Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
paypal-node-api
Advanced tools
Paypal Node API
A wrapper around paypal's REST API, featuring events, promise support and auto auth.
Only supports subscriptions and orders for now, others will be added per request.
THIS IS NOT AN OFFICIAL API
Installation
NPM:
npm i kik-paypal-api
Usage
Requests
Getting Started
You can use the API by creating an instance of PaypalClient.
const PaypalClient = require("paypal-node-api");
paypal = new PaypalClient({
env: "sandbox",
clientId: "id",
secret: "secret",
config: {}
});
env: one of either "sandbox" or "live"
clientId: your app's client id
secret: your app's secret
config: a config object
Sharing a paypal instance:
const PaypalClient = require("paypal-node-api");
const clientId = "yourApp'sId";
const secret = "yourApp'sSecret";
const paypal = new PaypalClient("sandbox", clientId, secret);
//event handlers go here
paypal.on("auth", () => {
console.log("Paypal token refreshed");
});
module.exports = paypal;
The Basics
The Extras Object
All required parameters are supplied directly to the functions,
non required parameters can be supplied via the extras parameter, this
object is merged into the request's payload
The Error Object
Requests
Orders
Create
await paypal.orders.create(intent, purchaseUnits);
intent: either "CAPTURE" or "AUTHORIZE"
purchaseUnits: an array of purchase_unit_request objects
Update
await paypal.orders.update(orderId, patchRequest);
orderId: the target order's id
patchRequest: an array of patch objects
Details
await paypal.orders.details(orderId);
orderId: the target order's id
Authorize
await paypal.orders.authorize(planId);
orderId: the target order's id
Capture
await paypal.orders.capture(orderId);
orderId: the target order's id
Subscriptions
Create
await paypal.subscriptions.create(planId, extras);
planId: the plan associated with this subscription
Details
await paypal.subscriptions.details(subscriptionId);
subscriptionId: the subscription id to retrieve
returns the subscription object
Webhooks
Verify
await paypal.webhooks.verify(authAlgo, certUrl, transmissionId, transmissionSig, transmissionTime, webhookId, webhookEvent)
returns true if verified, false if not
License
FAQs
Unofficial API to make working with paypal bearable
The npm package paypal-node-api receives a total of 1 weekly downloads. As such, paypal-node-api popularity was classified as not popular.
We found that paypal-node-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Nov 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025