All Activity

I think this function is broken or i do something wrong. Anyway, it worked well for months, but stopped working a week ago

Yes, I think Valve bans accounts if the MobileApp login differs from this MobileDeviceProperties data. It may be necessary to update the code every time and set up-to-date phone data so that there are no bans. I don't know how this is possible at all, even if my IP address is the same as on all devices where I have ever logged into my account. It looks like complete idiocy. interface ConstructorOptions { // ... mobileDeviceProperties?: MobileDeviceProperties } interface MobileDeviceProperties { mobileUserAgent?: string, // default 'okhttp/3.12.12' mobileClientVersion?: string, // default '777777 3.0.0' deviceFriendlyName?: string, // default 'Galaxy S22' osType?: number, // default EOSType.AndroidUnknown gamingDeviceType?: number, // default 528 (unknown significance) }

Hi there, Created an account and replying to say I'm also experiencing this. Starting Sunday, I logged in using a QR code that I scanned with the Steam Authenticator app. I was then flagged for "compromised account". I went through their flow to reset my password and figured all was good so I logged in again with QR code. Flagged again. This time they did a big reset and I even had to remove and re-attach my Steam Authenticator. I tried one more time and my account got flagged and that's where I'm stuck right now. It's a big pain because it prevents me from joining friends. tl;dr: something does seem broken when using QR codes to log in @vindisel I found in the github why your EAuthTokenPlatformType.MobileApp shows up as [Samsung] Galaxy S22: https://github.com/DoctorMcKay/node-steam-session/blob/a4300c954c7dc0e4b15c6ff033e4484c70837a0f/src/AuthenticationClient.ts#L417 Basically anybody using .MobileApp as their type gets considered to be an S22. My original login method was also using .MobileApp. I'm currently trying to change .MobileApp to .WebBrowser to see if that does anything, because since I'm running my code on a server it's not actually a MobileApp. Maybe Valve is cracking down on "wow there's a lot of people doing bot things from S22s"? I'm also going to provide a userAgent from my current browser, in case that helps avoid this automatic flagging.

I also get an account ban after logging in using a QR code, but I don't even use tokens after receiving them, neither in node-steamcommunity nor in node-steam-user. Have you found a solution to the problem?

I have seen in other topics that someone gets such bans for monitoring exchanges on phishing accounts. This I DO NOT USE THIS ACCOUNT ANYWHERE, NEITHER IN node-steamcommunity, nor in node-steam-user, THIS IS MY PERSONAL ACCOUNT, I ONLY RECEIVE TOKENS, NOTHING ELSE. I use this example to authorize my account using a QR code and after a couple of hours I get banned with a notification that someone else is using my account, while I don't use any proxy in the code or VPN on my computer. This is not a coincidence, because this has already happened 3 times. In the notification, steam sends me that a suspicious login was made from MY IP address where I have the authenticator linked.🤣🤣 But in the devices I get the Galaxy S22, maybe that's the problem? I'm scanning the code from the iPhone, maybe Steam finds it suspicious? Maybe I should stop using QR input, I don't know.… But anyway, I think it's worth writing some kind of warning in the documentation about a possible account ban at the QR login. main(); async function main() { // Create our LoginSession and start a QR login session. let session = new LoginSession(EAuthTokenPlatformType.MobileApp); session.loginTimeout = 120000; // timeout after 2 minutes let startResult = await session.startWithQR(); let qrUrl = 'https://api.qrserver.com/v1/create-qr-code/?size=200x200&data=' + encodeURIComponent(startResult.qrChallengeUrl); console.log(`Open QR code: ${qrUrl}`); session.on('remoteInteraction', () => { console.log('Looks like you\'ve scanned the code! Now just approve the login.'); }); // No need to handle steamGuardMachineToken since it's only applicable to accounts using email Steam Guard, // and such accounts can't be authed using a QR code. session.on('authenticated', async () => { console.log('\nAuthenticated successfully! Printing your tokens now...'); console.log(`SteamID: ${session.steamID}`); console.log(`Account name: ${session.accountName}`); console.log(`Access token: ${session.accessToken}`); console.log(`Refresh token: ${session.refreshToken}`); // We can also get web cookies now that we've negotiated a session let webCookies = await session.getWebCookies(); console.log('Web session cookies:'); console.log(webCookies); }); session.on('timeout', () => { console.log('This login attempt has timed out.'); }); session.on('error', (err) => { // This should ordinarily not happen. This only happens in case there's some kind of unexpected error while // polling, e.g. the network connection goes down or Steam chokes on something. console.log(`ERROR: This login attempt has failed! ${err.message}`); }); }

Hello, I have successfully gotten a item store prices but the format is weird. Any clue how to make it make sense? EDIT: I saw there was another thread about this and found the answer 🙂

Hey, wassup, have a quick question, please. I'am trying to parse out item information from an inspect link, for my project. Parsing out normal links isn't an issue at all. The issue comes when I want to parse out custom generated, masked inspect links, just like this one steam://rungame/730/76561202255233023/+csgo_econ_action_preview%2000180920D8022806300438FF8AE9D90340E30213DDF8BB Since there are no S A D M params, it can't be processed via the inspectItem function. I did some digging and it seams like these links are made using this code base https://github.com/Helyux/cs2inspect Where it gets the base item information, which is then coded into the link using hex parsing and protobuf (I think). Since this kind of link still works and opens up the game client, I was wondering, if the item information can still be gathered? If so, how? Thanks in advance for a reply ❤️

unfortunately it's not working for me, not at all... I even created a test but it returns error 429... I've tried with other IDs thinking that my inventory was blocked... can you tell me any alternative for this? PS C:\Users\Usuario> # --- Início do Script de Teste de Inventário --- >> >> # 1. Definição das variáveis >> $steamId = "76561198355549311" >> $appId = 730 # CS2 >> $contextId = 2 # Itens Padrão >> >> # A Chave de API NÃO é necessária para esta chamada. >> >> # 2. Construção da URL do endpoint público >> # Usamos l=english para nomes em ingles e count=1000 para tentar pegar tudo >> $apiUrl = "https://steamcommunity.com/inventory/$($steamId)/$($appId)/$($contextId)?l=english&count=1000" >> >> # 3. Execução do Teste >> Write-Host "----------------------------------------------------" >> Write-Host "Iniciando teste de busca de inventário..." >> Write-Host "URL Alvo: $($apiUrl)" >> Write-Host "----------------------------------------------------`n" >> >> try { >> # Invoke-RestMethod faz a chamada e já converte a resposta JSON >> $response = Invoke-RestMethod -Uri $apiUrl -Method Get >> >> # 4. Análise e Exibição do Resultado >> if ($null -ne $response.assets) { >> Write-Host "✅ Sucesso! Inventário encontrado com $($response.total_inventory_count) itens." -ForegroundColor Green >> Write-Host "Exibindo os primeiros 5 itens:`n" >> >> # Limita a exibição para os primeiros 5 itens >> $itensParaExibir = $response.assets | Select-Object -First 5 >> >> # Para cada item, encontramos sua descrição correspondente >> foreach ($item in $itensParaExibir) { >> # A descrição é encontrada comparando classid e instanceid >> $descricao = $response.descriptions | Where-Object { $.classid -eq $item.classid -and $.instanceid -eq $item.instanceid } >> >> if ($null -ne $descricao) { >> Write-Host " ➡ Item: $($descricao.market_hash_name)" >> Write-Host " - AssetID: $($item.assetid)" >> Write-Host " - Trocável? $($descricao.tradable)" >> Write-Host "" # Linha em branco para separar >> } >> } >> >> } else { >> Write-Host "⚠ Atenção: A requisição foi bem-sucedida, mas o inventário parece estar vazio ou em um formato inesperado." -ForegroundColor Yellow >> } >> >> } catch { >> # Captura erros, sendo o mais comum o inventário ser privado (que retorna um erro 403 Forbidden) >> Write-Host "❌ Erro! Não foi possível buscar o inventário." -ForegroundColor Red >> Write-Host " ➡ Causa Provável: O inventário deste usuário está configurado como 'Privado' ou 'Apenas Amigos'." >> Write-Host " Detalhes do Erro: $($_.Exception.Message)" >> } >> >> Write-Host "`n--- Fim do Teste ---" >> >> # --- Fim do Script de Teste --- ---------------------------------------------------- Iniciando teste de busca de inventário... URL Alvo: https://steamcommunity.com/inventory/76561198355549311/730/2?l=english&count=1000 ---------------------------------------------------- ❌ Erro! Não foi possível buscar o inventário. ➡ Causa Provável: O inventário deste usuário está configurado como 'Privado' ou 'Apenas Amigos'. Detalhes do Erro: O servidor remoto retornou um erro: (429) Too Many Requests. --- Fim do Teste --- I redid the test and it worked! I don't understand. The first query gave 429, now it stopped for a while... I think it's a bug in Steam Brazil. Sorry for the wasted time.

@Dr. McKay change the count param to 1000 please steam is responding 400 on 5000 self.httpRequest({ "uri": "https://steamcommunity.com/inventory/" + userID.getSteamID64() + "/" + appID + "/" + contextID, "headers": { "Referer": "https://steamcommunity.com/profiles/" + userID.getSteamID64() + "/inventory" }, "qs": { "l": language, // Default language "count": 1000, // Max items per 'page' "start_assetid": start }, "json": true },

Yesterday afternoon I was working on my project and everything was fine. Then I went to work, and when I came back, an error message was showing too many requests (429). I ignored it because I thought there was a problem with my internet. The Steam inventory and market data were not connecting to the wifi. Any suggestions for changes to have the user's inventory data? Any alternatives? I await your answers. Dr. Mackay, I'm a fan <3 Erro ao buscar inventário para 76561198103637245: Error: HTTP error 429 at SteamCommunity._checkHttpError (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\steamcommunity\components\http.js:120:9) at Request._callback (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\steamcommunity\components\http.js:62:61) at self.callback (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:185:22) at Request.emit (node:events:518:28) at Request.<anonymous> (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:1154:10) at Request.emit (node:events:518:28) at Gunzip.<anonymous> (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:1076:12) at Object.onceWrapper (node:events:632:28) at Gunzip.emit (node:events:518:28) at endReadableNT (node:internal/streams/readable:1698:12) { code: 429 } Erro ao buscar inventário para 76561198103637245: Error: HTTP error 429 at SteamCommunity._checkHttpError (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\steamcommunity\components\http.js:120:9) at Request._callback (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\steamcommunity\components\http.js:62:61) at self.callback (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:185:22) at Request.emit (node:events:518:28) at Request.<anonymous> (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:1154:10) at Request.emit (node:events:518:28) at Gunzip.<anonymous> (C:\Users\jack-\OneDrive\Área de Trabalho\Agora vai dar certo\CSRifas\backend\node_modules\request\request.js:1076:12) at Object.onceWrapper (node:events:632:28) at Gunzip.emit (node:events:518:28) at endReadableNT (node:internal/streams/readable:1698:12) { code: 429 }

You'd pretty much need to know the owner's SteamID and fetch their inventory.

Fixed corrupted Steam data possibly overwriting inventory item assetids Full Changelog: v3.48.7...v3.48.8 View on GitHub

Fixed error 400 when requesting inventories via getUserInventoryContents (by @metzz1 in #354) Full Changelog: v3.48.6...v3.48.7 View on GitHub

function decompressValveLZMA(buffer) { if (buffer.length < 13) { throw new Error("Buffer too short to be Valve LZMA"); } const magic = buffer.readUInt32BE(0); // 'LZMA' magic if (magic !== 0x4C5A4D41) { throw new Error("Not a Valve LZMA container (magic mismatch)"); } const uncompressedLength = buffer.readUInt32LE(4); const compressedLength = buffer.readUInt32LE(8); const expectedTotal = 12 + 5 + compressedLength; if (buffer.length < expectedTotal) { throw new Error(`Buffer too short: expected ${expectedTotal}, have ${buffer.length}`); } const props = buffer.slice(12, 17); // 5 байт props const lzmaData = buffer.slice(17, 17 + compressedLength); return new Promise((resolve, reject) => { const lzma = new LZMA(); // Собираем заголовок LZMA: props (5) + uncompressed size (8 байт LE) const lzmaHeader = Buffer.alloc(13); props.copy(lzmaHeader, 0); lzmaHeader.writeBigUInt64LE(BigInt(uncompressedLength), 5); const fullLzmaStream = Buffer.concat([lzmaHeader, lzmaData]); lzma.decompress(fullLzmaStream, (result, error) => { if (error) { reject(error); } else { resolve(result); } }); }); } var BinaryKVParser = require('binarykvparser'); handlers[Language.StoreGetUserDataResponse] = async (body) => { let proto = decodeProto(Protos.CMsgStoreGetUserDataResponse, body); const result = await decompressValveLZMA(proto.price_sheet); const parsed = BinaryKVParser.parse(result); } I hope it will save time for someone

Hello to everyone, thanks in advance for your time. My question - Is it possible to get InstanceID using AssetID?

Hi, has anyone found a way to get new asset IDs after a listing is removed?

Thank you very much for the info! That actually helped a lot and works perfectly!

Fixed another issue where corrupt Steam data may overwrite item ID properties Full Changelog: v2.12.0...v2.12.1 View on GitHub

Fixed issue where errors thrown by webSession event handlers may get swallowed Full Changelog: v5.2.2...v5.2.3 View on GitHub

useAccessToken option is now true by default Fixed issue where corrupted Steam data may result in items being reported as id 0 Added sanity check when adding items to offers to ensure that the provided id is not 0 (#364) Full Changelog: v2.11.7...v2.12.0 View on GitHub

Set the enablePicsCache option to true in the constructor, then listen for the ownershipCached event and once it's emitted, you can call ownsApp to check if you own a license for an app.

Same problem for the last 2 days. I see there is already a pull request with a possible solution to the problem. It would be great to have a solution in the package soon, so that there would be no need to fork and merge the next updates. https://github.com/DoctorMcKay/node-steam-tradeoffer-manager/pull/365

I would like to always launch a specific free game on all of my accounts via `steam-user`, but unfortunately, I can't find a way to determine which account already owns the game and which doesn't. The issue lies with the package IDs — since each game can have multiple package IDs, the only option I’ve found so far is to request a new license for the free game every time via the `steam-user`, just to make sure that the app ID is really in the library. However, this results in the same package ID being added multiple times to my licenses because I request it again each time. Is there any other way to reliably check whether a package ID for a specific app ID is already owned, so I can launch the game without requesting the license again?

Got the exact same issue, is there any other way to track the item?