alt Hacker NewsUsing this package is a security failure from the beginning. It doesn’t use the public WhatsApp API, it reimplements the official WhatsApp client auth. Authentication uses a shared secret and it’s obvious that you as a third party obtaining this secret from your users is unsafe and a bad practice (especially if it’s third party code processing it!).
Users should know better as well but you can’t really blame them.
> It doesn’t use the public WhatsApp API, it reimplements the official WhatsApp client auth.
Nothing wrong with that if the official API has less features.
> Authentication uses a shared secret and it’s obvious that you as a third party obtaining this secret from your users
What do you mean? Usually, you install such a package to automate WhatsApp for your own account.