npm registry.
Params
name
{String}: Name of couchdb list to use.view
{Object}: Instance of a View to use with the list.returns
{Object}: instance of List
Example
var list = new List('dependedUpon', view);
Query the couchdb list with the provided parameters.
Params
params
{Object}: URL query parameters to pass along to the couchdb list.returns
{Promise}: Results of the query when promise is resolved.Example
list.query({ key: JSON.stringify(['micromatch']) })
.then(function(results) {
console.log(results);
}, function(err) {
console.log(err);
});
Build a formatted url with the provided parameters.
Params
params
{Object}: URL query parameters.returns
{String}: formatted url stringPull requests and stars are always welcome. For bugs and feature requests, please create an issue.
(This project's readme.md is generated by verb, please don't edit the readme directly. Any changes to the readme must be made in the .verb.md readme template.)
To generate the readme, run the following command:
$ npm install -g verbose/verb#dev verb-generate-readme && verb
Running and reviewing unit tests is a great way to get familiarized with a library and its API. You can install dependencies and run tests with the following command:
$ npm install && npm test
Brian Woodward
Copyright © 2017, Brian Woodward. Released under the MIT License.
This file was generated by verb-generate-readme, v0.6.0, on December 27, 2017.
FAQs
Node.js library for getting info from NPM’s API
The npm package npm-api receives a total of 325,449 weekly downloads. As such, npm-api popularity was classified as popular.
We found that npm-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.