#self bot ability discusstion

I would delete the option of using self bots in discord.js because it's against ToS. Many people don't know it, but just 1 line and you have a self bot. In my opinion, such a big library shouldn't have this in the code at all, so you can run a self bot without forking.

PR link: https://github.com/discordjs/discord.js/pull/6429

Oh this, I guess the instance property was kept for flexibility, "just in case" even if yeah right now it's not really being used

In my opinion, it shouldn't be. Logging on a self bot like that is against ToS. I know that when there were no discord accounts yet so ok, that's fine but now that even discord is struggling with those attacks that raid even official discords anymore like last time Discord Townhall so this option should be deleted. Today I'm going to do the same for Eris because I think it's irresponsible.

you know there are other token types than just bot right

or rather one other

Removing the ability to do so from the package doesn't really even do anything, if people really wanted to do that, they could still just modify the source and they'd have it working after 1 line of change

Discord.js is for the bot, not for other things.

To be honest this won't have any actual effect on the amount of self bots around Discord, it's not like discord.js compiled into machine code and would make any change on the distributed binary difficult, it's just editing a JavaScript file to match our needs

There will surely be forks that edits that property if people will want to anyway

But even tho, why not for that change as there likely won't be any other token type rather than Bearer and Bot
Curious to hear lead dev opinions on this

Yes it won't, but a lot of people don't even know there is such a thing against ToS and maybe they are taking advantage of it. The point there is that djs don't support things that are against ToS.

what

Right now discord.js does not enable things that are not ToS-friendly
Considering _tokenType is a private property (JS ❤️ OOP ), anyone editing that value takes its own responsibility to whatever happens

The main thing there is that djs don't support self bots. Like don't support them directly but still an option. They will create forks but they won't be kept up to date so they won't have the latest options and news.

Yes, but when you take that away, it's completely useless.

i don't see any reason why you can't be using the rest client for bearer requests either though

Well, this can of course be solved so that it can be on Bot/Bearer but there is no reason for there to remain a self bot option which is against ToS.

sure, only accept bot or bearer

It is useless tbh

Because even currently you can't setup to have a selfbot

Even by forcing the property

I would just delete that option. Anyway at all can djs be used for Bearer? After all Bearer is at oauth2.

Because it is an Object.assign

Are you sure that it is not used internally somewhere else?

I would consider this as a breaking change too.

You can. Just make {_tokenType:""} at new Client as a setting. I would delete it, because it's unnecessarily there.

No, the current code forces the option to be set to Bot

It's the point of Object.assign here

Now you can make a self bot. My friend tested it.

Thanks to this PR, self bot won't come this easy anymore.

ngl I didn't really look at it, the rest client is what's responsible for actually logging in and more, that's what can be used

not the client

What for? This is a thing that shouldn't even be in djs since discord bot accounts.

This is a patch (semver). Maybe it should have been there but it shouldn't be there anymore.

btw @zinc grotto, before dramatising everything (I find your arguments about the property's removal very annoying and repetitive), please speak with the development team.

_tokenType doesn't exist to just arbitrarily change the token type, it existed because we needed a way to change the type for discord-rpc to work, since it doesn't use Bot tokens.

Since the property is not longer used, this is now a remnant from a workaround for RPC, not a remnant from v12's userbot removal.

(Thanks Space for remembering all those very old changes )

As a side note, over-reacting and dramatising about certain stuff can cause the opposite effect of what you desire to achieve, as it makes more people aware of it, just like security vulnerabilities.

I hope you understand and learn about this for future reference.

Thank you for the clarification. Admittedly, I may have overdramatized it.