Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
whatsapp-api-js
Advanced tools
A TypeScript server agnostic Whatsapp's Official API framework.
Before all, you will need a Meta Bussiness App with WhatsApp API activated. You can create your first app following this steps.
You can now install the module using npm:
npm install whatsapp-api-js
Which will let you write code like this:
import { WhatsAppAPI } from "whatsapp-api-js";
import { Document, Image, Text } from "whatsapp-api-js/messages";
// Kind reminder to not hardcode your token and secret
const TOKEN = "YOUR_TOKEN";
const APP_SECRET = "YOUR_SECRET";
/** @type WhatsAppAPI<number> */
const Whatsapp = new WhatsAppAPI({ token: TOKEN, appSecret: APP_SECRET });
// Assuming post is called on a POST request to your server
async function post(e) {
// Too long? Read https://whatsappapijs.web.app/modules/middleware.html
return await Whatsapp.post(
JSON.parse(e.data),
e.data,
e.headers["x-hub-signature-256"]
);
}
Whatsapp.on.message = async ({ phoneID, from, message, name, reply }) => {
console.log(
`User ${name} (${from}) sent to bot ${phoneID} ${JSON.stringify(
message
)}`
);
let response;
if (message.type === "text") {
response = await reply(
new Text(`*${name}* said:\n\n${message.text.body}`),
true
);
}
if (message.type === "image") {
response = await reply(
new Image(message.image.id, true, `Nice photo, ${name}`)
);
}
if (message.type === "document") {
response = await reply(
new Document(message.document.id, true, undefined, "Our document")
);
}
console.log(
response ??
"There are more types of messages, such as contacts, " +
"locations, templates, interactive, reactions and " +
"all the other media types."
);
Whatsapp.markAsRead(phoneID, message.id);
return 200;
};
Whatsapp.on.sent = ({ phoneID, to, message }) => {
console.log(`Bot ${phoneID} sent to user ${to} ${message}`);
};
To receive the messages updates, you must set-up the webhook at your Meta app. Back in the dashboard, click on WhatsApp > Settings, write down your webhook URL, and make sure to subscribe to the messages event. You will also be asked for a Verify Token. This can be any string you want.
The package also includes a GET handler for the webhook authentication:
import { WhatsAppAPI } from "whatsapp-api-js";
const TOKEN = "YOUR_TOKEN";
const APP_SECRET = "YOUR_SECRET";
const VERIFY_TOKEN = "YOUR_VERIFY_TOKEN";
const Whatsapp = new WhatsAppAPI({
token: TOKEN,
appSecret: APP_SECRET,
webhookVerifyToken: VERIFY_TOKEN
});
// Assuming get is called on a GET request to your server
function get(e) {
// Too long!? Read https://whatsappapijs.web.app/modules/middleware.html
return Whatsapp.get(e.query);
}
And that's it! Now you have a functioning Whatsapp Bot connected to your server. For more information on the setup process for specific runtimes and frameworks, check out the Environments.md file.
There are a few examples that cover how to create each type of message, and how to use the basic methods of the library.
Check them out in the examples folder.
The library is fully typed. Most types are available by importing /types
or
/emitters
files:
import { GetParams, PostData } from "whatsapp-api-js/types";
import { OnMessage, OnSent, OnStatus } from "whatsapp-api-js/emitters";
To know what changed between updates, check out the releases on Github.
The latest release documentation is available at whatsappapijs.web.app, and previous versions are archived at secreto31126.github.io/whatsapp-api-js.
Diego Carrillo 💵 | Omar 🐛 💵 | Rahul Lanjewar 💻 📖 🤔 | Felix Arjuna 🐛 🛡️ |
If you have some free time and really want to improve the library or fix dumb bugs, feel free to read CONTRIBUTING.md file.
You can get a full list of breaking changes in the BREAKING.md file.
Install the latest beta release with npm install whatsapp-api-js@beta
. As any
beta, it is 110% likely to break. I also use this tag to test npm releases. Use
it at your own risk.
FAQs
A TypeScript server agnostic Whatsapp's Official API framework
We found that whatsapp-api-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.