
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
twitch-api-helix
Advanced tools
This is a simple module to interact with Twitch Helix API. Fully written in TypeScript.
npm install twitch-api-helix
yarn add twitch-api-helix
Then you must Register your Twitch application to get your CLIENT_ID
and CLIENT_SECRET
, the package will take care of the OAuth2 process.
You will just need to provide the CLIENT_ID
and CLIENT_SECRET
to the constructor, feel free to store them in a .env
file.
Feeld free to check the Twitch Helix API Reference for more information.
import TwitchApi from "twitch-api-helix";
const twitchApi = new TwitchApi(
process.env.CLIENT_ID,
process.env.CLIENT_SECRET
);
Refresh the access token, you can call this method manually but it will be called automatically when a request is made and the access token is expired.
twitchApi.authentication.refreshAccessToken();
Validate the access token, if it is valid nothing will happen, if it is not valid it will be refreshed.
twitchApi.authentication.validateAccessToken();
type TwitchClipsRequestParams = (
| {
broadcaster_id: string;
}
| {
game_id: string;
}
| {
id: string;
}
) & {
first?: number;
started_at?: string;
ended_at?: string;
after?: string;
before?: string;
};
type TwitchClipsResponseBody = {
data: TwitchClip[];
pagination?:
| {
cursor: string;
}
| undefined;
};
type TwitchClip = {
id: string;
url: string;
embed_url: string;
broadcaster_id: string;
broadcaster_name: string;
creator_id: string;
creator_name: string;
video_id: string;
game_id: string;
language: string;
title: string;
view_count: number;
created_at: string;
thumbnail_url: string;
duration: number;
vod_offset: number;
};
Get clips by ID.
twitchApi.clips.getClips({
id: "123456789",
});
Get clips by broadcaster ID
twitchApi.clips.getClips({
broadcaster_id: "123456789",
first: 10,
});
Get clips by game ID
twitchApi.clips.getClips({
game_id: "123456789",
first: 10,
});
type TwitchGamesRequestParams =
| {
id: string;
}
| {
name: string;
}
| {
igdb_id: string;
};
type TwitchGamesResponseBody = {
data: TwitchGame[];
pagination?:
| {
cursor: string;
}
| undefined;
};
type TwitchGame = {
id: string;
name: string;
box_art_url: string;
igdb_id?: number;
};
Get games by ID.
twitchApi.games.getGame({
id: "123456789",
});
Get games by name.
twitchApi.games.getGame({
name: "Fortnite",
});
Get games by IGDB ID.
twitchApi.games.getGame({
igdb_id: "123456789",
});
type TwitchUsersRequestParams =
| {
id: string;
}
| {
login: string;
};
type TwitchUsersResponseBody = {
data: TwitchUser[];
pagination?:
| {
cursor: string;
}
| undefined;
};
type TwitchUser = {
id: string;
login: string;
display_name: string;
type: string;
broadcaster_type: string;
description: string;
profile_image_url: string;
offline_image_url: string;
email: string;
created_at: string;
};
Get users by ID.
twitchApi.users.getUser({
id: "123456789",
});
Get users by login.
twitchApi.users.getUser({
login: "Somindras",
});
FAQs
Twitch API wrapper for Node.js
The npm package twitch-api-helix receives a total of 0 weekly downloads. As such, twitch-api-helix popularity was classified as not popular.
We found that twitch-api-helix demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.