Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
A Telegram client written in JavaScript for Node.js and browsers, with its core being based on Telethon.
Here you'll learn how to obtain necessary information to create telegram application, authorize into your account and send yourself a message.
Note that if you want to use a GramJS inside of a browser, refer to this instructions.
Install GramJS:
$ npm i telegram
After installation, you'll need to obtain an API ID and hash:
Never share any API/authorization details, that will compromise your application and account.
When you've successfully created the application, change apiId
and apiHash
on what you got from telegram.
Then run this code to send a message to yourself.
import { TelegramClient } from "telegram";
import { StringSession } from "telegram/sessions";
import readline from "readline";
const apiId = 123456;
const apiHash = "123456abcdfg";
const stringSession = new StringSession(""); // fill this later with the value from session.save()
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
});
(async () => {
console.log("Loading interactive example...");
const client = new TelegramClient(stringSession, apiId, apiHash, {
connectionRetries: 5,
});
await client.start({
phoneNumber: async () =>
new Promise((resolve) =>
rl.question("Please enter your number: ", resolve)
),
password: async () =>
new Promise((resolve) =>
rl.question("Please enter your password: ", resolve)
),
phoneCode: async () =>
new Promise((resolve) =>
rl.question("Please enter the code you received: ", resolve)
),
onError: (err) => console.log(err),
});
console.log("You should now be connected.");
console.log(client.session.save()); // Save this string to avoid logging in again
await client.sendMessage("me", { message: "Hello!" });
})();
Note that you can also save auth key to a folder instead of a string, change
stringSession
into this:
const storeSession = new StoreSession("folder_name");
Be sure to save output of client.session.save()
into stringSession
or storeSession
variable to avoid logging in again.
GramJS works great in combination with frontend libraries such as React, Vue and others.
While working within browsers, GramJS is using localStorage
to cache the layers.
To get a browser bundle of GramJS, use the following command:
NODE_ENV=production npx webpack
You can also use the helpful script generate_webpack.js
node generate_webpack.js
To use raw telegram API methods use invoke function.
await client.invoke(new RequestClass(args));
General documentation, use cases, quick start, refer to gram.js.org, or older version of documentation (will be removed in the future).
For more advanced documentation refer to gram.js.org/beta (work in progress).
If your ISP is blocking Telegram, you can check My ISP blocks Telegram. How can I still use GramJS?
If you have any questions about GramJS, feel free to open an issue or ask directly in our telegram group - @GramJSChat.
FAQs
NodeJS/Browser MTProto API Telegram client library,
The npm package telegram receives a total of 39,807 weekly downloads. As such, telegram popularity was classified as popular.
We found that telegram demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.