Dr. McKay

You can't get wear from steamcommunity.com, only from the GC.

Yes, cookies are invalidated when you logout. It's possible for a JWT to become invalid before its expiration date for that reason.

Either in the inventory property or your Steam inventory.

I think I've done this, but I guess I didn't add proper support for it to the steam-session package.

Yes, you could, and then things would fall over when Steam goes down and your client reconnects since you'd miss that second loggedOn event.

I mostly just look at the dumped protobufs and nethook to see what it's doing on the wire.

You need to setup an instance of the request module using request.defaults() with your proxy config, then pass that request instance to the SteamCommunity constructor, and finally pass that SteamCommunity instance to the TradeOfferManager constructor.

No, since loggedOn may be emitted multiple times in response to one logOn() call.

npm update

You'd pretty much need to know the owner's SteamID and fetch their inventory.

Set the enablePicsCache option to true in the constructor, then listen for the ownershipCached event and once it's emitted, you can call ownsApp to check if you own a license for an app.

No, you won't get classids from the GC at all. classids are only meaningful to the Steam Econ server, which is entirely separate from the GC.

I wasn't ever able to find a definition for that enum.

Correct, that data is no longer available anywhere as far as I'm aware.

No. You have to hit the GC (using the globaloffensive npm package or similar) to get details like that.

Look at the code for steam-user.

steam-session performs the login over an unauthenticated CM connection, but the refresh request now requires the CM connection to be authenticated (you previously sent CMsgClientLogon). Once you're logged on you can send the Authentication.GenerateAccessTokenForApp#1 unified message.

I believe in both of those cases you would need to use getUserDetails.

It means you need to have an established connection to a CM (the same servers the Steam client logs into) in order to refresh the token. You can use steam-user to do this if you want. What do you mean by "log in using the refresh token"?

If you're trading CS2 items, you'll need to enable the useAccessToken option in the TradeOfferManager constructor.

It wouldn't hurt to clusterize things, but either way things should generally work fine without need for much hardware.

Just request the trade URL once and then cache it somewhere? It doesn't change after the first time you fetch it.

It depends on what you're doing and how you're doing it. If you're using node-steamcommunity for all those accounts, you're going to hit rate limits unless you're performing actions infrequently. And if you're logging in that many accounts from one IP, that'll rate limit you as well.

Why would you need to hit the /tradeoffers/privacy endpoint ever?