Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
syncconnect
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
syncconnect
The Sync Connect JavaScript SDK is an open-source, python package that provides the ability to send commands to your Ford Sync Connect connected vehicle.
Installation
npm install syncconnect
Requirements
- To make requests to a vehicle, the end user must have signed up for an account using Ford Pass. These credentials will be used to authenticate your requests.
Getting Started
Import the Sync Connect SDK
import syncconnect from 'syncconnect'
Create a new syncconnect client
- Note the default Sync Connect client_id is
9fb503e0-715b-47e8-adfd-ad4b7770f73b
const client = syncconnect.AuthClient('9fb503e0-715b-47e8-adfd-ad4b7770f73b')
Use client.getAccessTokenFromCredentials() to exchange your user credentials for an access token object. To make any vehicle data request to the Ford Sync Connect API, you'll need to give the SDK a valid access token.
const accessToken = await client.getAccessTokenFromCredentials({username: '<username>', password: '<password>'})
Access tokens will expire every 2 hours, so you'll need to constantly refresh them by calling client.getAccessTokenFromRefreshToken()
const refreshToken = await client.getAccessTokenFromRefreshToken(accessToken.getRefreshToken())
With your access token in hand, use syncconnect.User() to get a User object representing the user.
const user = syncconnect.User(accessToken.getValue())
Use user.vehicles() to return an array of all the vehicles associated with a users account. The response will include the vehicle vin.
const vehicles = await user.vehicles()
const vehicleList = [] // Array of vehicles
for (userVehicle of vehicles) // For each user vehicle
vehicleList.push(userVehicle['vin'])
Now with a vehicle vin in hand, use syncconnect.Vehicle() to get a Vehicle object representing the user's vehicle.
let currentVehicle = syncconnect.Vehicle(vehicleList[0], accessToken.getValue()) // First Vehicle in vehicleList
Now you can ask the car to do things, or ask it for some data! For example:
await currentVehicle.start()
Examples & Documentation
For more examples on what you can do with Sync Connected car, see the examples folder or take a peek at the documentation.
Funding & Support
If you are interested in supporting the development of my projects check out my patreon or buy me a coffee.
Disclaimer
THIS CODEBASE IS NOT ENDORSED, AFFILIATED, OR ASSOCIATED WITH FORD, FOMOCO OR THE FORD MOTOR COMPANY.
FAQs
The npm package syncconnect receives a total of 0 weekly downloads. As such, syncconnect popularity was classified as not popular.
We found that syncconnect demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 23 Dec 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026