Dr. McKay

I don't believe it's currently possible to embed an image into chat using steam-user. You could always upload it to imgur or something and send a link to it though.

Memory usage is pretty normal on accounts with a lot of trade offers. The module caches asset descriptions in order to avoid slamming the API and using up your quota of requests on asset description retrieval.
 
If you want to minimize memory usage, you need to omit a language in the constructor and keep track of whatever data you might need yourself.

Call acceptConfirmationForObject whenever you send a trade offer that needs confirmation.

As far as I'm aware, that's the only bbcode that works in chat. Everything else is a /command or an :emoji:.

If it's a trade you sent but haven't confirmed yet, that's CreatedNeedsConfirmation. The other party can't see it.
If it's a trade you received that you accepted but haven't confirmed yet, it's still Active. The confirmationMethod property is how you can tell if an incoming trade has an outstanding confirmation.

As of December 2015, all users who are losing items in a trade must have the Steam Guard Mobile Authenticator enabled, or else the trade will be held for three fifteen days. It's also no longer possible to opt-out of trade confirmations.
 
This means that effectively, all trading bots need a mobile authenticator and need to accept mobile trade confirmations. You don't need an actual physical phone to act as your mobile authenticator, however. Through the efforts of myself and others, you can emulate a mobile authenticator right from node.js, and also accept trade confirmations.
 
Enabling a Mobile Authenticator
 
The Steam Guard Mobile Authenticator provides two-factor authentication security (hereinafter "2FA") for your account, which is more secure than standard email-based Steam Guard. This is done using a "shared secret" which is known to both the Steam servers and to your authenticator. Both sides run this secret through an algorithm along with the current time, which produces a 5-character alphanumeric code. This code is only valid for 30 seconds, and can only be used once. Attempts to reuse a 2FA code (either through the Steam Client or by logging in on steamcommunity.com) will treat the code as incorrect and reject it. For this reason, you can't login more frequently than once in a 30-second period.
 
Enabling 2FA is a three-step process.
Link and verify a phone number with your Steam account. You can do this manually from your account page, or programmatically using node-steamstore. Call enableTwoFactor using either node-steam-user or node-steamcommunity. If successful, this will return an object containing a bunch of properties. You should save this entire object. You can call JSON.stringify on it safely to turn it into a string. You'll need the revocation_code in the future if you ever want to disable 2FA. At this stage, 2FA isn't enabled yet. Steam will send you an SMS containing a code which you'll need in step 3. Call finalizeTwoFactor using either node-steam-user or node-steamcommunity. You will need the value of the shared_secret property from the object returned in step 2, and the numeric activation code from your SMS. If successful, your Steam account now has 2FA. Logging in With a Mobile Authenticator
 
If you have 2FA enabled, then for every login you will need to provide a twoFactorCode (unless you're logging in with node-steam-user using a loginKey). You can generate this code using node-steam-totp and your shared_secret which you obtained (and should have saved) when you enabled 2FA.
 
Mobile-Confirming Trades
 
You are now required to confirm all trades in which you lose items. If you don't have 2FA enabled, then these confirmations will go to your email and the trades will be held for fifteen days. If you do have 2FA enabled, then the confirmations must be accepted through Steam's mobile confirmation interface. You can also accept mobile confirmations through node.js.
 
node-steam-tradeoffer-manager doesn't have anything built-in to accept mobile confirmations. This is because mobile confirmations encompass more than just trades -- market listings also require confirmation, and potentially other things in the future.
 
node-steamcommunity can accept your confirmations for you. In order to accept mobile confirmations, you will need the identity_secret (not the shared_secret used for login) from when you enabled 2FA. The best way to do this is to call acceptConfirmationForObject right after each trade offer you send/accept or market listing you create.

No, it's not possible to disable another account's 2FA.

You probably want to use steam.uploadAvatar and not community.uploadAvatar. Also, attach a callback. Also also, don't use the auto-confirmation checker.

Probably because you're using profileSettings and not uploadAvatar.

Yes, error 16 is a well-known cause for headache.

That's correct.
That's incorrect. They will still be auto-canceled per your options.

Check the x-eresult header.

Sorry. My bad. Thank you for quick answer!

You should be able to use it on store.steampowered.com. When you use setCookies in SteamCommunity, it'll set them for steamcommunity.com, store.steampowered.com, and help.steampowered.com.

You're not using this properly. In JavaScript, this references the parent object of the method at call-time. So for example:
function exampleMethod() { console.log(this.name); } let obj1 = {"name": "obj1"}; let obj2 = {"name": "obj2"}; obj1.example = exampleMethod; obj2.example = exampleMethod; obj1.example(); // "obj1" because the "parent" to this call is obj1 obj2.example(); // "obj2" because the "parent" to this call is obj2 let example = obj1.example; example(); // undefined because there is no "parent" to example() in this call So when you do getInventoryContents(foo, bar, this.createOffer), when the module receives the callback, it sees this:
TradeOfferManager.prototype.getInventoryContents(blah, callback) { // do stuff callback(); // no parent! so "this" will not be what you expect }; What you should do instead is: getInventoryContents(foo, bar, this.createOffer.bind(this)). Using the bind method "binds" the value of this before call-time.

https://github.com/DoctorMcKay/node-steamcommunity/wiki/SteamCommunity#acceptconfirmationforobjectidentitysecret-objectid-callback

It's not possible to get a user's owned games except through the WebAPI.
You can get some profile details from steam-user.
All you can get from steamcommunity or the WebAPI if a profile is private is their name/avatar/basic info. You can get profile info from steam-user's getPersonas if their profile is friends only and you are friends, but there is no way to get a completely private profile.
Yes, you can change profile privacy from steamcommunity.

Not every item is going to necessarily have market_actions. You need to check for each item to make sure that market_actions exists and isn't empty.

As of v4.0.0, the first argument to all callbacks is err. See the release notes here.

Sometimes you do not see the forest for the trees.?
 
Thx, now it works fine ?

That might work, but I wouldn't recommend using it as you'd be calling decline on offers that might have already been accepted. I would use offerList and check the creation time of the offers.
I don't understand the question. sentOfferChanged is being emitted multiple times for the same offer with state 3?
That looks correct.
Actually, no. That's a bug. As a workaround you can use getUserDetails on the original offer that you're countering. Also, you should never reassign itemsToGive or itemsToReceive. Use the add(My/Their)Item(s) methods instead.
You can't. You need to call it once per appid/contextid.

client.on("friendMessage", function (steamID, message) {
if (steamID == AdminID && message.indexOf('!key') == 0) {
var GetKey = message.replace('!key ', '');
client.redeemKey(GetKey, function (err) {
if (err) {
// key not activated
} else {
client.chatMessage(steamID, "Key activated: " + GetKey);
}
});
}
});

Check the callback or promise result to redeemKey.

It's in the user event in steam-user.

It's in the user event in steam-user.