wileys - npm Package Compare versions

Comparing version 0.4.9 to 0.5.0

lib/Socket/chats.js

@@ -40,2 +40,6 @@ "use strict";
     });
+    const receivedMessageDedupCache = new node_cache_1.default({
+        stdTTL: 3 * 60,
+        useClones: false
+    });
     if (!config.placeholderResendCache) {
@@ -732,4 +736,25 @@ config.placeholderResendCache = placeholderResendCache;
     };
+    const canonicalizeUserJid = (jid) => {
+        if (!jid) {
+            return jid;
+        }
+        if ((0, WABinary_1.isLidUser)(jid)) {
+            return (0, WABinary_1.lidToJid)(jid);
+        }
+        return jid;
+    };
+    const buildMessageDedupKey = (msg) => {
+        var _a;
+        const remoteJid = canonicalizeUserJid(msg.key.remoteJid);
+        const participant = canonicalizeUserJid(msg.key.participant);
+        const stanzaId = (_a = msg.messageContextInfo) === null || _a === void 0 ? void 0 : _a.stanzaId;
+        return [remoteJid, participant, msg.key.id, msg.key.fromMe ? '1' : '0', stanzaId || ''].join('|');
+    };
     const upsertMessage = ev.createBufferedFunction(async (msg, type) => {
         var _a, _b, _c;
+        const dedupKey = buildMessageDedupKey(msg);
+        if (receivedMessageDedupCache.get(dedupKey)) {
+            logger.debug({ dedupKey, messageId: msg.key.id, type }, 'skipping duplicate messages.upsert');
+            return;
+        }
         ev.emit('messages.upsert', { messages: [msg], type });
@@ -805,2 +830,3 @@ if (!!msg.pushName) {
         }
+        receivedMessageDedupCache.set(dedupKey, true);
     });
@@ -918,2 +944,2 @@ ws.on('CB:presence', handlePresenceUpdate);
 };
-exports.makeChatsSocket = makeChatsSocket;
+exports.makeChatsSocket = makeChatsSocket;

lib/Socket/messages-recv.js

@@ -36,3 +36,51 @@ "use strict";
     });
+    const groupParticipantJidCache = new node_cache_1.default({
+        stdTTL: 10 * 60, // 10 mins
+        useClones: false
+    });
+    const groupMetadataWarmupCache = new node_cache_1.default({
+        stdTTL: 60, // avoid repeated warmup calls per group
+        useClones: false
+    });
     let sendActiveReceipts = false;
+    const cacheGroupParticipants = (metadata) => {
+        for (const participant of metadata.participants || []) {
+            if (!participant.id || !participant.jid) {
+                continue;
+            }
+            groupParticipantJidCache.set(`${metadata.id}:${participant.id}`, participant.jid);
+            if (participant.lid) {
+                groupParticipantJidCache.set(`${metadata.id}:${participant.lid}`, participant.jid);
+            }
+        }
+    };
+    const warmupGroupParticipants = async (groupJid) => {
+        if (groupMetadataWarmupCache.get(groupJid)) {
+            return;
+        }
+        groupMetadataWarmupCache.set(groupJid, true);
+        try {
+            const metadata = await groupMetadata(groupJid);
+            cacheGroupParticipants(metadata);
+        }
+        catch (error) {
+            logger.debug({ error, groupJid }, 'failed to warm up group participant cache');
+        }
+    };
+    const resolveGroupParticipantJid = async (groupJid, participantLid) => {
+        const cacheKey = `${groupJid}:${participantLid}`;
+        const cachedParticipant = groupParticipantJidCache.get(cacheKey);
+        if (cachedParticipant) {
+            return cachedParticipant;
+        }
+        try {
+            const metadata = await groupMetadata(groupJid);
+            cacheGroupParticipants(metadata);
+            return groupParticipantJidCache.get(cacheKey);
+        }
+        catch (error) {
+            logger.debug({ error, groupJid, participantLid }, 'failed to resolve group participant jid');
+            return undefined;
+        }
+    };
     const sendMessageAck = async ({ tag, attrs, content }, errorCode) => {
@@ -782,8 +830,10 @@ const stanza = {
                             if (msg.message.extendedTextMessage.contextInfo) {
-                                const metadata = await groupMetadata(msg.key.remoteJid);
                                 const sender = msg.message.extendedTextMessage.contextInfo.participant;
-                                const found = metadata.participants.find(p => p.id === sender);
-                                msg.message.extendedTextMessage.contextInfo.participant = (found === null || found === void 0 ? void 0 : found.jid) || sender;
+                                const resolvedSender = await resolveGroupParticipantJid(msg.key.remoteJid, sender);
+                                msg.message.extendedTextMessage.contextInfo.participant = resolvedSender || sender;
                             }
                         }
+                        else if ((0, WABinary_1.isJidGroup)(msg.key.remoteJid)) {
+                            void warmupGroupParticipants(msg.key.remoteJid);
+                        }
                         if (!(0, WABinary_1.isJidGroup)(msg.key.remoteJid) && (0, WABinary_1.isLidUser)(msg.key.remoteJid)) {
@@ -790,0 +840,0 @@ msg.key.remoteJid = node.attrs.sender_pn || node.attrs.peer_recipient_pn;

package.json

 {
   "name": "wileys",
-  "version": "0.4.9",
+  "version": "0.5.0",
   "description": "WhatsApp Web API Library",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Fixed alerts

Shell access

Supply chain risk

This module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 2 instances in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

URL strings

Supply chain risk

Package contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9802368

0.03%

Lines of code

31459

0.25%

No dependency changes