Dr. McKay

At some point.

IDEs have trouble figuring out the project structure sometimes. Just use the method, it'll work (assuming that you meant 3.45.2 and not 3.5.2, which came out in 2015). Eventually I'll port this to typescript and the problem will be solved.

https://github.com/DoctorMcKay/node-steam-session#steamguardmachinetoken-1

Exactly what is happening? This is expected behavior. You aren't intended to access the internal steamcommunity instance. If you need one, create one yourself. Auto confirmations has never been a feature, unless you're talking about the automatic confirmation checker, which has been deprecated and unsupported for something like 5 years.

It's possible that Steam isn't issuing sentry files anymore since they aren't really needed anymore. I'd have to confirm.

I assume you're talking about Firefox's container tabs or some such feature in another browser. I'm not aware of any way to work nicely with that; cross-origin userscript requests originate from the userscript manager's background page, which doesn't run in any tab context. Sorry.

var TradeOfferManager = require('../lib/index.js'); // use require('steam-tradeoffer-manager') in production Do what the comment tells you. This line should be: var TradeOfferManager = require('steam-tradeoffer-manager');

Show your code and stack trace.

Understood, are you on the latest version of steamcommunity?

Are you on the latest version of steamcommunity?

No, lots of people do that.

You can only connect to a GC under a user account that owns the game. Anonymous accounts do not own CS:GO.

Yes, use steamcommunity's acceptConfirmationForObject method.

TradeOfferManager won't do anything until you call setCookies on it, which will fail if your account is limited.

Yes. It's a universal feature of node's EventEmitter that the app will crash if an "error" event is not handled. https://nodejs.org/api/events.html#error-events

If you're getting back no error but empty package ids and app ids, then that's what Steam itself is responding with.

I don't know offhand. Yep.

It's used like this offer.getUserDetails((err, me, them) => { console.log(`My escrow: ${me.escrowDays}; Their escrow: ${them.escrowDays}`); });

That new setMobileAppAccessToken method is only used for 2FA right now, since access tokens are required to enable/disable 2FA. To login via steam-session, you need to call steam-session's getWebCookies method, then provide those cookies to SteamCommunity using setCookies.

I've not been made aware of any vulnerabilities, and if I had they'd already be fixed in published versions. I think it's unlikely to be a module vulnerability and rather a vulnerability in their own code. We'd have heard of hacks of other sites if so.

Dunno, I've not seen that logon response before. Show your code, please.

Probably not, Steam has changed how the mobile app logs in and oauth stuff isn't a thing anymore. What do you need to use it for?

https://github.com/DoctorMcKay/node-steam-tradeoffer-manager/wiki/TradeOffer#getuserdetailscallback

https://github.com/DoctorMcKay/node-steam-user/wiki/SteamChatRoomClient#friendmessage client.chat.on('friendMessage', (msg) => { console.log(`${msg.steamid_friend} says: ${msg.message}`); });