Dr. McKay

They last somewhere around 200 days. It's a JWT; you can decode it and check the exp property to see when it expires.

Pretty much. You can also use node-steam-user to get notifications when your count of pending trade offers changes, which you can use to trigger a poll. steam-tradeoffer-manager works this way.

No, this isn't designed for that use-case.

Electron is a browser. steam-user is not verified to work in node-enabled Electron windows, only in the main process.

steam-user does not work in the browser.

No, nothing will work in the browser. Same-origin policy will block you. Although, in theory you could perform a CM login in the browser since that's all websocket based.

What version of steam-store?

steam-user does not work in the browser.

No such method exists.

steam-user is a Node.js module, not a bun module.

This should work. What is the value of token that you're actually receiving?

ISteamEconomy/GetAssetClassInfo includes owner_descriptions, which will tell you when an item becomes tradable.

This is great news, I'm glad Valve is no longer locking a security feature behind a phone number. It appears that steam-user and steamcommunity both just work without a phone number. When you'd normally receive a code via SMS, you get the code sent to your email instead.

No, this isn't currently possible.

Probably not. Historically, logging into the client after verifying your email is what auto-enabled Steam Guard and there's no way around that.

classid and instanceid are not foolproof ways to match item instances. I'm not aware of any way to match an item from the market to an item in your inventory.

I refactored the WebAPI client to use a different HttpClient so that I could add a timeout to it, but then forgot why I refactored it in the first place. 5.0.4 adds the timeout, which should fix the issue. Sharing the CM list across multiple instances wouldn't be a bad idea, but it's not something I've got time for right now.

5.0.3 should fix this for you.

I believe I found the bug. Run npm update again and make sure that you end up with steam-session 1.7.1 or later. On Linux, you can do npm ls -a | grep steam-session to check your steam-session version.

There's still a rate limit. You won't be banned, but your IP will be throttled if you request inventories too quickly.

5.0.2 is up. I don't really expect it to change things, but it might. I did double-check and steam-user is still doing exactly the same thing the client is for getting a web session.

I've had a number of people report similar things, I'll look into it when I can. I don't have any special insight into how the Steam backend works beyond what traffic gets exchanged with the official Steam client.

Yes.

If you use a refresh token, then you don't need to provide a new 2FA code. This is what the Steam client does when you check the "remember my password" box.

What version of steam-user?