Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@incanta/node-paddle-sdk
Advanced tools
A NodeJS library for integrating with Paddle.
The library provides full TypeScript definitions for the Paddle API & Webhook events.
npm install @invertase/node-paddle-sdk --save
import { PaddleSDK } from '@invertase/node-paddle-sdk';
const paddle = new PaddleSDK(
12345, // Required: Vendor ID
'xxxx', // Required: Vendor Auth Code
'xxxx', // Optional: Public Key
);
The Public Key is optional, but required if using the
verifyWebhook
method.
The library provides integration with the Paddle API endpoints.
The vendor_id
and vendor_auth_code
parameters are not required and are automatically provided by the library.
Example usage:
try {
const coupons = await paddle.listCoupons({
product_id: 123,
});
} catch (e) {
console.error(e.code, e.message);
}
Coupons
Products
Licenses
Pay Links
Transactions
Payments
Plans
Users
Modifiers
Payments
One-off Charges
Webhooks
The library provides useful helpers for handling Webhooks, along with type definitions for events for TypeScript users.
To verify a webhook, you must have provided a public key whilst creating a PaddleSDK
instance
otherwise an error will be thrown. If the provided body does not conform to a Paddle Webhook
request (JSON response containing both a alert_name
and p_signature
), an error will also be thrown.
Pass the request body to the verifyWebhook
method to verify the signature:
// Express example
// Ensure you accept a JSON request body.
app.use(express.json());
app.post('/your-webhook-endpoint', (req, res) => {
const verified = paddle.verifyWebhook(req.body);
if (!verified) {
return res.status(403).send('Invalid webhook request.');
}
...
});
The library provides type definitions for the various Paddle Webhook events. Using the alert_name
, you can discover the type of the event:
import { PaddleWebhook } from '@invertase/node-paddle-sdk';
app.post('/your-webhook-endpoint', (req, res) => {
const verified = paddle.verifyWebhook(req.body);
if (!verified) {
return res.status(403).send('Invalid webhook request.');
}
const event = req.body as PaddleWebhook;
if (event.alert_name === 'subscription_created') {
// `event` is now cast as a `SubscriptionCreatedWebhook`
console.log(event.subscription_id);
}
});
If using the Paddle Sandbox Environment, you can set the library to use a custom server endpoint:
import { PaddleSDK } from '@invertase/node-paddle-sdk';
const paddle = new PaddleSDK(
12345, // Required: Vendor ID
'xxxx', // Required: Vendor Auth Code
'xxxx', // Optional: Public Key
'https://sandbox-vendors.paddle.com/api/2.0', // Optional: Custom Server Endpoint
);
Built and maintained by Invertase.
FAQs
A fully typed NodeJS library for integration with Paddle.
We found that @incanta/node-paddle-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.