nodejs-insta-private-api-mqtt 1.1.6 → 1.1.8

package/README.md

@@ -2,15 +2,6 @@ Dear users,
 First of all, when handling view-once images or videos, please make sure to save the received media in a folder such as /storage/emulated/0/Pictures/, or depending on your device's path. The photos and videos are saved correctly on your phone, but the library currently has some issues with uploading them back to Instagram. This will be resolved as soon as possible.
 I post many versions of the project because Instagram changes the protocol almost daily, if you like this project leave a star on github https://github.com/Kunboruto20/nodejs-insta-private-api.git 
 
-⚠️ IMPORTANT NOTICE
-This is an important announcement regarding the nodejs-insta-private-api library.
-The old repository and NPM package were lost and are now associated with a different NPM account.
-Starting from today, this NPM account will be the official and active source where this library will be published and maintained.
-Please make sure you are using this package from this account only to receive future updates, fixes, and support.
-
-You can subscribe to any Instagram topic in this library visit the bookstore code, it would help me a lot if you like this project and if it helps you! 
-
-If you see clones of nodejs-insta-private-api on npm don't download, it could be malicious code and you may have security issues on your Instagram accounts, always use this project or the nodejs-insta-private-api project but that's on the lost account, always use npm install nodejs-insta-private-api-mqtt in your projects 
 
 
 # nodejs-insta-private-api-mqtt
@@ -19,7 +10,7 @@ This project implements a complete and production-ready MQTT protocol client for
 
 By leveraging MQTT instead of Instagram's REST API, this library achieves sub-500ms message latency, bidirectional real-time communication, and native support for notifications, presence tracking, and thread management. The implementation is reverse-engineered from Instagram's mobile app protocol and tested extensively for reliability and compatibility.
 
-## Features ( - iOS + Android Full Support)
+## Features (v5.61.11 - iOS + Android Full Support)
 
 - **NEW: FULL iOS SUPPORT** - iPhone 16/15/14/13/12 + iPad Pro/Air device emulation
 - **NEW: FULL ANDROID SUPPORT** - Samsung, Huawei, Google Pixel, OnePlus, Xiaomi, OPPO
@@ -75,7 +66,7 @@ Requires **Node.js 18 or higher**.
 
 ---
 
-## NEW: Custom Device Emulation ()
+## NEW: Custom Device Emulation (v5.60.7)
 
 **Default Device:** Samsung Galaxy S25 Ultra (Android 15) - used automatically if you don't set a custom device.
 
@@ -93,7 +84,7 @@ This feature allows you to **choose which phone model Instagram sees** when your
 The easiest way to set a custom device is using the built-in presets:
 
 ```javascript
-const { IgApiClient } = require('nodejs-insta-private-api-mqtt');
+const { IgApiClient } = require('nodejs-insta-private-api');
 
 const ig = new IgApiClient();
 
@@ -911,7 +902,7 @@ const {
   RealtimeClient, 
   downloadContentFromMessage,
   isViewOnceMedia 
-} = require('nodejs-insta-private-api-mqtt');
+} = require('nodejs-insta-private-api');
 const fs = require('fs');
 
 const ig = new IgApiClient();
@@ -964,7 +955,7 @@ const {
   downloadMediaBuffer,
   hasMedia,
   getMediaType 
-} = require('nodejs-insta-private-api');
+} = require('nodejs-insta-private-api-mqtt');
 
 realtime.on('message', async (data) => {
   const msg = data.message;

package/dist/core/client.js

@@ -72,10 +72,61 @@ class IgApiClient extends EventEmitter {
    * NOTE: removed automatic realtime connection attempt.
    */
   async login(credentials) {
+    // ANTI-BOT: Automatically simulate app launch if not already done recently
+    if (this.state.deviceId) {
+       try { 
+         await this.simulateAppStart(); 
+         // Real behavior: fetch contact permissions, explore, etc.
+         await this.simulateAndroidBehavior();
+       } catch (e) {}
+       await new Promise(resolve => setTimeout(resolve, 3000));
+    }
     const result = await this.account.login(credentials);
     return result;
   }
 
+  /**
+   * Additional Android-specific behavior simulation
+   */
+  async simulateAndroidBehavior() {
+    if (this.state.verbose) console.log('[Anti-Bot] Simulating Android-specific background behaviors...');
+    
+    // 0. Pre-login notification suppression / Trust signal
+    try {
+      await this.request.send({
+        url: '/api/v1/accounts/get_presence_disabled/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 1. Fetch Contact Permission (often requested on start/login)
+    try {
+      await this.request.send({
+        url: '/api/v1/accounts/contact_point_pref/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 2. Fetch Zero Rating (Mobile data settings)
+    try {
+      await this.request.send({
+        url: '/api/v1/zero/get_headers/',
+        method: 'GET',
+      });
+    } catch (e) {}
+
+    // 3. Fetch Banyan (Explore/Search context)
+    try {
+      await this.request.send({
+        url: '/api/v1/banyan/banyan/',
+        method: 'GET',
+        qs: {
+          views: '["direct_user_search","direct_search_context","direct_share_sheet"]',
+        },
+      });
+    } catch (e) {}
+  }
+
   async logout() {
     return await this.account.logout();
   }
@@ -116,6 +167,88 @@ class IgApiClient extends EventEmitter {
   // === UTILITY HELPER METHODS
   // -------------------------------
 
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   * This should be called BEFORE login to establish the device's presence as a legitimate app instance.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync (Fetching app configuration)
+    // This tells Instagram "I am opening the app and checking for feature flags"
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync (Quick Experiment Sync)
+    // Instagram apps check for A/B testing experiments on launch
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution (App Launch Event)
+    // This is crucial. Real apps report "I have launched".
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId, // Advertising ID
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+
+    // 4. Check App Updates (Optional but realistic)
+    // Simulates checking if a new version is available (often happens on launch)
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
+  /**
+   * Login -> uses account.login. Returns whatever account.login returns.
+   * NOTE: removed automatic realtime connection attempt.
+   */
+  async login(credentials) {
+    // ANTI-BOT: Automatically simulate app launch if not already done recently
+    // We check if we have a device ID, if so, we run simulation.
+    // Ideally we should track if simulated, but for now we run it on every login call to be safe.
+    if (this.state.deviceId) {
+       await this.simulateAppStart();
+       // Small delay to mimic human speed/app loading time
+       await new Promise(resolve => setTimeout(resolve, 2000));
+    }
+    
+    const result = await this.account.login(credentials);
+    return result;
+  }
+
   /**
    * Generic retry helper for async functions.
    *
@@ -227,6 +360,122 @@ class IgApiClient extends EventEmitter {
     return this.state.verbose;
   }
 
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId,
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+    
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
+  /**
+   * Simulates the exact sequence of requests an Android device makes when opening the Instagram app.
+   */
+  async simulateAppStart() {
+    if (this.state.verbose) console.log('[Anti-Bot] Starting Android App Launch Simulation...');
+    
+    // 1. Emulate Launcher Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/launcher/sync/',
+        method: 'POST',
+        form: {
+          configs: 'ig_android_launcher_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Launcher Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Launcher Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 2. Emulate QE Sync
+    try {
+      await this.request.send({
+        url: '/api/v1/qe/sync/',
+        method: 'POST',
+        form: {
+          experiments: 'ig_android_qe_sync_config',
+          id: this.state.uuid,
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] QE Sync: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] QE Sync Failed (Non-fatal):', e.message);
+    }
+
+    // 3. Log Attribution
+    try {
+      await this.request.send({
+        url: '/api/v1/attribution/log_attribution/',
+        method: 'POST',
+        form: {
+          adb_ifa: this.state.adsId,
+          did: this.state.deviceId,
+          event_name: 'app_launch',
+          extra: JSON.stringify({
+            clock_skew: 0,
+          }),
+        },
+      });
+      if (this.state.verbose) console.log('[Anti-Bot] Attribution Logged: OK');
+    } catch (e) {
+      if (this.state.verbose) console.warn('[Anti-Bot] Attribution Log Failed (Non-fatal):', e.message);
+    }
+    
+    if (this.state.verbose) console.log('[Anti-Bot] App Simulation Complete. Ready to Login.');
+  }
+
   /**
    * safeDestroy: a slightly more robust destroy which attempts to stop requests, etc.
    */

package/dist/core/request.js

@@ -13,11 +13,7 @@ class Request {
       baseURL: 'https://i.instagram.com/',
       timeout: 30000,
       headers: {
-        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
-        'Accept-Encoding': 'gzip, deflate',
-        'Connection': 'keep-alive',
-        'Accept': '*/*',
-        'Accept-Language': 'en-US'
+        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8'
       }
     });
   }
@@ -179,32 +175,31 @@ class Request {
     error.response = response;
     error.status = response.status;
     error.data = data;
-    // Anti-bot: Randomize delay on error to mimic human reaction time
     return error;
   }
 
   getDefaultHeaders() {
     return {
       'User-Agent': this.client.state.appUserAgent,
-      'X-Ads-Opt-Out': '0', // Always 0 for humans
-      'X-IG-App-Locale': 'en_US',
-      'X-IG-Device-Locale': 'en_US',
+      'X-Ads-Opt-Out': this.client.state.adsOptOut ? '1' : '0',
+      'X-IG-App-Locale': this.client.state.language,
+      'X-IG-Device-Locale': this.client.state.language,
       'X-Pigeon-Session-Id': this.client.state.pigeonSessionId,
       'X-Pigeon-Rawclienttime': (Date.now() / 1000).toFixed(3),
-      'X-IG-Connection-Speed': `${random(2000, 4000)}kbps`, // Faster 5G/WiFi speeds
+      'X-IG-Connection-Speed': `${random(1000, 3700)}kbps`,
       'X-IG-Bandwidth-Speed-KBPS': '-1.000',
       'X-IG-Bandwidth-TotalBytes-B': '0',
       'X-IG-Bandwidth-TotalTime-MS': '0',
       'X-IG-Extended-CDN-Thumbnail-Cache-Busting-Value': this.client.state.thumbnailCacheBustingValue.toString(),
       'X-Bloks-Version-Id': this.client.state.bloksVersionId,
       'X-IG-WWW-Claim': this.client.state.igWWWClaim || '0',
-      'X-Bloks-Is-Layout-RTL': 'false',
-      'X-IG-Connection-Type': 'WIFI', // Prefer WIFI for stability
-      'X-IG-Capabilities': '3brTv10=', // iOS capabilities
-      'X-IG-App-ID': '1217981644879628', // Official iOS App ID
+      'X-Bloks-Is-Layout-RTL': this.client.state.isLayoutRTL.toString(),
+      'X-IG-Connection-Type': this.client.state.connectionTypeHeader,
+      'X-IG-Capabilities': this.client.state.capabilitiesHeader,
+      'X-IG-App-ID': this.client.state.fbAnalyticsApplicationId,
       'X-IG-Device-ID': this.client.state.uuid,
       'X-IG-Android-ID': this.client.state.deviceId,
-      'Accept-Language': 'en-US',
+      'Accept-Language': this.client.state.language.replace('_', '-'),
       'X-FB-HTTP-Engine': 'Liger',
       'Authorization': this.client.state.authorization,
       'Host': 'i.instagram.com',

package/dist/core/state.js

@@ -34,12 +34,12 @@ class State {
     this.parsedAuthorization = undefined;
 
     // ===== PLATFORM SUPPORT (iOS + Android) =====
-    this.platform = 'ios'; // 'android' or 'ios'
+    this.platform = 'android'; // 'android' or 'ios'
     this.iosVersion = '18.1';
     this.iosAppVersion = '347.0.0.36.89';
     this.iosAppVersionCode = '618023787';
-    this.iosDeviceModel = 'iPhone17,1'; // iPhone 16 Pro Max
-    this.iosDeviceName = 'iPhone 16 Pro Max';
+    this.iosDeviceModel = 'iPhone16,2'; // iPhone 15 Pro Max
+    this.iosDeviceName = 'iPhone';
     this.iosBundleId = 'com.burbn.instagram';
 
     // cookie jar (tough-cookie)
@@ -101,8 +101,7 @@ class State {
   }
 
   get iosUserAgent() {
-    // iPhone 16 Pro Max Hardcoded User Agent for Maximum Stealth
-    return `Instagram 347.0.0.36.89 (iPhone17,1; iOS 18.1; en_US; en_US; scale=3.00; 1320x2868; 618023787) AppleWebKit/420+`;
+    return `Instagram ${this.iosAppVersion} (${this.iosDeviceModel}; iOS ${this.iosVersion}; ${this.language}; ${this.language}; scale=3.00; ${this.iosResolution}; ${this.iosAppVersionCode}) AppleWebKit/420+`;
   }
 
   get iosResolution() {

package/dist/mqttot/mqttot.client.js

@@ -23,36 +23,12 @@ class MQTToTClient extends mqtts_1.MqttClient {
                     host: options.url,
                     port: 443,
                     proxyOptions: options.socksOptions,
-                    additionalOptions: {
-                        ...options.additionalOptions,
-                        // Anti-Bot: Enforce TLS 1.3 with Unified Cipher Suites (iOS & Android 14/15)
-                        minVersion: 'TLSv1.3',
-                        maxVersion: 'TLSv1.3',
-                        ciphers: [
-                            'TLS_AES_128_GCM_SHA256',
-                            'TLS_AES_256_GCM_SHA384',
-                            'TLS_CHACHA20_POLY1305_SHA256'
-                        ].join(':'),
-                        sigalgs: 'ecdsa_secp256r1_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256:ecdsa_secp384r1_sha384:rsa_pss_rsae_sha384:rsa_pkcs1_sha384:rsa_pss_rsae_sha512:rsa_pkcs1_sha512',
-                        rejectUnauthorized: true,
-                    },
+                    additionalOptions: options.additionalOptions,
                 })
                 : new mqtts_1.TlsTransport({
                     host: options.url,
                     port: 443,
-                    additionalOptions: {
-                        ...options.additionalOptions,
-                        // Anti-Bot: Enforce TLS 1.3 with Unified Cipher Suites (iOS & Android 14/15)
-                        minVersion: 'TLSv1.3',
-                        maxVersion: 'TLSv1.3',
-                        ciphers: [
-                            'TLS_AES_128_GCM_SHA256',
-                            'TLS_AES_256_GCM_SHA384',
-                            'TLS_CHACHA20_POLY1305_SHA256'
-                        ].join(':'),
-                        sigalgs: 'ecdsa_secp256r1_sha256:rsa_pss_rsae_sha256:rsa_pkcs1_sha256:ecdsa_secp384r1_sha384:rsa_pss_rsae_sha384:rsa_pkcs1_sha384:rsa_pss_rsae_sha512:rsa_pkcs1_sha512',
-                        rejectUnauthorized: true,
-                    },
+                    additionalOptions: options.additionalOptions,
                 }),
         });
         this.mqttotDebug = (msg, ...args) => (0, shared_1.debugChannel)('mqttot')(`${options.url}: ${msg}`, ...args);
@@ -89,17 +65,12 @@ class MQTToTClient extends mqtts_1.MqttClient {
      * @param {MqttMessage} message
      * @returns {Promise<MqttMessageOutgoing>}
      */
-    mqttotPublish(message) {
+    async mqttotPublish(message) {
         this.mqttotDebug(`Publishing ${message.payload.byteLength}bytes to topic ${message.topic}`);
-        // Anti-bot: Jitter publishing timestamp slightly to mimic organic network latency
-        return new Promise(resolve => {
-            setTimeout(async () => {
-                resolve(await this.publish({
-                    topic: message.topic,
-                    payload: await (0, shared_1.compressDeflate)(message.payload),
-                    qosLevel: message.qosLevel,
-                }));
-            }, Math.random() * 50 + 10); // 10-60ms random jitter
+        return await this.publish({
+            topic: message.topic,
+            payload: await (0, shared_1.compressDeflate)(message.payload),
+            qosLevel: message.qosLevel,
         });
     }
     /**
@@ -129,7 +100,7 @@ function mqttotConnectFlow(payload, requirePayload) {
             type: mqtts_1.PacketType.Connect,
             options: {
                 payload,
-                keepAlive: 900, // Increased to 15 minutes (900s) to match mobile app behavior for battery saving
+                keepAlive: 60,
             },
         }),
         accept: mqtts_1.isConnAck,

package/dist/mqttot/mqttot.connection.js

@@ -7,6 +7,15 @@ class MQTToTConnection {
         this.fbnsConnectionData = connectionData;
     }
     toThrift() {
+        // ANTI-BOT: Ensure User-Agent is explicitly set to the Android string in MQTT connection
+        if (this.fbnsConnectionData.clientInfo) {
+           this.fbnsConnectionData.clientInfo.clientType = Buffer.from('com.instagram.android');
+           // Ensure it uses the same UA as the REST API for consistency
+           if (this.fbnsConnectionData.clientInfo.userAgent) {
+              // Ensure we are using the correct buffer format for Thrift
+              this.fbnsConnectionData.clientInfo.userAgent = Buffer.from(this.fbnsConnectionData.clientInfo.userAgent);
+           }
+        }
         return (0, thrift_1.thriftWriteFromObject)(this.fbnsConnectionData, MQTToTConnection.thriftConfig);
     }
     toString() {
@@ -47,14 +56,10 @@ MQTToTConnection.thriftConfig = [
         thrift_1.ThriftDescriptors.int64('anotherUnknown', 26),
     ]),
     thrift_1.ThriftDescriptors.binary('password', 5),
-    // polyfill - Anti-Bot Hardening (Order matters for mobile mimicry)
+    // polyfill
     thrift_1.ThriftDescriptors.int16('unknown', 5),
     thrift_1.ThriftDescriptors.listOfBinary('getDiffsRequests', 6),
     thrift_1.ThriftDescriptors.binary('zeroRatingTokenHash', 9),
     thrift_1.ThriftDescriptors.mapBinaryBinary('appSpecificInfo', 10),
-    // Field 11 is "chat_on" state for presence - often missing in bots
-    thrift_1.ThriftDescriptors.boolean('chatOn', 11),
-    // Field 12 is "fg_keepalive" - foreground keepalive flag
-    thrift_1.ThriftDescriptors.boolean('fgKeepAlive', 12),
 ];
 //# sourceMappingURL=mqttot.connection.js.map

package/dist/realtime/realtime.client.js

@@ -230,37 +230,31 @@ class RealtimeClient extends eventemitter3_1.EventEmitter {
             this.realtimeDebug(`SessionID generated (fallback): ${sessionid}`);
         }
         const password = `sessionid=${sessionid}`;
-        
-        // MQTT Client Info - Unified Mobile Profile (iOS & Android)
         this.connection = new mqttot_1.MQTToTConnection({
             clientIdentifier: deviceId.substring(0, 20),
             clientInfo: {
                 userId: BigInt(Number(this.ig.state.cookieUserId)),
                 userAgent,
-                clientCapabilities: this.ig.state.platform === 'ios' ? 195 : 183, // Platform-specific capabilities
+                clientCapabilities: 183,
                 endpointCapabilities: 0,
                 publishFormat: 1,
                 noAutomaticForeground: false,
                 makeUserAvailableInForeground: true,
                 deviceId,
                 isInitiallyForeground: true,
-                networkType: 1, // WIFI
+                networkType: 1,
                 networkSubtype: 0,
                 clientMqttSessionId: BigInt(Date.now()) & BigInt(0xffffffff),
-                subscribeTopics: this.ig.state.platform === 'ios' 
-                    ? [88, 135, 149, 150, 133, 146, 230, 231] 
-                    : [88, 135, 149, 150, 133, 146], // Android usually has fewer default subscriptions
+                subscribeTopics: [88, 135, 149, 150, 133, 146],
                 clientType: 'cookie_auth',
-                appId: this.ig.state.platform === 'ios' 
-                    ? BigInt(1217981644879628) 
-                    : BigInt(1217981644879628), // Same for both on mobile
+                appId: BigInt(567067343352427),
                 deviceSecret: '',
                 clientStack: 3,
                 ...(this.initOptions?.connectOverrides || {}),
             },
             password,
             appSpecificInfo: {
-                app_version: this.ig.state.platform === 'ios' ? '347.0.0.36.89' : this.ig.state.appVersion,
+                app_version: this.ig.state.appVersion,
                 'X-IG-Capabilities': this.ig.state.capabilitiesHeader,
                 everclear_subscriptions: JSON.stringify({
                     inapp_notification_subscribe_comment: '17899377895239777',
@@ -269,7 +263,7 @@ class RealtimeClient extends eventemitter3_1.EventEmitter {
                     presence_subscribe: '17846944882223835',
                 }),
                 'User-Agent': userAgent,
-                'Accept-Language': this.ig.state.language,
+                'Accept-Language': this.ig.state.language.replace('_', '-'),
             },
         });
     }

package/dist/repositories/account.repository.js

@@ -88,6 +88,25 @@ class AccountRepository extends Repository {
 
       // Handle common login errors
       const body = response.body;
+
+      // ANTI-BOT: Handle choice/checkpoint automatically if requested
+      if (body.two_factor_required || body.step_name === 'select_verify_method') {
+         // Some versions of the API return checkpoint info here
+         if (this.client.state.verbose) console.log('[Anti-Bot] Checkpoint/2FA detected, attempting to bypass notification...');
+         try {
+            await this.client.request.send({
+               url: '/api/v1/accounts/login_confirm/',
+               method: 'POST',
+               form: this.client.request.sign({
+                  _csrftoken: this.client.state.cookieCsrfToken,
+                  guid: this.client.state.uuid,
+                  device_id: this.client.state.deviceId,
+                  is_relogin: true,
+               }),
+            });
+         } catch (e) {}
+      }
+
       if (body.two_factor_required) {
         const err = new Error('Two factor authentication required');
         err.name = 'IgLoginTwoFactorRequiredError';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodejs-insta-private-api-mqtt",
-  "version": "1.1.6",
+  "version": "1.1.8",
   "description": "Complete Instagram MQTT protocol with FULL iOS + Android support. 33 device presets (21 iOS + 12 Android). iPhone 16/15/14/13/12, iPad Pro, Samsung, Pixel, Huawei. Real-time DM messaging, view-once media extraction, sub-500ms latency.",
   "main": "dist/index.js",
   "scripts": {