@vicociv/instaloader 0.2.0 → 0.3.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,5 +1,14 @@
 # @vicociv/instaloader
 
+[![npm version](https://img.shields.io/npm/v/@vicociv/instaloader.svg)](https://www.npmjs.com/package/@vicociv/instaloader)
+[![npm downloads](https://img.shields.io/npm/dm/@vicociv/instaloader.svg)](https://www.npmjs.com/package/@vicociv/instaloader)
+[![npm bundle size](https://img.shields.io/bundlephobia/minzip/@vicociv/instaloader)](https://bundlephobia.com/package/@vicociv/instaloader)
+[![CI](https://github.com/star8ks/instaloader.js/actions/workflows/ci.yml/badge.svg)](https://github.com/star8ks/instaloader.js/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/star8ks/instaloader.js/branch/main/graph/badge.svg)](https://codecov.io/gh/star8ks/instaloader.js)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.3-blue.svg)](https://www.typescriptlang.org/)
+[![Node.js](https://img.shields.io/badge/Node.js-%3E%3D18-green.svg)](https://nodejs.org/)
+
 TypeScript port of [instaloader](https://github.com/instaloader/instaloader) - Download Instagram content (posts, stories, profiles) with metadata.
 
 ## Installation
@@ -384,3 +393,9 @@ import {
 ## License
 
 MIT
+
+## Buy Me a Coffee
+
+If you find this project helpful, consider supporting its development:
+
+[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/nickyoung)

package/dist/index.d.mts

@@ -543,7 +543,7 @@ declare class InstaloaderContext {
     readonly quiet: boolean;
     readonly iphoneSupport: boolean;
     readonly fatalStatusCodes: number[];
-    private _cookieJar;
+    private _cookieStore;
     private _csrfToken;
     private _username;
     private _userId;
@@ -610,7 +610,7 @@ declare class InstaloaderContext {
      */
     updateCookies(cookies: CookieData): void;
     /**
-     * Build cookie header string from cookie jar.
+     * Build cookie header string from cookie store.
      */
     private _getCookieHeader;
     /**
@@ -637,9 +637,11 @@ declare class InstaloaderContext {
      */
     graphql_query(queryHash: string, variables: JsonObject, referer?: string): Promise<JsonObject>;
     /**
-     * Do a doc_id-based GraphQL Query using POST.
-     * Each request uses fresh dynamic headers (timestamp, connection speed, session ID)
-     * to appear as different clients, which helps bypass rate limiting on retries.
+     * Do a doc_id-based GraphQL Query.
+     *
+     * Uses GET for anonymous requests (works without login) and POST for authenticated
+     * requests. This is the correct behavior - Instagram's API accepts GET for public
+     * data but requires POST with session for authenticated operations.
      */
     doc_id_graphql_query(docId: string, variables: JsonObject, referer?: string): Promise<JsonObject>;
     /**

package/dist/index.d.ts

@@ -543,7 +543,7 @@ declare class InstaloaderContext {
     readonly quiet: boolean;
     readonly iphoneSupport: boolean;
     readonly fatalStatusCodes: number[];
-    private _cookieJar;
+    private _cookieStore;
     private _csrfToken;
     private _username;
     private _userId;
@@ -610,7 +610,7 @@ declare class InstaloaderContext {
      */
     updateCookies(cookies: CookieData): void;
     /**
-     * Build cookie header string from cookie jar.
+     * Build cookie header string from cookie store.
      */
     private _getCookieHeader;
     /**
@@ -637,9 +637,11 @@ declare class InstaloaderContext {
      */
     graphql_query(queryHash: string, variables: JsonObject, referer?: string): Promise<JsonObject>;
     /**
-     * Do a doc_id-based GraphQL Query using POST.
-     * Each request uses fresh dynamic headers (timestamp, connection speed, session ID)
-     * to appear as different clients, which helps bypass rate limiting on retries.
+     * Do a doc_id-based GraphQL Query.
+     *
+     * Uses GET for anonymous requests (works without login) and POST for authenticated
+     * requests. This is the correct behavior - Instagram's API accepts GET for public
+     * data but requires POST with session for authenticated operations.
      */
     doc_id_graphql_query(docId: string, variables: JsonObject, referer?: string): Promise<JsonObject>;
     /**

package/dist/index.js

@@ -220,9 +220,113 @@ var InvalidIteratorException = class extends InstaloaderException {
   }
 };
 
+// src/utils.ts
+function generateUUID() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  const bytes = new Uint8Array(16);
+  if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+    crypto.getRandomValues(bytes);
+  } else {
+    for (let i = 0; i < 16; i++) {
+      bytes[i] = Math.floor(Math.random() * 256);
+    }
+  }
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+var SimpleCookieStore = class {
+  cookies = /* @__PURE__ */ new Map();
+  /**
+   * Get cookies for a URL as a key-value object.
+   */
+  getCookies(url) {
+    const domain = this.extractDomain(url);
+    const domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      return {};
+    }
+    return Object.fromEntries(domainCookies);
+  }
+  /**
+   * Set cookies from a key-value object.
+   */
+  setCookies(cookies, url) {
+    const domain = this.extractDomain(url);
+    let domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      domainCookies = /* @__PURE__ */ new Map();
+      this.cookies.set(domain, domainCookies);
+    }
+    for (const [key, value] of Object.entries(cookies)) {
+      domainCookies.set(key, value);
+    }
+  }
+  /**
+   * Parse and store cookies from Set-Cookie headers.
+   */
+  parseSetCookieHeaders(headers, url) {
+    const setCookies = headers.getSetCookie?.() || [];
+    const domain = this.extractDomain(url);
+    let domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      domainCookies = /* @__PURE__ */ new Map();
+      this.cookies.set(domain, domainCookies);
+    }
+    for (const cookieStr of setCookies) {
+      const parsed = this.parseSetCookie(cookieStr);
+      if (parsed) {
+        domainCookies.set(parsed.name, parsed.value);
+      }
+    }
+  }
+  /**
+   * Generate Cookie header string for a URL.
+   */
+  getCookieHeader(url) {
+    const cookies = this.getCookies(url);
+    return Object.entries(cookies).map(([k, v]) => `${k}=${v}`).join("; ");
+  }
+  /**
+   * Clear all cookies.
+   */
+  clear() {
+    this.cookies.clear();
+  }
+  /**
+   * Clear cookies for a specific domain.
+   */
+  clearDomain(url) {
+    const domain = this.extractDomain(url);
+    this.cookies.delete(domain);
+  }
+  extractDomain(url) {
+    try {
+      return new URL(url).hostname;
+    } catch {
+      return url;
+    }
+  }
+  parseSetCookie(cookieStr) {
+    const firstSemi = cookieStr.indexOf(";");
+    const nameValue = firstSemi === -1 ? cookieStr : cookieStr.slice(0, firstSemi);
+    const eqIndex = nameValue.indexOf("=");
+    if (eqIndex === -1) {
+      return null;
+    }
+    const name = nameValue.slice(0, eqIndex).trim();
+    const value = nameValue.slice(eqIndex + 1).trim();
+    if (!name) {
+      return null;
+    }
+    return { name, value };
+  }
+};
+
 // src/instaloadercontext.ts
-var import_tough_cookie = require("tough-cookie");
-var import_uuid = require("uuid");
 function defaultUserAgent() {
   return "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36";
 }
@@ -250,7 +354,7 @@ function defaultIphoneHeaders() {
     "x-ig-mapped-locale": "en-US",
     "x-ig-timezone-offset": String(timezoneOffset),
     "x-ig-www-claim": "0",
-    "x-pigeon-session-id": (0, import_uuid.v4)(),
+    "x-pigeon-session-id": generateUUID(),
     "x-tigon-is-retry": "False",
     "x-whatsapp": "0"
   };
@@ -259,7 +363,7 @@ function getPerRequestHeaders() {
   return {
     "x-pigeon-rawclienttime": (Date.now() / 1e3).toFixed(6),
     "x-ig-connection-speed": `${Math.floor(Math.random() * 19e3) + 1e3}kbps`,
-    "x-pigeon-session-id": (0, import_uuid.v4)()
+    "x-pigeon-session-id": generateUUID()
   };
 }
 function sleep(ms) {
@@ -312,16 +416,10 @@ var RateController = class {
       this._queryTimestamps.set(queryType, []);
     }
     const timestamps = this._queryTimestamps.get(queryType);
-    const filteredTimestamps = timestamps.filter(
-      (t) => t > currentTime - 60 * 60
-    );
+    const filteredTimestamps = timestamps.filter((t) => t > currentTime - 60 * 60);
     this._queryTimestamps.set(queryType, filteredTimestamps);
     const perTypeNextRequestTime = () => {
-      const reqs = this._reqsInSlidingWindow(
-        queryType,
-        currentTime,
-        perTypeSlidingWindow
-      );
+      const reqs = this._reqsInSlidingWindow(queryType, currentTime, perTypeSlidingWindow);
       if (reqs.length < this.countPerSlidingWindow(queryType)) {
         return 0;
       } else {
@@ -334,11 +432,7 @@ var RateController = class {
       }
       const gqlAccumulatedSlidingWindow = 600;
       const gqlAccumulatedMaxCount = 275;
-      const reqs = this._reqsInSlidingWindow(
-        null,
-        currentTime,
-        gqlAccumulatedSlidingWindow
-      );
+      const reqs = this._reqsInSlidingWindow(null, currentTime, gqlAccumulatedSlidingWindow);
       if (reqs.length < gqlAccumulatedMaxCount) {
         return 0;
       } else {
@@ -348,33 +442,18 @@ var RateController = class {
     const untrackedNextRequestTime = () => {
       if (untrackedQueries) {
         if (queryType === "iphone") {
-          const reqs = this._reqsInSlidingWindow(
-            queryType,
-            currentTime,
-            iphoneSlidingWindow
-          );
+          const reqs = this._reqsInSlidingWindow(queryType, currentTime, iphoneSlidingWindow);
           this._iphoneEarliestNextRequestTime = Math.min(...reqs) + iphoneSlidingWindow + 18;
         } else {
-          const reqs = this._reqsInSlidingWindow(
-            queryType,
-            currentTime,
-            perTypeSlidingWindow
-          );
+          const reqs = this._reqsInSlidingWindow(queryType, currentTime, perTypeSlidingWindow);
           this._earliestNextRequestTime = Math.min(...reqs) + perTypeSlidingWindow + 6;
         }
       }
-      return Math.max(
-        this._iphoneEarliestNextRequestTime,
-        this._earliestNextRequestTime
-      );
+      return Math.max(this._iphoneEarliestNextRequestTime, this._earliestNextRequestTime);
     };
     const iphoneNextRequest = () => {
       if (queryType === "iphone") {
-        const reqs = this._reqsInSlidingWindow(
-          queryType,
-          currentTime,
-          iphoneSlidingWindow
-        );
+        const reqs = this._reqsInSlidingWindow(queryType, currentTime, iphoneSlidingWindow);
         if (reqs.length >= 199) {
           return Math.min(...reqs) + iphoneSlidingWindow + 18;
         }
@@ -442,7 +521,7 @@ var InstaloaderContext = class {
   quiet;
   iphoneSupport;
   fatalStatusCodes;
-  _cookieJar;
+  _cookieStore;
   _csrfToken = null;
   _username = null;
   _userId = null;
@@ -463,13 +542,13 @@ var InstaloaderContext = class {
     this.quiet = options.quiet ?? false;
     this.iphoneSupport = options.iphoneSupport ?? true;
     this.fatalStatusCodes = options.fatalStatusCodes ?? [];
-    this._cookieJar = new import_tough_cookie.CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this._iphoneHeaders = defaultIphoneHeaders();
     this._initAnonymousCookies();
     this._rateController = options.rateController ? options.rateController(this) : new RateController(this);
   }
   _initAnonymousCookies() {
-    const domain = "www.instagram.com";
+    const url = "https://www.instagram.com/";
     const defaultCookies = {
       sessionid: "",
       mid: "",
@@ -479,15 +558,7 @@ var InstaloaderContext = class {
       s_network: "",
       ds_user_id: ""
     };
-    for (const [name, value] of Object.entries(defaultCookies)) {
-      const cookie = new import_tough_cookie.Cookie({
-        key: name,
-        value,
-        domain,
-        path: "/"
-      });
-      this._cookieJar.setCookieSync(cookie, `https://${domain}/`);
-    }
+    this._cookieStore.setCookies(defaultCookies, url);
   }
   /** True if this instance is logged in. */
   get is_logged_in() {
@@ -580,27 +651,13 @@ var InstaloaderContext = class {
    * Get cookies as a plain object.
    */
   getCookies(url = "https://www.instagram.com/") {
-    const cookies = this._cookieJar.getCookiesSync(url);
-    const result = {};
-    for (const cookie of cookies) {
-      result[cookie.key] = cookie.value;
-    }
-    return result;
+    return this._cookieStore.getCookies(url);
   }
   /**
    * Set cookies from a plain object.
    */
   setCookies(cookies, url = "https://www.instagram.com/") {
-    const domain = new URL(url).hostname;
-    for (const [name, value] of Object.entries(cookies)) {
-      const cookie = new import_tough_cookie.Cookie({
-        key: name,
-        value,
-        domain,
-        path: "/"
-      });
-      this._cookieJar.setCookieSync(cookie, url);
-    }
+    this._cookieStore.setCookies(cookies, url);
   }
   /**
    * Save session data for later restoration.
@@ -612,7 +669,7 @@ var InstaloaderContext = class {
    * Load session data from a saved session.
    */
   loadSession(username, sessionData) {
-    this._cookieJar = new import_tough_cookie.CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this.setCookies(sessionData);
     this._csrfToken = sessionData["csrftoken"] || null;
     this._username = username;
@@ -625,26 +682,16 @@ var InstaloaderContext = class {
     this.setCookies(cookies);
   }
   /**
-   * Build cookie header string from cookie jar.
+   * Build cookie header string from cookie store.
    */
   _getCookieHeader(url) {
-    const cookies = this._cookieJar.getCookiesSync(url);
-    return cookies.map((c) => `${c.key}=${c.value}`).join("; ");
+    return this._cookieStore.getCookieHeader(url);
   }
   /**
    * Parse and store cookies from Set-Cookie headers.
    */
   _storeCookies(url, headers) {
-    const setCookies = headers.getSetCookie?.() || [];
-    for (const cookieStr of setCookies) {
-      try {
-        const cookie = import_tough_cookie.Cookie.parse(cookieStr);
-        if (cookie) {
-          this._cookieJar.setCookieSync(cookie, url);
-        }
-      } catch {
-      }
-    }
+    this._cookieStore.parseSetCookieHeaders(headers, url);
   }
   /**
    * Format response error message.
@@ -722,10 +769,7 @@ var InstaloaderContext = class {
         });
       } else {
         for (const [key, value] of Object.entries(params)) {
-          url.searchParams.set(
-            key,
-            typeof value === "string" ? value : JSON.stringify(value)
-          );
+          url.searchParams.set(key, typeof value === "string" ? value : JSON.stringify(value));
         }
         response = await fetch(url.toString(), {
           method: "GET",
@@ -748,9 +792,7 @@ var InstaloaderContext = class {
 HTTP redirect from ${url} to ${redirectUrl}`);
           if (redirectUrl.startsWith("https://www.instagram.com/accounts/login") || redirectUrl.startsWith("https://i.instagram.com/accounts/login")) {
             if (!this.is_logged_in) {
-              throw new LoginRequiredException(
-                "Redirected to login page. Use login() first."
-              );
+              throw new LoginRequiredException("Redirected to login page. Use login() first.");
             }
             throw new AbortDownloadException(
               "Redirected to login page. You've been logged out, please wait some time, recreate the session and try again"
@@ -857,9 +899,11 @@ HTTP redirect from ${url} to ${redirectUrl}`);
     return respJson;
   }
   /**
-   * Do a doc_id-based GraphQL Query using POST.
-   * Each request uses fresh dynamic headers (timestamp, connection speed, session ID)
-   * to appear as different clients, which helps bypass rate limiting on retries.
+   * Do a doc_id-based GraphQL Query.
+   *
+   * Uses GET for anonymous requests (works without login) and POST for authenticated
+   * requests. This is the correct behavior - Instagram's API accepts GET for public
+   * data but requires POST with session for authenticated operations.
    */
   async doc_id_graphql_query(docId, variables, referer) {
     const perRequestHeaders = getPerRequestHeaders();
@@ -876,10 +920,11 @@ HTTP redirect from ${url} to ${redirectUrl}`);
       headers["referer"] = encodeURIComponent(referer);
     }
     const variablesJson = JSON.stringify(variables);
+    const usePost = this.is_logged_in;
     const respJson = await this.getJson(
       "graphql/query",
       { variables: variablesJson, doc_id: docId, server_timestamps: "true" },
-      { usePost: true, headers }
+      { usePost, headers }
     );
     if (!("status" in respJson)) {
       this.error('GraphQL response did not contain a "status" field.');
@@ -950,9 +995,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
         this._responseError(response.status, response.statusText, url)
       );
     }
-    throw new ConnectionException(
-      this._responseError(response.status, response.statusText, url)
-    );
+    throw new ConnectionException(this._responseError(response.status, response.statusText, url));
   }
   /**
    * Test if logged in by querying the current user.
@@ -974,7 +1017,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
    * Login to Instagram.
    */
   async login(username, password) {
-    this._cookieJar = new import_tough_cookie.CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this._initAnonymousCookies();
     const initUrl = "https://www.instagram.com/";
     const initResponse = await fetch(initUrl, {
@@ -1094,7 +1137,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
       throw new InvalidArgumentException("No two-factor authentication pending.");
     }
     const { csrfToken, cookies, username, twoFactorId } = this._twoFactorAuthPending;
-    this._cookieJar = new import_tough_cookie.CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this.setCookies(cookies);
     const loginUrl = "https://www.instagram.com/accounts/login/ajax/two_factor/";
     const response = await fetch(loginUrl, {
@@ -3280,7 +3323,9 @@ var Instaloader = class {
       ...options.sleep !== void 0 && { sleep: options.sleep },
       ...options.quiet !== void 0 && { quiet: options.quiet },
       ...options.userAgent !== void 0 && { userAgent: options.userAgent },
-      ...options.maxConnectionAttempts !== void 0 && { maxConnectionAttempts: options.maxConnectionAttempts },
+      ...options.maxConnectionAttempts !== void 0 && {
+        maxConnectionAttempts: options.maxConnectionAttempts
+      },
       ...options.requestTimeout !== void 0 && { requestTimeout: options.requestTimeout },
       ...options.rateController !== void 0 && { rateController: options.rateController },
       ...options.fatalStatusCodes !== void 0 && { fatalStatusCodes: options.fatalStatusCodes },
@@ -3385,7 +3430,7 @@ var Instaloader = class {
    * Load session from file.
    */
   async loadSessionFromFile(username, filename) {
-    let targetFile = filename ?? getDefaultSessionFilename(username);
+    const targetFile = filename ?? getDefaultSessionFilename(username);
     if (!fs.existsSync(targetFile)) {
       throw new Error(`Session file not found: ${targetFile}`);
     }
@@ -3440,7 +3485,9 @@ var Instaloader = class {
       }
     });
     if (!response.ok) {
-      throw new ConnectionException(`Failed to download: ${response.status} ${response.statusText}`);
+      throw new ConnectionException(
+        `Failed to download: ${response.status} ${response.statusText}`
+      );
     }
     let finalFilename = nominalFilename;
     const contentType = response.headers.get("Content-Type");
@@ -3539,11 +3586,21 @@ var Instaloader = class {
           }
           if (node.is_video) {
             if (this.downloadVideos && node.video_url) {
-              const dl = await this.downloadPic(filename, node.video_url, post.date_utc, `${index + 1}`);
+              const dl = await this.downloadPic(
+                filename,
+                node.video_url,
+                post.date_utc,
+                `${index + 1}`
+              );
               downloaded = downloaded || dl;
             }
           } else if (node.display_url) {
-            const dl = await this.downloadPic(filename, node.display_url, post.date_utc, `${index + 1}`);
+            const dl = await this.downloadPic(
+              filename,
+              node.display_url,
+              post.date_utc,
+              `${index + 1}`
+            );
             downloaded = downloaded || dl;
           }
           index++;
@@ -3600,7 +3657,10 @@ var Instaloader = class {
       }
       if (displayedCount !== void 0) {
         const width = displayedCount.toString().length;
-        this.context.log(`[${number.toString().padStart(width)}/${displayedCount.toString().padStart(width)}] `, false);
+        this.context.log(
+          `[${number.toString().padStart(width)}/${displayedCount.toString().padStart(width)}] `,
+          false
+        );
       } else {
         this.context.log(`[${number.toString().padStart(3)}] `, false);
       }
@@ -3682,7 +3742,12 @@ var Instaloader = class {
   async downloadProfilePic(profile) {
     const url = await profile.getProfilePicUrl();
     if (!url) return;
-    const dirname2 = formatFilename(this.dirnamePattern, profile, profile.username.toLowerCase(), this.sanitizePaths);
+    const dirname2 = formatFilename(
+      this.dirnamePattern,
+      profile,
+      profile.username.toLowerCase(),
+      this.sanitizePaths
+    );
     const filename = path.join(dirname2, `${profile.username.toLowerCase()}_profile_pic`);
     await this.downloadPic(filename, url, /* @__PURE__ */ new Date());
     this.context.log("");

package/dist/index.mjs

@@ -132,9 +132,113 @@ var InvalidIteratorException = class extends InstaloaderException {
   }
 };
 
+// src/utils.ts
+function generateUUID() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  const bytes = new Uint8Array(16);
+  if (typeof crypto !== "undefined" && crypto.getRandomValues) {
+    crypto.getRandomValues(bytes);
+  } else {
+    for (let i = 0; i < 16; i++) {
+      bytes[i] = Math.floor(Math.random() * 256);
+    }
+  }
+  bytes[6] = bytes[6] & 15 | 64;
+  bytes[8] = bytes[8] & 63 | 128;
+  const hex = Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `${hex.slice(0, 8)}-${hex.slice(8, 12)}-${hex.slice(12, 16)}-${hex.slice(16, 20)}-${hex.slice(20)}`;
+}
+var SimpleCookieStore = class {
+  cookies = /* @__PURE__ */ new Map();
+  /**
+   * Get cookies for a URL as a key-value object.
+   */
+  getCookies(url) {
+    const domain = this.extractDomain(url);
+    const domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      return {};
+    }
+    return Object.fromEntries(domainCookies);
+  }
+  /**
+   * Set cookies from a key-value object.
+   */
+  setCookies(cookies, url) {
+    const domain = this.extractDomain(url);
+    let domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      domainCookies = /* @__PURE__ */ new Map();
+      this.cookies.set(domain, domainCookies);
+    }
+    for (const [key, value] of Object.entries(cookies)) {
+      domainCookies.set(key, value);
+    }
+  }
+  /**
+   * Parse and store cookies from Set-Cookie headers.
+   */
+  parseSetCookieHeaders(headers, url) {
+    const setCookies = headers.getSetCookie?.() || [];
+    const domain = this.extractDomain(url);
+    let domainCookies = this.cookies.get(domain);
+    if (!domainCookies) {
+      domainCookies = /* @__PURE__ */ new Map();
+      this.cookies.set(domain, domainCookies);
+    }
+    for (const cookieStr of setCookies) {
+      const parsed = this.parseSetCookie(cookieStr);
+      if (parsed) {
+        domainCookies.set(parsed.name, parsed.value);
+      }
+    }
+  }
+  /**
+   * Generate Cookie header string for a URL.
+   */
+  getCookieHeader(url) {
+    const cookies = this.getCookies(url);
+    return Object.entries(cookies).map(([k, v]) => `${k}=${v}`).join("; ");
+  }
+  /**
+   * Clear all cookies.
+   */
+  clear() {
+    this.cookies.clear();
+  }
+  /**
+   * Clear cookies for a specific domain.
+   */
+  clearDomain(url) {
+    const domain = this.extractDomain(url);
+    this.cookies.delete(domain);
+  }
+  extractDomain(url) {
+    try {
+      return new URL(url).hostname;
+    } catch {
+      return url;
+    }
+  }
+  parseSetCookie(cookieStr) {
+    const firstSemi = cookieStr.indexOf(";");
+    const nameValue = firstSemi === -1 ? cookieStr : cookieStr.slice(0, firstSemi);
+    const eqIndex = nameValue.indexOf("=");
+    if (eqIndex === -1) {
+      return null;
+    }
+    const name = nameValue.slice(0, eqIndex).trim();
+    const value = nameValue.slice(eqIndex + 1).trim();
+    if (!name) {
+      return null;
+    }
+    return { name, value };
+  }
+};
+
 // src/instaloadercontext.ts
-import { CookieJar, Cookie } from "tough-cookie";
-import { v4 as uuidv4 } from "uuid";
 function defaultUserAgent() {
   return "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36";
 }
@@ -162,7 +266,7 @@ function defaultIphoneHeaders() {
     "x-ig-mapped-locale": "en-US",
     "x-ig-timezone-offset": String(timezoneOffset),
     "x-ig-www-claim": "0",
-    "x-pigeon-session-id": uuidv4(),
+    "x-pigeon-session-id": generateUUID(),
     "x-tigon-is-retry": "False",
     "x-whatsapp": "0"
   };
@@ -171,7 +275,7 @@ function getPerRequestHeaders() {
   return {
     "x-pigeon-rawclienttime": (Date.now() / 1e3).toFixed(6),
     "x-ig-connection-speed": `${Math.floor(Math.random() * 19e3) + 1e3}kbps`,
-    "x-pigeon-session-id": uuidv4()
+    "x-pigeon-session-id": generateUUID()
   };
 }
 function sleep(ms) {
@@ -224,16 +328,10 @@ var RateController = class {
       this._queryTimestamps.set(queryType, []);
     }
     const timestamps = this._queryTimestamps.get(queryType);
-    const filteredTimestamps = timestamps.filter(
-      (t) => t > currentTime - 60 * 60
-    );
+    const filteredTimestamps = timestamps.filter((t) => t > currentTime - 60 * 60);
     this._queryTimestamps.set(queryType, filteredTimestamps);
     const perTypeNextRequestTime = () => {
-      const reqs = this._reqsInSlidingWindow(
-        queryType,
-        currentTime,
-        perTypeSlidingWindow
-      );
+      const reqs = this._reqsInSlidingWindow(queryType, currentTime, perTypeSlidingWindow);
       if (reqs.length < this.countPerSlidingWindow(queryType)) {
         return 0;
       } else {
@@ -246,11 +344,7 @@ var RateController = class {
       }
       const gqlAccumulatedSlidingWindow = 600;
       const gqlAccumulatedMaxCount = 275;
-      const reqs = this._reqsInSlidingWindow(
-        null,
-        currentTime,
-        gqlAccumulatedSlidingWindow
-      );
+      const reqs = this._reqsInSlidingWindow(null, currentTime, gqlAccumulatedSlidingWindow);
       if (reqs.length < gqlAccumulatedMaxCount) {
         return 0;
       } else {
@@ -260,33 +354,18 @@ var RateController = class {
     const untrackedNextRequestTime = () => {
       if (untrackedQueries) {
         if (queryType === "iphone") {
-          const reqs = this._reqsInSlidingWindow(
-            queryType,
-            currentTime,
-            iphoneSlidingWindow
-          );
+          const reqs = this._reqsInSlidingWindow(queryType, currentTime, iphoneSlidingWindow);
           this._iphoneEarliestNextRequestTime = Math.min(...reqs) + iphoneSlidingWindow + 18;
         } else {
-          const reqs = this._reqsInSlidingWindow(
-            queryType,
-            currentTime,
-            perTypeSlidingWindow
-          );
+          const reqs = this._reqsInSlidingWindow(queryType, currentTime, perTypeSlidingWindow);
           this._earliestNextRequestTime = Math.min(...reqs) + perTypeSlidingWindow + 6;
         }
       }
-      return Math.max(
-        this._iphoneEarliestNextRequestTime,
-        this._earliestNextRequestTime
-      );
+      return Math.max(this._iphoneEarliestNextRequestTime, this._earliestNextRequestTime);
     };
     const iphoneNextRequest = () => {
       if (queryType === "iphone") {
-        const reqs = this._reqsInSlidingWindow(
-          queryType,
-          currentTime,
-          iphoneSlidingWindow
-        );
+        const reqs = this._reqsInSlidingWindow(queryType, currentTime, iphoneSlidingWindow);
         if (reqs.length >= 199) {
           return Math.min(...reqs) + iphoneSlidingWindow + 18;
         }
@@ -354,7 +433,7 @@ var InstaloaderContext = class {
   quiet;
   iphoneSupport;
   fatalStatusCodes;
-  _cookieJar;
+  _cookieStore;
   _csrfToken = null;
   _username = null;
   _userId = null;
@@ -375,13 +454,13 @@ var InstaloaderContext = class {
     this.quiet = options.quiet ?? false;
     this.iphoneSupport = options.iphoneSupport ?? true;
     this.fatalStatusCodes = options.fatalStatusCodes ?? [];
-    this._cookieJar = new CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this._iphoneHeaders = defaultIphoneHeaders();
     this._initAnonymousCookies();
     this._rateController = options.rateController ? options.rateController(this) : new RateController(this);
   }
   _initAnonymousCookies() {
-    const domain = "www.instagram.com";
+    const url = "https://www.instagram.com/";
     const defaultCookies = {
       sessionid: "",
       mid: "",
@@ -391,15 +470,7 @@ var InstaloaderContext = class {
       s_network: "",
       ds_user_id: ""
     };
-    for (const [name, value] of Object.entries(defaultCookies)) {
-      const cookie = new Cookie({
-        key: name,
-        value,
-        domain,
-        path: "/"
-      });
-      this._cookieJar.setCookieSync(cookie, `https://${domain}/`);
-    }
+    this._cookieStore.setCookies(defaultCookies, url);
   }
   /** True if this instance is logged in. */
   get is_logged_in() {
@@ -492,27 +563,13 @@ var InstaloaderContext = class {
    * Get cookies as a plain object.
    */
   getCookies(url = "https://www.instagram.com/") {
-    const cookies = this._cookieJar.getCookiesSync(url);
-    const result = {};
-    for (const cookie of cookies) {
-      result[cookie.key] = cookie.value;
-    }
-    return result;
+    return this._cookieStore.getCookies(url);
   }
   /**
    * Set cookies from a plain object.
    */
   setCookies(cookies, url = "https://www.instagram.com/") {
-    const domain = new URL(url).hostname;
-    for (const [name, value] of Object.entries(cookies)) {
-      const cookie = new Cookie({
-        key: name,
-        value,
-        domain,
-        path: "/"
-      });
-      this._cookieJar.setCookieSync(cookie, url);
-    }
+    this._cookieStore.setCookies(cookies, url);
   }
   /**
    * Save session data for later restoration.
@@ -524,7 +581,7 @@ var InstaloaderContext = class {
    * Load session data from a saved session.
    */
   loadSession(username, sessionData) {
-    this._cookieJar = new CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this.setCookies(sessionData);
     this._csrfToken = sessionData["csrftoken"] || null;
     this._username = username;
@@ -537,26 +594,16 @@ var InstaloaderContext = class {
     this.setCookies(cookies);
   }
   /**
-   * Build cookie header string from cookie jar.
+   * Build cookie header string from cookie store.
    */
   _getCookieHeader(url) {
-    const cookies = this._cookieJar.getCookiesSync(url);
-    return cookies.map((c) => `${c.key}=${c.value}`).join("; ");
+    return this._cookieStore.getCookieHeader(url);
   }
   /**
    * Parse and store cookies from Set-Cookie headers.
    */
   _storeCookies(url, headers) {
-    const setCookies = headers.getSetCookie?.() || [];
-    for (const cookieStr of setCookies) {
-      try {
-        const cookie = Cookie.parse(cookieStr);
-        if (cookie) {
-          this._cookieJar.setCookieSync(cookie, url);
-        }
-      } catch {
-      }
-    }
+    this._cookieStore.parseSetCookieHeaders(headers, url);
   }
   /**
    * Format response error message.
@@ -634,10 +681,7 @@ var InstaloaderContext = class {
         });
       } else {
         for (const [key, value] of Object.entries(params)) {
-          url.searchParams.set(
-            key,
-            typeof value === "string" ? value : JSON.stringify(value)
-          );
+          url.searchParams.set(key, typeof value === "string" ? value : JSON.stringify(value));
         }
         response = await fetch(url.toString(), {
           method: "GET",
@@ -660,9 +704,7 @@ var InstaloaderContext = class {
 HTTP redirect from ${url} to ${redirectUrl}`);
           if (redirectUrl.startsWith("https://www.instagram.com/accounts/login") || redirectUrl.startsWith("https://i.instagram.com/accounts/login")) {
             if (!this.is_logged_in) {
-              throw new LoginRequiredException(
-                "Redirected to login page. Use login() first."
-              );
+              throw new LoginRequiredException("Redirected to login page. Use login() first.");
             }
             throw new AbortDownloadException(
               "Redirected to login page. You've been logged out, please wait some time, recreate the session and try again"
@@ -769,9 +811,11 @@ HTTP redirect from ${url} to ${redirectUrl}`);
     return respJson;
   }
   /**
-   * Do a doc_id-based GraphQL Query using POST.
-   * Each request uses fresh dynamic headers (timestamp, connection speed, session ID)
-   * to appear as different clients, which helps bypass rate limiting on retries.
+   * Do a doc_id-based GraphQL Query.
+   *
+   * Uses GET for anonymous requests (works without login) and POST for authenticated
+   * requests. This is the correct behavior - Instagram's API accepts GET for public
+   * data but requires POST with session for authenticated operations.
    */
   async doc_id_graphql_query(docId, variables, referer) {
     const perRequestHeaders = getPerRequestHeaders();
@@ -788,10 +832,11 @@ HTTP redirect from ${url} to ${redirectUrl}`);
       headers["referer"] = encodeURIComponent(referer);
     }
     const variablesJson = JSON.stringify(variables);
+    const usePost = this.is_logged_in;
     const respJson = await this.getJson(
       "graphql/query",
       { variables: variablesJson, doc_id: docId, server_timestamps: "true" },
-      { usePost: true, headers }
+      { usePost, headers }
     );
     if (!("status" in respJson)) {
       this.error('GraphQL response did not contain a "status" field.');
@@ -862,9 +907,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
         this._responseError(response.status, response.statusText, url)
       );
     }
-    throw new ConnectionException(
-      this._responseError(response.status, response.statusText, url)
-    );
+    throw new ConnectionException(this._responseError(response.status, response.statusText, url));
   }
   /**
    * Test if logged in by querying the current user.
@@ -886,7 +929,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
    * Login to Instagram.
    */
   async login(username, password) {
-    this._cookieJar = new CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this._initAnonymousCookies();
     const initUrl = "https://www.instagram.com/";
     const initResponse = await fetch(initUrl, {
@@ -1006,7 +1049,7 @@ HTTP redirect from ${url} to ${redirectUrl}`);
       throw new InvalidArgumentException("No two-factor authentication pending.");
     }
     const { csrfToken, cookies, username, twoFactorId } = this._twoFactorAuthPending;
-    this._cookieJar = new CookieJar();
+    this._cookieStore = new SimpleCookieStore();
     this.setCookies(cookies);
     const loginUrl = "https://www.instagram.com/accounts/login/ajax/two_factor/";
     const response = await fetch(loginUrl, {
@@ -3192,7 +3235,9 @@ var Instaloader = class {
       ...options.sleep !== void 0 && { sleep: options.sleep },
       ...options.quiet !== void 0 && { quiet: options.quiet },
       ...options.userAgent !== void 0 && { userAgent: options.userAgent },
-      ...options.maxConnectionAttempts !== void 0 && { maxConnectionAttempts: options.maxConnectionAttempts },
+      ...options.maxConnectionAttempts !== void 0 && {
+        maxConnectionAttempts: options.maxConnectionAttempts
+      },
       ...options.requestTimeout !== void 0 && { requestTimeout: options.requestTimeout },
       ...options.rateController !== void 0 && { rateController: options.rateController },
       ...options.fatalStatusCodes !== void 0 && { fatalStatusCodes: options.fatalStatusCodes },
@@ -3297,7 +3342,7 @@ var Instaloader = class {
    * Load session from file.
    */
   async loadSessionFromFile(username, filename) {
-    let targetFile = filename ?? getDefaultSessionFilename(username);
+    const targetFile = filename ?? getDefaultSessionFilename(username);
     if (!fs.existsSync(targetFile)) {
       throw new Error(`Session file not found: ${targetFile}`);
     }
@@ -3352,7 +3397,9 @@ var Instaloader = class {
       }
     });
     if (!response.ok) {
-      throw new ConnectionException(`Failed to download: ${response.status} ${response.statusText}`);
+      throw new ConnectionException(
+        `Failed to download: ${response.status} ${response.statusText}`
+      );
     }
     let finalFilename = nominalFilename;
     const contentType = response.headers.get("Content-Type");
@@ -3451,11 +3498,21 @@ var Instaloader = class {
           }
           if (node.is_video) {
             if (this.downloadVideos && node.video_url) {
-              const dl = await this.downloadPic(filename, node.video_url, post.date_utc, `${index + 1}`);
+              const dl = await this.downloadPic(
+                filename,
+                node.video_url,
+                post.date_utc,
+                `${index + 1}`
+              );
               downloaded = downloaded || dl;
             }
           } else if (node.display_url) {
-            const dl = await this.downloadPic(filename, node.display_url, post.date_utc, `${index + 1}`);
+            const dl = await this.downloadPic(
+              filename,
+              node.display_url,
+              post.date_utc,
+              `${index + 1}`
+            );
             downloaded = downloaded || dl;
           }
           index++;
@@ -3512,7 +3569,10 @@ var Instaloader = class {
       }
       if (displayedCount !== void 0) {
         const width = displayedCount.toString().length;
-        this.context.log(`[${number.toString().padStart(width)}/${displayedCount.toString().padStart(width)}] `, false);
+        this.context.log(
+          `[${number.toString().padStart(width)}/${displayedCount.toString().padStart(width)}] `,
+          false
+        );
       } else {
         this.context.log(`[${number.toString().padStart(3)}] `, false);
       }
@@ -3594,7 +3654,12 @@ var Instaloader = class {
   async downloadProfilePic(profile) {
     const url = await profile.getProfilePicUrl();
     if (!url) return;
-    const dirname2 = formatFilename(this.dirnamePattern, profile, profile.username.toLowerCase(), this.sanitizePaths);
+    const dirname2 = formatFilename(
+      this.dirnamePattern,
+      profile,
+      profile.username.toLowerCase(),
+      this.sanitizePaths
+    );
     const filename = path.join(dirname2, `${profile.username.toLowerCase()}_profile_pic`);
     await this.downloadPic(filename, url, /* @__PURE__ */ new Date());
     this.context.log("");

package/package.json

@@ -1,35 +1,52 @@
 {
   "name": "@vicociv/instaloader",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "TypeScript port of instaloader - Download pictures (or videos) along with their captions and other metadata from Instagram.",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
   "types": "./dist/index.d.ts",
   "exports": {
     ".": {
+      "types": "./dist/index.d.ts",
       "import": "./dist/index.mjs",
-      "require": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "require": "./dist/index.js"
     }
   },
+  "sideEffects": false,
   "files": [
     "dist"
   ],
   "publishConfig": {
-    "access": "public"
+    "access": "public",
+    "provenance": true
   },
   "scripts": {
     "build": "tsup src/index.ts --format cjs,esm --dts --clean",
     "test": "vitest run",
     "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
     "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "format:check": "prettier --check \"src/**/*.ts\"",
     "typecheck": "tsc --noEmit",
-    "prepublishOnly": "npm run build"
+    "prepublishOnly": "npm run build",
+    "prepare": "husky",
+    "changeset": "changeset",
+    "version": "changeset version",
+    "release": "npm run build && changeset publish"
+  },
+  "lint-staged": {
+    "*.ts": [
+      "eslint --fix",
+      "prettier --write"
+    ]
   },
   "keywords": [
     "instagram",
     "instagram-scraper",
     "instagram-client",
+    "instagram-api",
     "instagram-feed",
     "downloader",
     "videos",
@@ -40,30 +57,37 @@
     "instagram-metadata",
     "instagram-downloader",
     "instagram-stories",
-    "typescript"
+    "typescript",
+    "nodejs"
   ],
-  "author": "",
+  "author": "star8ks",
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": ""
+    "url": "git+https://github.com/star8ks/instaloader.js.git"
+  },
+  "bugs": {
+    "url": "https://github.com/star8ks/instaloader.js/issues"
   },
+  "homepage": "https://github.com/star8ks/instaloader.js#readme",
   "engines": {
     "node": ">=18.0.0"
   },
   "devDependencies": {
+    "@changesets/changelog-github": "^0.5.2",
+    "@changesets/cli": "^2.29.8",
+    "@commitlint/cli": "^20.2.0",
+    "@commitlint/config-conventional": "^20.2.0",
     "@types/node": "^20.10.0",
-    "@types/tough-cookie": "^4.0.5",
-    "@types/uuid": "^10.0.0",
     "@typescript-eslint/eslint-plugin": "^6.13.0",
     "@typescript-eslint/parser": "^6.13.0",
+    "@vitest/coverage-v8": "^1.6.1",
     "eslint": "^8.55.0",
+    "husky": "^9.1.7",
+    "lint-staged": "^16.2.7",
+    "prettier": "^3.7.4",
     "tsup": "^8.0.1",
     "typescript": "^5.3.2",
     "vitest": "^1.0.4"
-  },
-  "dependencies": {
-    "tough-cookie": "^4.1.3",
-    "uuid": "^13.0.0"
   }
 }