Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Disclaimer: This repository and any associated code are provided "as is" without warranty of any kind, either expressed or implied. The author of this repository does not accept any responsibility for the use or misuse of this repository or its contents. The author does not endorse any actions or consequences arising from the use of this repository. Any copies, forks, or re-uploads made by other users are not the responsibility of the author. The repository is solely intended as a Proof Of Concept for educational purposes regarding the use of a service's private API. By using this repository, you acknowledge that the author makes no claims about the accuracy, legality, or safety of the code and accepts no liability for any issues that may arise. More information can be found HERE.
Welcome to SpotAPI! This Python library is designed to interact with the private and public Spotify APIs, emulating the requests typically made through a web browser. This wrapper provides a convenient way to access Spotify’s rich set of features programmatically.
Note: This project is intended solely for educational purposes and should be used responsibly. Accessing private endpoints and scraping data without proper authorization may violate Spotify's terms of service.
Everything you can do with Spotify, SpotAPI can do with just a user’s login credentials.
pip install spotapi
from spotapi import (
Login,
Config,
NoopLogger,
solver_clients,
PrivatePlaylist,
MongoSaver
)
cfg = Config(
solver=solver_clients.Capsolver("YOUR_API_KEY", proxy="YOUR_PROXY"), # Proxy is optional
logger=NoopLogger(),
# You can add a proxy by passing a custom TLSClient
)
instance = Login(cfg, "YOUR_PASSWORD", email="YOUR_EMAIL")
# Now we have a valid Login instance to pass around
instance.login()
# Do whatever you want now
playlist = PrivatePlaylist(instance)
playlist.create_playlist("SpotAPI Showcase!")
# Save the session
instance.save(MongoSaver())
"""Here's the example from spotipy https://github.com/spotipy-dev/spotipy?tab=readme-ov-file#quick-start"""
from spotapi import Song
song = Song()
gen = song.paginate_songs("weezer")
# Paginates 100 songs at a time till there's no more
for batch in gen:
for idx, item in enumerate(batch):
print(idx, item['item']['data']['name'])
# ^ ONLY 6 LINES OF CODE
# Alternatively, you can query a specfic amount
songs = song.query_songs("weezer", limit=20)
data = songs["data"]["searchV2"]["tracksV2"]["items"]
for idx, item in enumerate(data):
print(idx, item['item']['data']['name'])
0 Island In The Sun
1 Say It Ain't So
2 Buddy Holly
.
.
.
18 Holiday
19 We Are All On d***s
If you prefer not to use a third party CAPTCHA solver, you can import cookies to manage your session.
Choose a Session Saver:
JSONSaver
, especially if performance or quantity of sessions is not a big concern.Prepare Session Data:
identifier
: This should be your email address or username.cookies
: These are the cookies you obtain when logged in. To get these cookies, visit Spotify, log in, and copy the cookies from your browser.
Load the Session:
Login.from_saver
(or your own implementation) to load the session from cache. This will enable you to use Spotify with a fully functional session without needing additional CAPTCHA solving.Contributions are welcome! If you find any issues or have suggestions, please open an issue or submit a pull request.
I'll most likely do these if the project gains some traction
This project is licensed under the GPL 3.0 License. See LICENSE for details.
FAQs
A sleek API wrapper for Spotify's private API
We found that spotapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.