Dr. McKay

You can tell Steam that you're playing a game from steam-user, and make your account thus appear in-game to friends, but you can't actually launch the game client for real and get Steam connectivity features.

No, that's not possible.

I don't really think you can. You'd have to just see what's new in your inventory.

You can use this script: https://github.com/DoctorMcKay/node-steamcommunity/blob/master/examples/enable_twofactor.js

You can send a trade offer without a token only by being friends with the account in question. You can't add someone as a friend via the WebAPI like that.

Yes, it's possible. You should probably seek help at stackoverflow.com; I'm not here to teach you JavaScript.

You can use node-steamcommunity for that: https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#editprofilesettings-callback

You're correct. I'll update that now.

I'm confused; are you planning to receive account credentials from the remote client that's invoking your HTTP endpoints? If not, then there's no point in having a /verifycode route; you should just handle the steamGuard event automatically.

Correct, tradeRequest is for real-time trade requests, which you actually can't send through the Steam client anymore (although I think you might be able to through CS:GO, not sure). Use steam-tradeoffer-manager to handle trade offers. Here's an example.

The protobufs can be gotten from SteamDB, who gets them using ProtobufDumper.

No, you probably want to put all your event handlers outside of your HTTP routes, and store the steamGuard callback in some global variable, so you can call it from your /verifycode route.

Added in v2.1.0.

You should use the steamGuard event rather than calling logOn multiple times.

It's a planned feature for globaloffensive, but I haven't gotten around to adding it yet.

That's not implemented in any publicly-released module, to my knowledge.

You need to call community.setCookies, and you can obtain cookies from the webSession event.

No, there isn't a way to get an "inventory hash" or anything similar.

I would wager that the event listeners you attached to the bot are keeping it in memory. You might need to call bot.removeAllListeners().

The modules may work without the peer dependencies, or you should just install them yourself manually with npm install.

I don't see any reason why that should be the case. The only reason I could figure that would happen is that it doesn't clean up some timer or something, but every instance where it emits error, it also calls _disconnect, which cleans up after itself. Do you know what particular error code(s) cause this?

That looks fine, although you aren't going to handle any scenarios where the bot gets kicked off of Steam after logon.

The CM sends a notification message to the Steam client (which steam-user can receive), but that message only contains the count of pending trade offers. To get any details at all about the actual content of the trade, we need to hit the API for that.

It still works fine for me. Make sure your account owns the game you're trying to play and that the account's game visibility state is public.

It's very much not a bad idea to spawn one process per account. That way, if something causes one bot to crash, the rest don't also crash. Also, Node.js is single-threaded, so that's the best way to take advantage of multiple processor cores. About the only downside of spawning multiple processes is the increased memory usage. But if you have enough RAM, go for it.