Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
By Sarah Gooding - Sep 12, 2025
use-spotify-player
Advanced tools
use-spotify-player
A hook for consuming the Spotify APIs to play music locally and remotely.
use-spotify-player
A React hook for using the Spotify Web Player for both local and remote playback.
The Spotify APIs and their terms are available here.
Installation
Yarn
yarn add use-spotify-player
NPM
npm i use-spotify-player
Basic Usage
The hook handles everything from player client creation to Web API requests to manage playback. It simply needs your Spotify access token, scoped for web playback, an optional poll period, and callback when the playback context or track has changed.
Access Token
An access token is necessary for the Spotify Web Player client creation, unfortunately, so you will need to handle your token in your front end. For security, your access token should be as limited as possible in terms of scope, to prevent token misuse.
e.g.
[
"streaming",
"user-read-email", // I have found this is necessary for playback, YMMV
"user-read-private",
"user-read-playback-state",
"user-modify-playback-state"
];
More on Spotify Authorization Scopes
Example
import React, { useCallback } from "react";
import { Context, useSpotifyPlayer } from "use-spotify-player";
const POLL_PERIOD = 1000; // ms
export const SpotifyPlayback = (props) => {
const { token } = props;
const handlePlayingContext = useCallback((ctx: Context | null) => {
// do something with the context, either the track or context (album, playlist) has changed
}, []);
const {
context,
deviceId,
devices,
disabled,
duration,
paused,
position,
repeat,
shuffle,
volume,
handleNextTrack,
handlePlay,
handlePreviousTrack,
handleRepeat,
handleSeek,
handleShuffle,
handleVolumeChange,
getAvailableDevices,
transferPlayback,
} = useSpotifyPlayer({
token,
pollPeriod: POLL_PERIOD,
onContextChanged: handlePlayingContext
});
return (
<div>
{ /* A component that renders the track metadata */ }
<div>
{context?.current && <SongInfo track={context?.current} />}
</div>
{ /* A component that renders the player controls and track slider */ }
<PlayControls
disabled={disabled}
duration={duration}
paused={paused}
position={position}
repeat={repeat}
shuffle={shuffle}
onPlay={() => handlePlay(true)}
onPause={() => handlePlay(false)}
onNextTrack={handleNextTrack}
onPreviousTrack={handlePreviousTrack}
onRepeat={handleRepeat}
onSeek={handleSeek}
onShuffle={handleShuffle}
/>
{ /* A component that renders a device menu and the player' volume */ }
<DeviceMenu
deviceId={deviceId}
devices={devices}
disabled={disabled}
volume={volume}
onVolume={handleVolumeChange}
getAvailableDevices={getAvailableDevices}
transferPlayback={transferPlayback}
/>
</div>
);
}
TODO
- Tests
Bugs
- Context flickers occasionally when next or previous tracks are requested too quickly
FAQs
A hook for consuming the Spotify APIs to play music locally and remotely.
We found that use-spotify-player demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 09 Aug 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Introducing Custom Pull Request Alert Comment Headers
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
By André Staltz - Sep 12, 2025
Product
Rust Support Now in Beta
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.
By Mikola Lysenko, Trevor Norris - Sep 11, 2025