Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
twitter-autohook
Advanced tools
twitter-autohook
Automatically setup and serve webhooks for the Twitter Account Activity API
Autohook 🎣
Autohook configures and manages Twitter webhooks for you. Zero configuration. Just run and go!
- 🚀 Spawns a server for you
- ⚙️ Registers a webhook (it removes existing webhooks if you want, and you can add more than one webhook if your Premium subscription supports it)
- ✅ Performs the CRC validation when needed
- 📝 Subscribes to your current user's context (you can always subscribe more users if you need)
- 🎧 Exposes a listener so you can pick up Account Activity events and process the ones you care about
Usage
You can use Autohook as a module or as a command-line tool.
Node.js module
const { Autohook } = require('twitter-autohook');
(async ƛ => {
const webhook = new Autohook();
// Removes existing webhooks
await webhook.removeWebhooks();
// Listens to incoming activity
webhook.on('event', event => console.log('Something happened:', event));
// Starts a server and adds a new webhook
await webhook.start();
// Subscribes to a user's activity
await webhook.subscribe({oauth_token, oauth_token_secret});
})();
Command line
Starting Autohook from the command line is useful when you need to test your connection and subscriptions.
When started from the command line, Autohook simply provisions a webhook, subscribes your user (unless you specify --do-not-subscribe-me), and echoes incoming events to stdout.
# Starts a server, removes any existing webhook, adds a new webhook, and subscribes to the authenticating user's activity.
$ autohook -rs
# All the options
$ autohook --help
OAuth
Autohook works only when you pass your OAuth credentials. You won't have to figure out OAuth by yourself – Autohook will work that out for you.
You can pass your OAuth credentials in a bunch of ways.
Dotenv (~/.env.twitter)
Create a file named ~/.env.twitter (sits in your home dir) with the following variables:
TWITTER_CONSUMER_KEY= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ API key
TWITTER_CONSUMER_SECRET= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ API secret key
TWITTER_ACCESS_TOKEN= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ Access token
TWITTER_ACCESS_TOKEN_SECRET= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ Access token secret
TWITTER_WEBHOOK_ENV= # https://developer.twitter.com/en/account/environments ➡️ One of 'Dev environment label' or 'Prod environment label'
NGROK_AUTH_TOKEN= # https://ngrok.com/ - (optional) Create a free account to get your auth token for stable tunnels
Autohook will pick up these details automatically, so you won't have to specify anything in code or via CLI.
Env variables
Useful when you're deploying to remote servers, and can be used in conjunction with your dotenv file.
# To your current environment
export TWITTER_CONSUMER_KEY= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ API key
export TWITTER_CONSUMER_SECRET= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ API secret key
export TWITTER_ACCESS_TOKEN= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ Access token
export TWITTER_ACCESS_TOKEN_SECRET= # https://developer.twitter.com/en/apps ➡️ Your app ID ➡️ Details ➡️ Access token secret
export TWITTER_WEBHOOK_ENV= # https://developer.twitter.com/en/account/environments ➡️ One of 'Dev environment label' or 'Prod environment label'
export NGROK_AUTH_TOKEN= # https://ngrok.com/ - (optional) Create a free account to get your auth token for stable tunnels
# To other services, e.g. Heroku
heroku config:set TWITTER_CONSUMER_KEY=value TWITTER_CONSUMER_SECRET=value TWITTER_ACCESS_TOKEN=value TWITTER_ACCESS_TOKEN_SECRET=value TWITTER_WEBHOOK_ENV=value NGROK_AUTH_TOKEN=value
Directly
Not recommended, because you should always secure your credentials.
Node.js
new Autohook({
token: 'value',
token_secret: 'value',
consumer_key: 'value',
consumer_secret: 'value',
ngrok_secret: 'value', // optional
env: 'env',
port: 1337
});
CLI
$ autohook \
--token $TWITTER_ACCESS_TOKEN \
--secret $TWITTER_ACCESS_TOKEN_SECRET \
--consumer-key $TWITTER_CONSUMER_KEY \
--consumer-secret $TWITTER_CONSUMER_SECRET \
--env $TWITTER_WEBHOOK_ENV \
--ngrok-secret $NGROK_AUTH_TOKEN # optional
Install
# npm
$ npm i -g twitter-autohook
# Yarn
$ yarn global add twitter-autohook
Keywords
FAQs
Automatically setup and serve webhooks for the Twitter Account Activity API
The npm package twitter-autohook receives a total of 0 weekly downloads. As such, twitter-autohook popularity was classified as not popular.
We found that twitter-autohook demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Package last updated on 06 Aug 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
38% of CISOs Fear They’re Not Moving Fast Enough on AI
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
By Sarah Gooding - Feb 04, 2025
Research
Security News
Go Supply Chain Attack: Malicious Package Exploits Go Module Proxy Caching for Persistence
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
By Kirill Boychenko - Feb 04, 2025