Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
ynab
Official JavaScript client for the YNAB API. API documentation available at https://api.ynab.com. Generated from server specification version 1.74.0
YNAB API JavaScript Library
Please read the YNAB API documentation for an overview of using the API and a complete list of available resources.
This client is generated using the OpenAPI Generator.
Installation
First, install the module with npm:
npm install ynab
Then, depending upon your usage context, add a reference to it:
CommonJS / Node
const ynab = require("ynab");
ESM / TypeScript
import * as ynab from "ynab";
Browser
The API supports Cross Origin Resource Sharing (CORS) for asynchronous browser requests from any origin.
The dist/browser/ynab.js file (located in node_modules/ynab after installation) is specifically built to run in a browser / window context and exports ynab variable to global namespace. No other dependencies are needed.
<script src="ynab.js" async></script>
...
<script>
// This assignment is not necessary but demonstrates that
// once the library is loaded, the global 'ynab' object will be available.
var ynab = window.ynab;
</script>
CDN
A simple way to load the library in a browser is by using the unpkg CDN, which is a "fast, global content delivery network for everything on npm". To use it, include a script tag like this in your file:
<script src="https://unpkg.com/ynab@latest/dist/browser/ynab.js" async></script>
Using the "latest" tag will result in a 302 redirect to the latest version tag so it is highly recommended to use a specific version tag such as https://unpkg.com/ynab@1.5.0/dist/browser/ynab.js to avoid this redirect.
Usage
To use this client, you must obtain an access token from the Account Settings area of the YNAB web application.
const ynab = require("ynab");
const accessToken = "b43439eaafe2_this_is_fake_b43439eaafe2";
const ynabAPI = new ynab.API(accessToken);
(async function() {
const budgetsResponse = await ynabAPI.budgets.getBudgets();
const budgets = budgetsResponse.data.budgets;
for (let budget of budgets) {
console.log(`Budget Name: ${budget.name}`);
}
})();
Error Handling
If a response is returned with a code >= 300, instead of returning the response, the response will be thrown as an error to be caught.
const ynab = require("ynab");
const accessToken = "invalid_token";
const ynabAPI = new ynab.API(accessToken);
const budgetsResponse = ynabAPI.budgets
.getBudgets()
.then(budgetsResponse => {
// Won't get here because an error will be thrown
})
.catch(e => {
console.log(e);
// {
// error: {
// id: "401",
// name: "unauthorized",
// detail: "Unauthorized"
// }
// }
});
Rate Limiting
The API enforces Rate Limiting.
If the rate limit is exceeded, a 429 Error Response will be returned from the API which will result in an error being thrown in this library.
Examples
See the examples folder for example usage scenarios.
Methods
The following methods are available in this library.
Utilities
There are several utilities available on the utils export to make working
with ISO dates and milliunits a bit
easier.
// Returns the current month (system timezone) in ISO 8601 format (i.e. '2015-12-01')
utils.getCurrentMonthInISOFormat(): string;
// Returns the current date (system timezone) in ISO 8601 format (i.e. '2015-12-15')
utils.getCurrentDateInISOFormat(): string;
// Converts an ISO 8601 formatted string to a JS date object
utils.convertFromISODateString(isoDateString: string): Date;
// Converts a milliunits amount to a currency amount
utils.convertMilliUnitsToCurrencyAmount(milliunits: number, currencyDecimalDigits: number): number;
Versioning
The version of this client is defined in the package.json file and follows semantic versioning. The version of this client is maintained independently and does not align with the the version of YNAB API itself (which is defined in the OpenAPI spec). To determine which spec version of the YNAB API was used when generating this client you can refer to the "description" field in the package.json file.
License
Copyright (c) 2022 You Need A Budget, LLC
Licensed under the Apache-2.0 license
Keywords
FAQs
Official JavaScript client for the YNAB API. API documentation available at https://api.ynab.com. Generated from server specification version 1.74.0
The npm package ynab receives a total of 3,921 weekly downloads. As such, ynab popularity was classified as popular.
We found that ynab demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 20 Mar 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025