Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
twitter-api-v2
Advanced tools
Strongly typed, full-featured, light, versatile yet powerful Twitter API v1.1 and v2 client for Node.js.
The twitter-api-v2 npm package is a comprehensive library for interacting with the Twitter API v2. It allows developers to perform a wide range of actions such as posting tweets, retrieving user information, managing direct messages, and more. The package is designed to be easy to use and supports both REST and streaming APIs.
Posting a Tweet
This feature allows you to post a tweet to your Twitter account. The code sample demonstrates how to initialize the TwitterApi client with an access token and post a tweet saying 'Hello, world!'.
const { TwitterApi } = require('twitter-api-v2');
const client = new TwitterApi('YOUR_ACCESS_TOKEN');
async function postTweet() {
const tweet = await client.v2.tweet('Hello, world!');
console.log(tweet);
}
postTweet();
Fetching User Information
This feature allows you to fetch information about a specific Twitter user by their username. The code sample shows how to retrieve and log the user information for the 'TwitterDev' account.
const { TwitterApi } = require('twitter-api-v2');
const client = new TwitterApi('YOUR_ACCESS_TOKEN');
async function getUserInfo() {
const user = await client.v2.userByUsername('TwitterDev');
console.log(user);
}
getUserInfo();
Streaming Tweets
This feature allows you to stream tweets in real-time based on certain criteria. The code sample demonstrates how to set up a stream to listen for tweets and log the tweet data as it comes in.
const { TwitterApi } = require('twitter-api-v2');
const client = new TwitterApi('YOUR_ACCESS_TOKEN');
async function streamTweets() {
const stream = await client.v2.searchStream({ 'tweet.fields': ['author_id'] });
for await (const { data } of stream) {
console.log(data);
}
}
streamTweets();
The 'twit' package is another popular library for interacting with the Twitter API. It supports both REST and streaming APIs, similar to twitter-api-v2. However, 'twit' is designed for the older Twitter API v1.1, whereas twitter-api-v2 is specifically for the newer API v2.
The 'twitter-lite' package is a lightweight alternative for interacting with the Twitter API. It supports both REST and streaming APIs and is designed to be minimalistic and efficient. While it can be used with both API v1.1 and v2, it may lack some of the more advanced features and ease of use provided by twitter-api-v2.
The 'node-twitter-api' package provides a simple interface for interacting with the Twitter API. It supports basic functionalities such as posting tweets and fetching user information. However, it is less comprehensive and may not support all the features available in twitter-api-v2.
Strongly typed, full-featured, light, versatile yet powerful Twitter API v1.1 and v2 client for Node.js.
Main maintainer: @alkihis -
Twitter will significantly reduce its API capabilities by end of April (see this thread).
This change has major implications, and as a result, this library may no longer be maintained.
We are disappointed and discouraged by the recent turn of events at Twitter since the takeover by Elon Musk. We are saddened to see that much of the hard work of the past few years on the API, led by an amazing team including @andypiper, has been shelved.
For a more detailed explanation, please see this discussion.
✅ Ready for v2 and good ol' v1.1 Twitter API
✅ Light: No dependencies, 23kb minified+gzipped
✅ Bundled types for request parameters and responses
✅ Streaming support
✅ Pagination utils
✅ User-context authentication with OAuth2
✅ Media upload helpers
Install it through your favorite package manager:
yarn add twitter-api-v2
# or
npm i twitter-api-v2
Here's a quick example of usage:
import { TwitterApi } from 'twitter-api-v2';
// Instantiate with desired auth type (here's Bearer v2 auth)
const twitterClient = new TwitterApi('<YOUR_APP_USER_TOKEN>');
// Tell typescript it's a readonly app
const readOnlyClient = twitterClient.readOnly;
// Play with the built in methods
const user = await readOnlyClient.v2.userByUsername('plhery');
await twitterClient.v2.tweet('Hello, this is a test.');
// You can upload media easily!
await twitterClient.v1.uploadMedia('./big-buck-bunny.mp4');
Sometimes, you just want to quickly bootstrap an application using the Twitter API. Even though there are a lot of libraries available on the JavaScript ecosystem, they usually just provide wrappers around HTTP methods, and some of them are bloated with many dependencies.
twitter-api-v2
is meant to provide full endpoint wrapping, from method name to response data,
using descriptive typings for read/write/DMs rights, request parameters and response payload.
A small feature comparison with other libs:
Here's everything twitter-api-v2
can do:
GET
, POST
, PUT
, DELETE
and PATCH
),
that handle query string parse & format, automatic body formatting and moreAnd last but not least, fully powered by native Promise
s.
Learn how to use the full potential of twitter-api-v2
.
Official plugins for twitter-api-v2
:
@twitter-api-v2/plugin-token-refresher
: Handle OAuth 2.0 (user-context) token refreshing for you@twitter-api-v2/plugin-rate-limit
: Access and store automatically rate limit data@twitter-api-v2/plugin-cache-redis
: Store responses in a Redis store and serve cached responsesFAQs
Strongly typed, full-featured, light, versatile yet powerful Twitter API v1.1 and v2 client for Node.js.
The npm package twitter-api-v2 receives a total of 87,077 weekly downloads. As such, twitter-api-v2 popularity was classified as popular.
We found that twitter-api-v2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.