
Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Official JavaScript client for the YNAB API. API documentation available at https://api.ynab.com. Generated from server specification version 1.74.0
Please read the YNAB API documentation for an overview of using the API and a complete list of available resources.
This client is generated using the OpenAPI Generator.
First, install the module with npm:
npm install ynab
Then, depending upon your usage context, add a reference to it:
const ynab = require("ynab");
import * as ynab from "ynab";
The API supports Cross Origin Resource Sharing (CORS) for asynchronous browser requests from any origin.
The dist/browser/ynab.js
file (located in node_modules/ynab after installation) is specifically built to run in a browser / window context and exports ynab
variable to global namespace. No other dependencies are needed.
<script src="ynab.js" async></script>
...
<script>
// This assignment is not necessary but demonstrates that
// once the library is loaded, the global 'ynab' object will be available.
var ynab = window.ynab;
</script>
A simple way to load the library in a browser is by using the unpkg CDN, which is a "fast, global content delivery network for everything on npm". To use it, include a script tag like this in your file:
<script src="https://unpkg.com/ynab@latest/dist/browser/ynab.js" async></script>
Using the "latest" tag will result in a 302 redirect to the latest version tag so it is highly recommended to use a specific version tag such as https://unpkg.com/ynab@1.5.0/dist/browser/ynab.js to avoid this redirect.
To use this client, you must obtain an access token from the Account Settings area of the YNAB web application.
const ynab = require("ynab");
const accessToken = "b43439eaafe2_this_is_fake_b43439eaafe2";
const ynabAPI = new ynab.API(accessToken);
(async function() {
const budgetsResponse = await ynabAPI.budgets.getBudgets();
const budgets = budgetsResponse.data.budgets;
for (let budget of budgets) {
console.log(`Budget Name: ${budget.name}`);
}
})();
If a response is returned with a code >= 300, instead of returning the response, the response will be thrown as an error to be caught.
const ynab = require("ynab");
const accessToken = "invalid_token";
const ynabAPI = new ynab.API(accessToken);
const budgetsResponse = ynabAPI.budgets
.getBudgets()
.then(budgetsResponse => {
// Won't get here because an error will be thrown
})
.catch(e => {
console.log(e);
// {
// error: {
// id: "401",
// name: "unauthorized",
// detail: "Unauthorized"
// }
// }
});
The API enforces Rate Limiting.
If the rate limit is exceeded, a 429
Error Response will be returned from the API which will result in an error being thrown in this library.
See the examples folder for example usage scenarios.
The following methods are available in this library.
There are several utilities available on the utils
export to make working
with ISO dates and milliunits a bit
easier.
// Returns the current month (system timezone) in ISO 8601 format (i.e. '2015-12-01')
utils.getCurrentMonthInISOFormat(): string;
// Returns the current date (system timezone) in ISO 8601 format (i.e. '2015-12-15')
utils.getCurrentDateInISOFormat(): string;
// Converts an ISO 8601 formatted string to a JS date object
utils.convertFromISODateString(isoDateString: string): Date;
// Converts a milliunits amount to a currency amount
utils.convertMilliUnitsToCurrencyAmount(milliunits: number, currencyDecimalDigits: number): number;
The version of this client is defined in the package.json
file and follows semantic versioning. The version of this client is maintained independently and does not align with the the version of YNAB API itself (which is defined in the OpenAPI spec). To determine which spec version of the YNAB API was used when generating this client you can refer to the "description" field in the package.json
file.
Copyright (c) 2022 You Need A Budget, LLC
Licensed under the Apache-2.0 license
FAQs
Official JavaScript client for the YNAB API. API documentation available at https://api.ynab.com. Generated from server specification version 1.74.0
The npm package ynab receives a total of 3,921 weekly downloads. As such, ynab popularity was classified as popular.
We found that ynab demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
Security News
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
Product
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.