Dr. McKay

https://github.com/DoctorMcKay/node-steamcommunity/releases/tag/v3.50.0

I'll get to it soon, hopefully tomorrow.

On 3/19/2026 at 10:42 AM, Alberto said:

Hello,

I'm using a local decoder + your solution introduced on 3.3, but there are items that don't have float/wear.
For example, this protobuff: 657596FDE081DC647DE66145654D6355660DE6E5E5E5691561C1D44731

Is this a steam limitation(not sending the float) or something wrong?
I noticed that this tends to happen on freshly acquired items(trade offers) after the 7-day hold

That embedded inspect link simply doesn't have a wear value in it.

If value_bytes is 4 bytes, it's either a 32-bit int or a float. stored_as_integer in items_game.txt will tell you whether to read it as an int or as a float. The vast majority of attributes are either ints or floats.

2013, 2014, and 2025 are all stored as floats, so you should use Buffer.readFloatLE to read them.

I published globaloffensive v3.3.0 last night, which makes inspectItem() work with the new masked inspect links.

Support for this new form of inspect link has been added to globaloffensive v3.3.0. While it's not actually required to connect to the GC to decode these, if you want to avoid making code changes (and support older styles of inspect links) then this will work as a drop-in upgrade.

You have to use the game client code somehow, whether that's injection or hooking or whatever. The GC only sends the raw data (paint seed, paint index, wear, etc) but the code to turn that into a model or image is only inside the game client.

Cursor is wrong. Passing the httpProxy option to LoginSession is unnecessary because the CMAuthTransport handles proxying already. All login communication happens through the same proxied TCP/WS connection as all other Steam client communication.

It's possible that the request is no longer supported by Steam.

740 is not the right AppID, use 730.

The /inventory endpoint is newer and provides more up-to-date data. But the trade offer UI does still use this endpoint, so you should be safe to use it even if it's marked as deprecated.

1. There's no reason to think you'd be banned for using this endpoint.
2. It's already there: TradeOffer#loadPartnerInventory

Not currently possible but it's on my list of things to do

It's available under artifacts on SteamKit's GitHub Actions (you need to login to GitHub to download): https://github.com/SteamRE/SteamKit/actions

No, you'll need to login twice.

Yes, use getAppBetaDecryptionKeys.

I don't know why you'd get DuplicateRequest when logging in if you're doing everything correctly. Maybe the code was already used?

You're getting DuplicateRequest in the login callback?

Basically just do exactly what the login-with-password example shows, and once you have webCookies then you can call community.setCookies(webCookies)

In admin command prompt: rundll32.exe NetHook2.dll,Inject

Show your code please.

Either event should be fine to determine if using a backpack expander succeeded, although personally I'd probably use itemRemoved.

Not really. The best you could do is check whether either party is not tradable.

Trade bans can be checked with the GetPlayerBans WebAPI method.

Escrow can be checked with the GetTradeHoldDurations WebAPI method.

getUserDetails() works by loading the tradeoffer page (using the user's trade link) and scraping the results from the HTML.

Yeah, no reason that shouldn't work.