grant/recap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
aca2ba9e2e01ecf517f11094d3d5efee6aa49fc1
recap/vendor/keysat-licensing-client
T
History
Keysat e5a779ced2 Strip prepare/build scripts from vendored keysat-client package.json 
When npm install runs in server/ and processes the file: dep at
vendor/keysat-licensing-client/, it fires the vendor's 'prepare'
script even with --ignore-scripts (npm bug for file/git deps).
The prepare script calls tsup which isn't installed in the build
container, so the build fails with 'sh: 1: tsup: not found'.

The vendored copy ships its prebuilt dist/ in the repo, so we don't
need tsup. Drop the scripts entirely.
2026-05-09 11:59:55 -05:00
..
dist
Fix Dockerfile to copy all server/*.js modules; refresh vendor to v0.2.0
2026-05-09 11:57:41 -05:00
LICENSE
Vendor @keysat/licensing-client to avoid private-repo auth in Docker build
2026-05-08 13:45:12 -05:00
package-lock.json
Fix Dockerfile to copy all server/*.js modules; refresh vendor to v0.2.0
2026-05-09 11:57:41 -05:00
package.json
Strip prepare/build scripts from vendored keysat-client package.json
2026-05-09 11:59:55 -05:00
README.md
Vendor @keysat/licensing-client to avoid private-repo auth in Docker build
2026-05-08 13:45:12 -05:00

README.md

@keysat/licensing-client

TypeScript / JavaScript client for Keysat — a self-hosted Bitcoin-paid software licensing server that runs on Start9.

Works in modern browsers and Node 18+. No native dependencies; signature verification is done in pure JS via @noble/ed25519.

What you get

  • Offline verification: check a license key with just the issuing server's public key. No network.
  • Online validation: live revocation check and fingerprint binding via the service's /v1/validate endpoint.
  • Purchase flow: kick off a BTCPay checkout and poll for the issued key.

Install

npm install @keysat/licensing-client

5-line offline check

import { Verifier, PublicKey } from '@keysat/licensing-client'

const verifier = new Verifier(PublicKey.fromPem(ISSUER_PUBKEY_PEM))
const ok = verifier.verify(keyFromUser)
console.log('licensed for product', ok.productId)

That's the whole integration. Embed your public key as a string at build time (e.g. Vite's ?raw import, webpack raw-loader, or just a const). If the verifier returns without throwing, the key is real and was issued by you.

10-line online check (with revocation + fingerprint)

import { Client } from '@keysat/licensing-client'

const client = new Client('https://license.example.com')
const result = await client.validate(keyFromUser, 'my-product', machineFingerprint)
if (!result.ok) {
  console.error('rejected:', result.reason)
  process.exit(1)
}

The server enforces revocation live and does trust-on-first-use fingerprint binding, so the same key used from a second machine gets rejected.

Purchase flow

const session = await client.startPurchase('my-product')
console.log('pay at:', session.checkoutUrl)
const key = await client.waitForLicense(session.invoiceId)
console.log('got license:', key)

waitForLicense polls until the BTCPay invoice settles and the service issues a key. It throws if the invoice expires or becomes invalid.

Browser usage

Everything here works in the browser too. Drop the library into your React/Svelte/Vue app and run offline verification client-side — no server call needed for the common case.

// Vite: import the PEM as a raw string at build time
import issuerPem from './issuer.pub?raw'
import { Verifier, PublicKey } from '@keysat/licensing-client'

const verifier = new Verifier(PublicKey.fromPem(issuerPem))

License

MIT.

Reference in New Issue View Git Blame Copy Permalink