Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
vk-dirty-api
Advanced tools
Changelog
3.0.2
babel-eslint
parser in ESLintbabel-cli
to 6.8.0 from 6.4.5fs-jetpack
to 0.9.0 from 0.8.0mocha
to 3.0.2 from 2.3.4eslint
to 3.5.0 from 2.5.0request-promise
to 4.0.2 from 3.0.0joi
to 9.0.4 from 8.0.1cheerio
to 0.22.0 from 0.20.0Readme
VK API for Node.js with authentication using login and password (the dirty way)
Sometimes it is needed to use VK API directly from the Node app, however, using either signing requests or OAuth allows access only to server-side methods. In order to 'overcome' this limitation, this dirty if you know what I mean way of getting access_token for VK API was developed
$ npm install vk-dirty-api --save
const vk = require('vk-dirty-api')
const credentials = {
client_id: 0, // application ID (available in app settings at https://vk.com/apps?act=manage)
login: 'user@example.com',
pass: 'your_super_secret_password',
phone: '+74951234567',
tokenStorage: new vk.TokenStorage() // built-in token storage that stores retrieved access token in file for
// further use
}
/**
* Retrieve access_token using credentials defined above
*/
vk.token(credentials)
.then(token => {
console.log(`Successfully authenticated (access_token: ${token})`)
/**
* Use built-in API call helper
*/
const api = vk.api(token)
/**
* Request current account info
*/
return api('account.getInfo', { fields: 'country' })
.then(info => console.log('Account info', info))
.catch(err => console.error('Unable to complete API request', err))
})
.catch(err => console.error('Unable to authenticate', err))
FAQs
Wrapper for using VK API within your project as a Standalone application
The npm package vk-dirty-api receives a total of 2 weekly downloads. As such, vk-dirty-api popularity was classified as not popular.
We found that vk-dirty-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.