Skip to content

AltKit/discord

 
 

Repository files navigation

Altkit Discord

An unofficial, user-account-only Discord.js v14.27-compatible library for Discord API v10 and Gateway v10.

npm CI Node.js Discord.js compatibility License

Caution

Automating a normal Discord user account violates Discord's Terms of Service and may result in account termination. Altkit Discord is unofficial, is not supported by Discord, and is used entirely at your own risk.

Overview

Altkit Discord adapts the familiar Discord.js programming model to user-account workflows while retaining account-specific features from the original discord.js-selfbot-v13 project. Version 4 targets the Discord.js 14.27 public surface where it applies to this fork and defaults REST and Gateway traffic to Discord API v10.

Support
Package @altkit/discord
Discord.js surface 14.27.0
Discord API and Gateway v10
Node.js 20.19.0 or newer
Runtime module format CommonJS, with TypeScript declarations
Account type Discord user accounts only
License GPL-3.0-only

Bot tokens, bot Gateway intents, application-command registration, interaction callbacks, and multi-process sharding are intentionally unsupported. APIs that depend on those workflows fail locally instead of silently attempting a bot request. Builders and Discord API types may still be exported for payload compatibility; an export does not make its bot-only endpoint available to user accounts.

Read the v4 migration guide before upgrading an existing v3 application.

Install

npm install @altkit/discord

The package includes its own TypeScript declarations. A separate @types package is not required.

Quick start

Create index.js:

'use strict';

const { Client, Events } = require('@altkit/discord');

const client = new Client();

client.once(Events.ClientReady, readyClient => {
  console.log(`${readyClient.user.tag} is ready`);
});

client.on(Events.MessageCreate, async message => {
  if (message.author.id === client.user.id && message.content === '!ping') {
    await message.reply('Pong!');
  }
});

client.login(process.env.DISCORD_TOKEN).catch(error => {
  console.error('Login failed:', error.message);
  process.exitCode = 1;
});

Create a local .env file that is excluded from version control:

DISCORD_TOKEN=

Then use Node's built-in environment-file loader:

node --env-file=.env index.js

Never hard-code, commit, log, or paste an account token into an issue. This project intentionally does not document token extraction. Rotate the token immediately if it may have been exposed.

What v4 includes

  • Discord API v10 REST routes, payloads, rate-limit buckets, scopes, and retry behavior
  • Gateway v10 events, partials, polls, voice-channel status, and voice-session start times
  • Messages, embeds, attachments, explicit spoiler metadata, polls, and prepared Ogg/Opus voice messages
  • Modern aliases such as AttachmentBuilder, BaseChannel, Events, Partials, and PermissionsBitField
  • Current application flag precision through Application#flagsNew
  • Current modal component response shapes used by user-side command invocation
  • Invite acceptance, community invite roles and target-user lists, guild discovery, and user-app installation
  • Relationships, account settings, sessions, custom status, rich presence, and activity instances
  • Voice connections, audio/video dispatch, receive streams, recording helpers, and @discordjs/voice adapters
  • Webhook clients and compatible Discord.js builders, formatters, utilities, and Discord API v10 enums
  • Optional captcha callbacks and TOTP handling for eligible authentication challenges

Discord permissions, experiments, verification requirements, and account eligibility still determine whether a particular operation succeeds. Undocumented account endpoints can change independently of this project.

API v10 transport behavior

The REST layer discovers Discord bucket hashes and separates limits by HTTP method and major resource. It accepts rate-limit timing from current headers or response payloads and does not automatically replay ambiguous POST or PATCH failures, because Discord may already have applied those requests.

REST, Gateway, voice, and remote-auth connections use TLS 1.2 or newer by default. Most applications should keep the secure defaults. Custom destination trust can be configured separately for REST and WebSocket traffic:

const client = new Client({
  http: {
    tls: { ca: process.env.REST_CA_CERT },
  },
  ws: {
    tls: { ca: process.env.GATEWAY_CA_CERT },
  },
});

Proxy destination TLS and HTTPS-proxy TLS use separate requestTls and proxyTls options. See the client configuration guide for precedence rules. Do not disable certificate verification in production.

Compatibility

Selected legacy names remain available so v3 applications can migrate incrementally:

Legacy name Preferred compatible name
MessageAttachment AttachmentBuilder
Channel BaseChannel
Intents IntentsBitField
MessageFlags MessageFlagsBitField
Permissions PermissionsBitField
UserFlags UserFlagsBitField

Runtime metadata makes the package boundary inspectable:

const { accountType, discordJsVersion, supportsBotAccounts, version } = require('@altkit/discord');

console.log({ version, discordJsVersion, accountType, supportsBotAccounts });

Altkit aims for source-level familiarity, not perfect behavioral identity with upstream Discord.js. In particular, upstream examples for deploying application commands or handling bot-owned buttons, select menus, and modals do not apply. sendSlash() invokes commands exposed by installed applications; it does not register them.

Documentation

The examples use DISCORD_TOKEN and feature-specific IDs from the environment. Copy .env.example to .env, populate only the values required by the selected example, and read its prerequisites before running it.

Security

  • Keep tokens, TOTP secrets, proxy credentials, cookies, and custom certificates outside source control.
  • Treat third-party captcha solvers, proxies, media tools, and modified package distributions as separate trust boundaries.
  • Keep TLS certificate verification enabled and install only @altkit/discord from a source you trust.
  • Remove credentials and sensitive request data from bug reports, logs, screenshots, and reproductions.
  • Do not use client-identification values or headers to evade Discord, Cloudflare, rate limits, or account restrictions.

See the security guide for deployment and incident-response guidance.

Development

Install dependencies and run the complete validation pipeline:

npm install
npm test
npm run docs:build

npm test runs linting, formatting checks, documentation parsing, TypeScript and tsd, example syntax checks, unit tests, and a package smoke test. Keep runtime changes, declarations, documentation, generated API data, and examples synchronized.

For local documentation work:

npm run docs
npm run docs:dev

Bug reports should include the Altkit Discord version, Node.js version, a minimal reproduction with all secrets removed, and the relevant error or redacted debug output.

License and credits

Altkit Discord is licensed under the GNU General Public License v3.0. It is based on discord.js and continues the original discord.js-selfbot-v13 project. Current development lives in altkit/discord.

About

An unofficial Discord.js v14.27-compatible fork for Discord API and Gateway v10 user-account workflows

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Contributors

Languages

  • JavaScript 99.9%
  • TypeScript 0.1%