Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025
spdl-core
Spotify track downloader module. Written in pure javascript.
Support
You can contact us for support on our chat server
Usage
const fs = require('fs');
const spdl = require('spdl-core').default;
// Typescript: import spdl from 'spdl-core';
spdl.getInfo('https://open.spotify.com/track/3fjmSxt0PskST13CSdBUFx?si=e420cd3a80834011').then(infos => {
spdl(infos.url).then(stream => {
stream.on('end', () => console.log('Done!'));
stream.pipe(fs.createWriteStream(`${infos.title}.mp3`));
});
});
API
async spdl(url, options?)
Downloads the track from the given url. Returns a readable stream Options are the options for discord-ytdl-core
async spdl.getInfo(url)
Gives the information of a track
spdl.validateURL(url, type?)
Returns true if url is a spotify link
Limitations
Generated download links are valid for 6 hours, and may only be downloadable from the same IP address.
Install
npm install spdl-core@latest
Or for Yarn users:
yarn add spdl-core@latest
Make sure you're installing the latest version of spdl-core to keep up with the latest fixes.
Discord Bot
You'll need to install discord.js and @discordjs/opus.
const { MessageEmbed, Client } = require('discord.js');
const spdl = require('spdl-core');
function formatDuration(duration) {
let seconds = duration / 1000;
return `${Math.floor(seconds / 60)}m ${Math.floor(seconds % 60)}s`;
}
const client = new Client();
client.login('Your Discord Bot Token');
client.on('ready', () => console.log('Ready'));
client.on('message', async (msg) => {
if (!msg.content.startsWith('!play')) return;
const url = msg.content.split('!play ')[1];
if (!spdl.validateURL(url)) return msg.channel.send('Invalid URL');
const channel = msg.member.voice.channel;
if (!channel) return msg.channel.send('Not in a voc channel');
try {
const connection = await channel.join();
connection
.play(await spdl(url))
.on('error', e => console.error(e));
const infos = await spdl.getInfo(url);
const embed = new MessageEmbed()
.setTitle(`Now playing: ${infos.title}`)
.setURL(infos.url)
.setColor('#1DB954')
.addField('Artist', infos.artist, true)
.addField('Duration', formatDuration(infos.duration), true)
.setThumbnail(infos.thumbnail);
msg.channel.send(embed);
} catch (err) {
console.error(err);
msg.channel.send(`An error occurred: ${err.message}`);
}
});
Note
There is nothing illegal here, the module just searches for the song on Youtube and downloads it.
FAQs
Spotify track downloader module. Written in pure javascript.
We found that spdl-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 21 May 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Announcing Socket Fix 2.0
Socket Fix 2.0 brings targeted CVE remediation, smarter upgrade planning, and broader ecosystem support to help developers get to zero alerts.
By Martin Torp, John-David Dalton, Jeppe Fredsgaard Blaabjerg, Benjamin Barslev, Oskar Haarklou Veileborg - Sep 10, 2025
Security News
Feross on Risky Business Weekly Podcast: npm’s Ongoing Supply Chain Attacks
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
By Sarah Gooding - Sep 10, 2025