npm - xnotif - Versions diffs - 0.2.0-beta.1 → 0.2.1 - Mend

xnotif 0.2.0-beta.1 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -2,6 +2,7 @@
 [![npm](https://img.shields.io/npm/v/xnotif)](https://www.npmjs.com/package/xnotif)
 [![CI](https://github.com/yutakobayashidev/xnotif/actions/workflows/ci.yml/badge.svg)](https://github.com/yutakobayashidev/xnotif/actions/workflows/ci.yml)
+[![DeepWiki](https://img.shields.io/badge/DeepWiki-yutakobayashidev%2Fxnotif-blue.svg?logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACwAAAAyCAYAAAAnWDnqAAAAAXNSR0IArs4c6QAAA05JREFUaEPtmUtyEzEQhtWTQyQLHNak2AB7ZnyXZMEjXMGeK/AIi+QuHrMnbChYY7MIh8g01fJoopFb0uhhEqqcbWTp06/uv1saEDv4O3n3dV60RfP947Mm9/SQc0ICFQgzfc4CYZoTPAswgSJCCUJUnAAoRHOAUOcATwbmVLWdGoH//PB8mnKqScAhsD0kYP3j/Yt5LPQe2KvcXmGvRHcDnpxfL2zOYJ1mFwrryWTz0advv1Ut4CJgf5uhDuDj5eUcAUoahrdY/56ebRWeraTjMt/00Sh3UDtjgHtQNHwcRGOC98BJEAEymycmYcWwOprTgcB6VZ5JK5TAJ+fXGLBm3FDAmn6oPPjR4rKCAoJCal2eAiQp2x0vxTPB3ALO2CRkwmDy5WohzBDwSEFKRwPbknEggCPB/imwrycgxX2NzoMCHhPkDwqYMr9tRcP5qNrMZHkVnOjRMWwLCcr8ohBVb1OMjxLwGCvjTikrsBOiA6fNyCrm8V1rP93iVPpwaE+gO0SsWmPiXB+jikdf6SizrT5qKasx5j8ABbHpFTx+vFXp9EnYQmLx02h1QTTrl6eDqxLnGjporxl3NL3agEvXdT0WmEost648sQOYAeJS9Q7bfUVoMGnjo4AZdUMQku50McDcMWcBPvr0SzbTAFDfvJqwLzgxwATnCgnp4wDl6Aa+Ax283gghmj+vj7feE2KBBRMW3FzOpLOADl0Isb5587h/U4gGvkt5v60Z1VLG8BhYjbzRwyQZemwAd6cCR5/XFWLYZRIMpX39AR0tjaGGiGzLVyhse5C9RKC6ai42ppWPKiBagOvaYk8lO7DajerabOZP46Lby5wKjw1HCRx7p9sVMOWGzb/vA1hwiWc6jm3MvQDTogQkiqIhJV0nBQBTU+3okKCFDy9WwferkHjtxib7t3xIUQtHxnIwtx4mpg26/HfwVNVDb4oI9RHmx5WGelRVlrtiw43zboCLaxv46AZeB3IlTkwouebTr1y2NjSpHz68WNFjHvupy3q8TFn3Hos2IAk4Ju5dCo8B3wP7VPr/FGaKiG+T+v+TQqIrOqMTL1VdWV1DdmcbO8KXBz6esmYWYKPwDL5b5FA1a0hwapHiom0r/cKaoqr+27/XcrS5UwSMbQAAAABJRU5ErkJggg==)](https://deepwiki.com/yutakobayashidev/xnotif)
 Receive Twitter/X notifications in real-time. No API key, no scraping — just Web Push.
@@ -27,6 +28,13 @@ npm install xnotif
 > Requires Node.js >= 22.0.0
+## Why xnotif
+- **Cookie exposure can be minimized** - Cookies are mainly used for one registration call to `POST /1.1/notifications/settings/login.json`. After registration, notifications are received through Mozilla Autopush WebSocket, so you are not continuously calling internal Twitter endpoints with cookies.
+- **Lower ban-risk profile than polling/scraping** - xnotif avoids headless-browser automation and high-frequency private API polling. The runtime traffic pattern is mostly one registration plus push-stream consumption.
+- **Avoid unnecessary re-registration** - If you persist `ClientState` from the `connected` event, restart with `state`, and the endpoint is unchanged, xnotif skips the registration call.
+- **Simple operations** - No API key provisioning, no webhook server, and no request-signing stack. A single Node.js process can receive and process notifications.
 ## Notification Payload
 Each `notification` event delivers a `TwitterNotification` object:
@@ -88,10 +96,24 @@ await client.start();
 ### `createClient(options)`
-| Option    | Type                                  | Required | Description            |
-| --------- | ------------------------------------- | -------- | ---------------------- |
-| `cookies` | `{ auth_token: string; ct0: string }` | Yes      | Session cookies        |
-| `state`   | `ClientState`                         | No       | Restore previous state |
+| Option    | Type                                             | Required | Description                       |
+| --------- | ------------------------------------------------ | -------- | --------------------------------- |
+| `cookies` | `{ auth_token: string; ct0: string }`            | Yes      | Session cookies                   |
+| `state`   | `ClientState`                                    | No       | Restore previous state            |
+| `filter`  | `(notification: TwitterNotification) => boolean` | No       | Predicate to filter notifications |
+#### Filtering Notifications
+Pass a `filter` function to receive only the notifications you care about:
+```typescript
+const client = createClient({
+  cookies: { auth_token: "...", ct0: "..." },
+  filter: (n) => n.data?.type === "tweet",
+});
+```
+The predicate receives the decrypted `TwitterNotification` object. Return `true` to emit the notification, `false` to discard it silently. If the filter throws an exception, the notification is discarded and an `error` event is emitted.
 ### Events

package/dist/index.d.mts CHANGED Viewed

@@ -48,6 +48,7 @@ interface NotificationClientOptions {
     [key: string]: string;
   };
   state?: ClientState;
+  filter?: (notification: TwitterNotification) => boolean;
 }
 //#endregion
 //#region src/client.d.ts

package/dist/index.mjs CHANGED Viewed

@@ -1,6 +1,4 @@
 import { EventEmitter } from "events";
-import { TwitterOpenApi } from "twitter-openapi-typescript";
-import { BaseAPI } from "twitter-openapi-typescript-generated";
 //#region src/utils.ts
 function base64urlToBuffer(b64url) {
@@ -274,70 +272,83 @@ var AutopushClient = class {
 //#endregion
 //#region src/twitter.ts
-const API_HEADER_NAMES = [
-	"Accept",
-	"x-twitter-client-language",
-	"Priority",
-	"Referer",
-	"Sec-Fetch-Dest",
-	"Sec-Ch-Ua-Platform",
-	"Sec-Fetch-Mode",
-	"x-csrf-token",
-	"x-client-uuid",
-	"x-guest-token",
-	"Sec-Ch-Ua",
-	"x-twitter-active-user",
-	"user-agent",
-	"Accept-Language",
-	"Sec-Fetch-Site",
-	"x-twitter-auth-type",
-	"Sec-Ch-Ua-Mobile",
-	"Accept-Encoding"
-];
-var NotificationApi = class extends BaseAPI {
-	constructor(config) {
-		super(config);
-	}
-	async post(path, body, initOverride) {
-		const headers = {};
-		const apiKey = this.configuration.apiKey;
-		if (apiKey) for (const name of API_HEADER_NAMES) {
-			const value = await apiKey(name);
-			if (value) headers[name] = value;
-		}
-		const accessToken = this.configuration.accessToken;
-		if (accessToken) headers["Authorization"] = `Bearer ${await accessToken()}`;
-		headers["Content-Type"] = "application/json";
-		return this.request({
-			path,
-			method: "POST",
-			headers,
-			body
-		}, initOverride);
-	}
-};
-async function createClient$1(cookies) {
-	return new TwitterOpenApi().getClientFromCookies(cookies);
+const BEARER_TOKEN = "AAAAAAAAAAAAAAAAAAAAANRILgAAAAAAnNwIzUejRCOuH5E6I8xnZz4puTs%3D1Zv7ttfk8LF81IUq16cHjhLTvJu4FA33AGWWjCpTnA";
+const HEADER_URL = "https://raw.githubusercontent.com/fa0311/latest-user-agent/refs/heads/main/header.json";
+const PAIR_URL = "https://raw.githubusercontent.com/fa0311/x-client-transaction-pair-dict/refs/heads/main/pair.json";
+async function generateTransactionId(method, path, key, animationKey) {
+	const DEFAULT_KEYWORD = "obfiowerehiring";
+	const ADDITIONAL_RANDOM_NUMBER = 3;
+	const timeNow = Math.floor((Date.now() - 1682924400 * 1e3) / 1e3);
+	const timeNowBytes = [
+		timeNow & 255,
+		timeNow >> 8 & 255,
+		timeNow >> 16 & 255,
+		timeNow >> 24 & 255
+	];
+	const data = `${method}!${path}!${timeNow}${DEFAULT_KEYWORD}${animationKey}`;
+	const hashBuffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(data));
+	const hashBytes = Array.from(new Uint8Array(hashBuffer));
+	const keyBytes = Array.from(Buffer.from(key, "base64"));
+	const randomNum = Math.floor(Math.random() * 256);
+	const bytesArr = [
+		...keyBytes,
+		...timeNowBytes,
+		...hashBytes.slice(0, 16),
+		ADDITIONAL_RANDOM_NUMBER
+	];
+	const out = new Uint8Array([randomNum, ...bytesArr.map((b) => b ^ randomNum)]);
+	return Buffer.from(out).toString("base64").replace(/=/g, "");
 }
-function makeInitOverride(client, path) {
-	return client.initOverrides({
-		"@method": "POST",
-		"@path": path
-	});
+function encodeCookies(cookies) {
+	return Object.entries(cookies).map(([k, v]) => `${k}=${v}`).join("; ");
+}
+async function createClient$1(cookies) {
+	const [headerJson, pairs] = await Promise.all([fetch(HEADER_URL).then((r) => r.json()), fetch(PAIR_URL).then((r) => r.json())]);
+	const ignore = new Set(["host", "connection"]);
+	const headers = {
+		...Object.fromEntries(Object.entries(headerJson["chrome-fetch"]).filter(([k]) => !ignore.has(k))),
+		"accept-encoding": "identity",
+		pragma: "no-cache",
+		referer: "https://x.com",
+		priority: "u=1, i",
+		"x-twitter-client-language": "en",
+		"x-twitter-active-user": "yes",
+		authorization: `Bearer ${BEARER_TOKEN}`
+	};
+	if (cookies["ct0"]) {
+		headers["x-twitter-auth-type"] = "OAuth2Session";
+		headers["x-csrf-token"] = cookies["ct0"];
+	}
+	if (cookies["gt"]) headers["x-guest-token"] = cookies["gt"];
+	return {
+		headers,
+		cookies,
+		pairs
+	};
 }
 async function registerPush(client, subscription) {
-	const api = new NotificationApi(client.config);
 	const path = "/1.1/notifications/settings/login.json";
-	const res = await api.post(path, { push_device_info: {
-		os_version: "Web/Chrome",
-		udid: "Web/Chrome",
-		env: 3,
-		locale: "en",
-		protocol_version: 1,
-		token: subscription.endpoint,
-		encryption_key1: subscription.p256dh,
-		encryption_key2: subscription.auth
-	} }, makeInitOverride(client, path));
+	const pair = client.pairs[Math.floor(Math.random() * client.pairs.length)];
+	const tid = await generateTransactionId("POST", path, pair.verification, pair.animationKey);
+	const res = await fetch(`https://x.com/i/api${path}`, {
+		method: "POST",
+		headers: {
+			...client.headers,
+			cookie: encodeCookies(client.cookies),
+			"content-type": "application/json",
+			"x-client-transaction-id": tid
+		},
+		body: JSON.stringify({ push_device_info: {
+			os_version: "Web/Chrome",
+			udid: "Web/Chrome",
+			env: 3,
+			locale: "en",
+			protocol_version: 1,
+			token: subscription.endpoint,
+			encryption_key1: subscription.p256dh,
+			encryption_key2: subscription.auth
+		} })
+	});
 	if (!res.ok) {
 		const text = await res.text();
 		throw new Error(`login.json failed (${res.status}): ${text}`);
@@ -385,6 +396,12 @@ var NotificationClient = class extends EventEmitter {
 						const payload = base64urlToBuffer(msg.data);
 						const json = await decryptor.decrypt(msg.headers.crypto_key, msg.headers.encryption, payload);
 						const notification = JSON.parse(json);
+						if (this.options.filter) try {
+							if (!this.options.filter(notification)) return;
+						} catch (filterErr) {
+							this.emit("error", filterErr instanceof Error ? filterErr : new Error(String(filterErr)));
+							return;
+						}
 						this.emit("notification", notification);
 					} catch (err) {
 						this.emit("error", err instanceof Error ? err : new Error(String(err)));

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "xnotif",
-  "version": "0.2.0-beta.1",
+  "version": "0.2.1",
   "description": "Receive Twitter/X push notifications programmatically via Mozilla Autopush",
   "keywords": [
     "autopush",
@@ -30,10 +30,7 @@
       "import": "./dist/index.mjs"
     }
   },
-  "dependencies": {
-    "twitter-openapi-typescript": "^0.0.55",
-    "twitter-openapi-typescript-generated": "^0.0.38"
-  },
+  "dependencies": {},
   "devDependencies": {
     "@types/node": "^22.0.0",
     "@vitest/coverage-v8": "^4.0.18",