
Security News
Open Source Maintainers Demand Ability to Block Copilot-Generated Issues and PRs
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
@invertase/node-paddle-sdk
Advanced tools
A NodeJS library for integrating with Paddle.
The library provides full TypeScript definitions for the Paddle API & Webhook events.
npm install @invertase/node-paddle-sdk --save
import { PaddleSDK } from '@invertase/node-paddle-sdk';
const paddle = new PaddleSDK(
12345, // Required: Vendor ID
'xxxx', // Required: Vendor Auth Code
'xxxx', // Optional: Public Key
);
The Public Key is optional, but required if using the
verifyWebhook
method.
The library provides integration with the Paddle API endpoints.
The vendor_id
and vendor_auth_code
parameters are not required and are automatically provided by the library.
Example usage:
try {
const coupons = await paddle.listCoupons({
product_id: 123,
});
} catch (e) {
console.error(e.code, e.message);
}
Coupons
Products
Licenses
Pay Links
Transactions
Payments
Plans
Users
Modifiers
Payments
One-off Charges
Webhooks
The library provides useful helpers for handling Webhooks, along with type definitions for events for TypeScript users.
To verify a webhook, you must have provided a public key whilst creating a PaddleSDK
instance
otherwise an error will be thrown. If the provided body does not conform to a Paddle Webhook
request (JSON response containing both a alert_name
and p_signature
), an error will also be thrown.
Pass the request body to the verifyWebhook
method to verify the signature:
// Express example
// Ensure you accept a JSON request body.
app.use(express.json());
app.post('/your-webhook-endpoint', (req, res) => {
const verified = paddle.verifyWebhook(req.body);
if (!verified) {
return res.status(403).send('Invalid webhook request.');
}
...
});
The library provides type definitions for the various Paddle Webhook events. Using the alert_name
, you can discover the type of the event:
import { PaddleWebhook } from '@invertase/node-paddle-sdk';
app.post('/your-webhook-endpoint', (req, res) => {
const verified = paddle.verifyWebhook(req.body);
if (!verified) {
return res.status(403).send('Invalid webhook request.');
}
const event = req.body as PaddleWebhook;
if (event.alert_name === 'subscription_created') {
// `event` is now cast as a `SubscriptionCreatedWebhook`
console.log(event.subscription_id);
}
});
If using the Paddle Sandbox Environment, you can set the library to use a custom server endpoint:
import { PaddleSDK } from '@invertase/node-paddle-sdk';
const paddle = new PaddleSDK(
12345, // Required: Vendor ID
'xxxx', // Required: Vendor Auth Code
'xxxx', // Optional: Public Key
'https://sandbox-vendors.paddle.com/api/2.0', // Optional: Custom Server Endpoint
);
Built and maintained by Invertase.
FAQs
A fully typed NodeJS library for integration with Paddle.
The npm package @invertase/node-paddle-sdk receives a total of 41 weekly downloads. As such, @invertase/node-paddle-sdk popularity was classified as not popular.
We found that @invertase/node-paddle-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
Research
Security News
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.