Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
tinygram
Advanced tools
Changelog
Readme
Tiny Telegram Bot API client library with TypeScript types.
Automatically generated from telegram-bot-api-spec.
Import in Node.js:
import { initTgBot } from "tinygram";
Import in Deno:
import { initTgBot } from "https://deno.land/x/tinygram/mod.ts";
Initialize the bot:
const botToken = "YOUR_BOT_TOKEN";
const tgBot = initTgBot({ botToken });
Call the API:
const botUser = await tgBot.getMe();
console.log(botUser.username);
Get updates:
for await (const update of tgBot.listUpdates({ timeout: 10 })) {
console.log(update);
}
Download a file:
const botUser = await tgBot.getMe();
const botPhoto = await tgBot.getUserProfilePhotos({ user_id: botUser.id });
const botPhotoFileId = botPhoto.photos[0]?.[0]?.file_id;
const botPhotoFile = await tgBot.getFile({ file_id: botPhotoFileId });
const botPhotoBlob = await tgBot.getFileData(botPhotoFile.file_path);
// Save to file
await writeFile("bot.jpg", botPhotoBlob.stream());
// Set as img src
img.src = URL.createObjectURL(botPhotoBlob);
Example - Echo bot:
for await (const update of tgBot.listUpdates({ timeout: 10 })) {
if (update.message) {
const message = update.message;
if (message.chat.type === "private" && message.text) {
console.log(`Received message from ${message.from.first_name}: ${message.text}`);
await tgBot.sendMessage({ chat_id: message.chat.id, text: message.text });
}
}
}
Auto-abort all requests after a timeout by default:
const tgBot = initTgBot({
botToken: "YOUR_BOT_TOKEN",
fetch: (url, init) => fetch(url, { ...init, signal: init.signal ?? AbortSignal.timeout(10_000) }),
});
If you're using Node.js without fetch support, you need to polyfill it or pass a custom fetch as an argument.
import fetch from "node-fetch";
const tgBot = initTgBot({ token: "YOUR_BOT_TOKEN", fetch });
If you're sending files, you need FormData too.
import fetch, { FormData } from "node-fetch";
const tgBot = initTgBot({ token: "YOUR_BOT_TOKEN", fetch, FormData });
The library is only available as a module. If you're using CommonJS, you must import it using dynamic import:
const { initTgBot } = await import("tinygram");
This library requires Proxy support, because the bot instance is actually a proxy.
FAQs
Tiny Telegram Bot API client library with TypeScript types.
We found that tinygram demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.