Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
whatsapp-web.js-cloned-fixed
Advanced tools
Library for interacting with the WhatsApp Web API
A WhatsApp API client that connects through the WhatsApp Web browser app
It uses Puppeteer to run a real instance of Whatsapp Web to avoid getting blocked.
NOTE: I can't guarantee you will not be blocked by using this method, although it has worked for me. WhatsApp does not allow bots or unofficial clients on their platform, so this shouldn't be considered totally safe.
The module is now available on npm! npm i whatsapp-web.js
Please note that Node v12+ is required.
const { Client } = require('whatsapp-web.js');
const client = new Client();
client.on('qr', (qr) => {
// Generate and scan this code with your phone
console.log('QR RECEIVED', qr);
});
client.on('ready', () => {
console.log('Client is ready!');
});
client.on('message', msg => {
if (msg.body == '!ping') {
msg.reply('pong');
}
});
client.initialize();
Take a look at example.js for another example with more use cases.
For more information on saving and restoring sessions, check out the available Authentication Strategies.
Feature | Status |
---|---|
Multi Device | ✅ |
Send messages | ✅ |
Receive messages | ✅ |
Send media (images/audio/documents) | ✅ |
Send media (video) | ✅ (requires google chrome) |
Send stickers | ✅ |
Receive media (images/audio/video/documents) | ✅ |
Send contact cards | ✅ |
Send location | ✅ |
Send buttons | ✅ |
Send lists | ✅ (business accounts not supported) |
Receive location | ✅ |
Message replies | ✅ |
Join groups by invite | ✅ |
Get invite for group | ✅ |
Modify group info (subject, description) | ✅ |
Modify group settings (send messages, edit info) | ✅ |
Add group participants | ✅ |
Kick group participants | ✅ |
Promote/demote group participants | ✅ |
Mention users | ✅ |
Mute/unmute chats | ✅ |
Block/unblock contacts | ✅ |
Get contact info | ✅ |
Get profile pictures | ✅ |
Set user status message | ✅ |
React to messages | ✅ |
Something missing? Make an issue and let us know!
Pull requests are welcome! If you see something you'd like to add, please do. For drastic changes, please open an issue first.
You can support the maintainer of this project through the links below
This project is not affiliated, associated, authorized, endorsed by, or in any way officially connected with WhatsApp or any of its subsidiaries or its affiliates. The official WhatsApp website can be found at https://whatsapp.com. "WhatsApp" as well as related names, marks, emblems and images are registered trademarks of their respective owners.
Copyright 2019 Pedro S Lopez
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this project except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
Library for interacting with the WhatsApp Web API
The npm package whatsapp-web.js-cloned-fixed receives a total of 0 weekly downloads. As such, whatsapp-web.js-cloned-fixed popularity was classified as not popular.
We found that whatsapp-web.js-cloned-fixed demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.