npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

shadowx-fca

v2.9.0

Published

Unofficial Facebook Chat API for Node.js with Auto-Update System - modify by Mueid Mursalin Rifat

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mueidmursalinrifatmueidmursalinrifat

Keywords

facebookchatapibotmessengerunofficialfcashadowx-fca

Readme

# shadowx-fca
#Mueid Mursalin Rifat

<p align="center">
  <strong>Unofficial Facebook Chat API for Node.js with Auto-Update System</strong><br>
  Modified by Mueid Mursalin Rifat | Original by shadowX
</p>

## 📋 Table of Contents

- [Features](#-features)
- [Installation](#-installation)
- [Quick Start](#-quick-start)
- [Authentication Methods](#-authentication-methods)
- [API Documentation](#-api-documentation)
- [Configuration](#-configuration)
- [Anti-Detection Features](#-anti-detection-features)
- [Troubleshooting](#-troubleshooting)
- [Examples](#-examples)
- [Changelog](#-changelog)
- [License](#-license)

## ✨ Features

- ✅ **Multiple Authentication Methods** - Support for both appState and email/password login
- ✅ **Real-time Messaging** - MQTT/WebSocket based real-time message listening
- ✅ **Auto-Update System** - Automatically checks and updates to latest version
- ✅ **Anti-Detection** - Rotating user agents, rate limiting, and stealth headers
- ✅ **2FA Support** - Two-factor authentication handling
- ✅ **Message Attachments** - Support for images, videos, files, stickers, and more
- ✅ **Typing Indicators** - Send and receive typing status
- ✅ **Read Receipts** - Message read confirmation
- ✅ **Thread Management** - Create, delete, rename threads
- ✅ **Mention Support** - Tag users in messages (both legacy and new formats)
- ✅ **Configurable Options** - Extensive customization options

## 📦 Installation

```bash
npm install shadowx-fca

Requirements

· Node.js >= 16.0.0 · npm >= 7.0.0

🚀 Quick Start

Method 1: Using AppState (Recommended)

const login = require('shadowx-fca');
const fs = require('fs');

// Load saved appState
const appState = JSON.parse(fs.readFileSync('appstate.json', 'utf8'));

login({ appState: appState }, (err, api) => {
    if (err) return console.error('Login failed:', err);
    
    console.log('✅ Logged in successfully!');
    
    // Listen for incoming messages
    api.listenMqtt((err, message) => {
        if (err) return console.error('Listen error:', err);
        
        if (message.type === 'message') {
            console.log(`[${message.senderID}] ${message.body}`);
            
            // Reply to message
            api.sendMessage('Hello! I\'m a bot!', message.threadID);
        }
    });
});

Method 2: Email & Password

const login = require('shadowx-fca');

login({ 
    email: '[email protected]', 
    password: 'your_password' 
}, (err, api) => {
    if (err) return console.error('Login failed:', err);
    
    console.log('✅ Logged in successfully!');
    
    // Save appState for future use
    const appState = api.getAppState();
    fs.writeFileSync('appstate.json', JSON.stringify(appState, null, 2));
    
    // Your bot logic here
});

🔐 Authentication Methods

  1. AppState (Recommended)

Most secure method - uses saved cookies instead of credentials.

Get your appState:

const login = require('shadowx-fca');
const fs = require('fs');

login({ email: 'your_email', password: 'your_password' }, (err, api) => {
    if (err) return console.error(err);
    
    const appState = api.getAppState();
    fs.writeFileSync('appstate.json', JSON.stringify(appState, null, 2));
    console.log('✅ AppState saved! You can now use this file to login.');
    process.exit(0);
});
  1. Email & Password

Traditional method with 2FA support.

With 2FA:

login({ email: '[email protected]', password: 'password' }, (err, api) => {
    if (err && err.error === 'login-approval') {
        console.log('Enter 2FA code:');
        // Get code from user input
        const twoFACode = '123456';
        err.continue(twoFACode);
    }
});

📚 API Documentation

Core Methods

login(loginData, [options], callback)

Main login function.

Parameters:

· loginData - Object containing either appState or email/password · options - Optional configuration object · callback - Function called after login

api.sendMessage(message, threadID, [callback], [replyToMessage], [isSingleUser])

Send a message to a thread.

// Simple message
api.sendMessage('Hello world!', 'thread_id_here');

// With reply
api.sendMessage('Replying to you!', 'thread_id_here', null, 'message_id_here');

// With mention
api.sendMessage('Hello @John Doe', 'thread_id_here');

api.listenMqtt(callback)

Listen for incoming events (messages, typing, presence).

api.listenMqtt((err, event) => {
    if (err) return console.error(err);
    
    switch(event.type) {
        case 'message':
            console.log('New message:', event.body);
            break;
        case 'event':
            console.log('Thread event:', event.logMessageType);
            break;
        case 'typ':
            console.log(event.isTyping ? 'Typing...' : 'Stopped typing');
            break;
    }
});

api.getThreadInfo(threadID, callback)

Get information about a thread.

api.getThreadInfo('thread_id_here', (err, info) => {
    if (err) return console.error(err);
    console.log('Thread name:', info.name);
    console.log('Participants:', info.participants);
    console.log('Unread count:', info.unreadCount);
});

api.getUserInfo(userID, callback)

Get user information.

api.getUserInfo('user_id_here', (err, info) => {
    if (err) return console.error(err);
    console.log('Name:', info.name);
    console.log('Gender:', info.gender);
});

api.setOptions(options)

Update API options at runtime.

api.setOptions({
    listenEvents: true,
    autoMarkRead: false,
    delayBetweenRequests: 2000
});

Additional Methods

Method Description api.getAppState() Get current appState (cookies) api.markAsRead(threadID, callback) Mark thread as read api.markAsDelivered(threadID, messageID, callback) Mark message as delivered api.sendTypingIndicator(threadID, callback) Send typing indicator api.changeNickname(nickname, threadID, userID, callback) Change user nickname api.addUserToGroup(userID, threadID, callback) Add user to group api.removeUserFromGroup(userID, threadID, callback) Remove user from group api.createNewGroup(participantIDs, groupName, callback) Create new group api.deleteThread(threadID, callback) Delete/leave thread api.getThreadList(limit, timestamp, tags, callback) Get thread list

⚙️ Configuration

Global Configuration (config.json)

Create config.json in your project root:

{
    "enableTypingIndicator": false,
    "typingDuration": 4000,
    "delayBetweenRequests": 1500,
    "autoMarkDelivery": false,
    "autoMarkRead": false,
    "listenEvents": true,
    "selfListen": false,
    "autoReconnect": true,
    "logLevel": "info",
    "userAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
}

Options Reference

Option Type Default Description selfListen Boolean false Listen to own messages listenEvents Boolean true Listen to thread events listenTyping Boolean false Listen to typing indicators updatePresence Boolean false Update online status forceLogin Boolean false Force login even if suspicious autoMarkDelivery Boolean false Auto-mark messages as delivered autoMarkRead Boolean false Auto-mark messages as read autoReconnect Boolean true Auto-reconnect on disconnect delayBetweenRequests Number 1000 Delay between API requests (ms) logLevel String "info" Log level (silent/error/warn/info/verbose)

🛡️ Anti-Detection Features

shadowx-fca includes several features to avoid Facebook's anti-bot detection:

  1. Rate Limiting
// Set custom delay between requests
api.setOptions({ delayBetweenRequests: 2000 });
  1. Rotating User Agents

Automatically rotates between different user agents to avoid fingerprinting.

  1. Stealth Headers

Includes realistic browser headers (Sec-Ch-Ua, Accept-Language, etc.)

  1. Request Queue

Automatically queues and spaces out requests to prevent rate limiting.

🔧 Troubleshooting

Common Issues & Solutions

  1. "Error! Your cookiestate is not valid!"

Solution: Refresh your appState

// Get new appState
login({ email: 'your_email', password: 'your_password' }, (err, api) => {
    const newAppState = api.getAppState();
    fs.writeFileSync('appstate.json', JSON.stringify(newAppState, null, 2));
});
  1. Account Suspension

Solutions:

· Increase delay between requests · Don't spam messages (add 2-3 second delays) · Use appState instead of email/password · Avoid running 24/7 · Use a proxy if running multiple bots

  1. Login Timeout

Solution: Increase timeout in options

login({ appState: appState }, { timeout: 120000 }, callback);
  1. MQTT Connection Issues

Solution: Enable auto-reconnect

api.setOptions({ autoReconnect: true });

💡 Examples

Simple Echo Bot

const login = require('shadowx-fca');

login({ appState: require('./appstate.json') }, (err, api) => {
    if (err) return console.error(err);
    
    api.listenMqtt((err, message) => {
        if (err) return console.error(err);
        
        if (message.type === 'message' && message.body) {
            // Echo the message back
            api.sendMessage(message.body, message.threadID);
        }
    });
});

Command Handler

const commands = {
    '!help': (api, message) => {
        api.sendMessage('Available commands: !help, !time, !ping', message.threadID);
    },
    '!time': (api, message) => {
        api.sendMessage(`Current time: ${new Date().toLocaleString()}`, message.threadID);
    },
    '!ping': (api, message) => {
        api.sendMessage('Pong!', message.threadID);
    }
};

login({ appState: require('./appstate.json') }, (err, api) => {
    if (err) return console.error(err);
    
    api.listenMqtt((err, message) => {
        if (err) return console.error(err);
        
        if (message.type === 'message' && message.body) {
            const cmd = message.body.split(' ')[0];
            if (commands[cmd]) commands[cmd](api, message);
        }
    });
});

Auto-Reply with Delay

login({ appState: require('./appstate.json') }, (err, api) => {
    if (err) return console.error(err);
    
    api.listenMqtt((err, message) => {
        if (err) return console.error(err);
        
        if (message.type === 'message' && !message.isGroup) {
            // Add delay to avoid rate limiting
            setTimeout(() => {
                api.sendMessage('Thanks for your message! I\'ll reply soon.', message.threadID);
            }, 3000);
        }
    });
});

📝 Changelog

v2.1.0 (Latest)

· ✨ Added rotating user agents for anti-detection · 🚀 Implemented request queue with rate limiting · 🔧 Fixed email/password login issues · 🛡️ Enhanced security headers · 📚 Improved documentation

v2.0.0

· Added auto-update system · Improved MQTT connection stability · Added support for new mention format · Fixed 2FA handling

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer

This project is for educational purposes only. Use at your own risk. The authors are not responsible for any consequences that may arise from using this software, including but not limited to account suspension or legal action from Facebook.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

📞 Support

· Issues: t.me/mueidmursalinrifat · Author: Mueid Mursalin Rifat