Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node-apple-receipt-verify
Advanced tools
A Node.js module for In-App-Purchase receipt validation for iOS
© Siarhei Ladzeika < sergey.ladeiko@gmail.com >
A Node.js module for In-App-Purchase receipt validation for iOS.
The module can optionally turn on verbose debug log.
In order to enable the verbose logging, give the following to .config()
:
var appleReceiptVerify = require('node-apple-receipt-verify');
appleReceiptVerify.config({
verbose: true
});
Initializes module. Can be called more than once to reconfigure module.
options: supports following keys:
secret
[string] - Apple shared secret (See it in iTunes Connect: Go to My Apps > (select your app) > In-App Purchases > View or generate a shared secret) [optional]verbose
[boolean] - verbose logging switch, false
by default. [optional]environment
[array of strings] - defines environments used for receipt validation on Apple servers. Supported environments: 'sandbox', 'production'. The sequence is important. Defaults to ['production']
. [optional]ignoreExpired
- if true
, then expired purchases are skipped. Defaults to true
. [optional]extended
- if true
, then purchases contains extended information. Defaults to false
. (since v1.1.1) [optional]NOTE: Shared password is required for iTunes subscription purchases.
Validates an in-app-purchase receipt.
options: supports keys:
receipt
[string] - base64 encoded receipt. [required]device
- iOS vendor identifier. Example 438498A7-4850-41DB-BCBE-4E1756378E39
. If specified, then module will check if receipt belongs to vendor identifier. [optional]ignoreExpired
- if true
, then expired purchases are skipped. Overrides global ignoreExpired
specified in .config()
. [optional]callback: receives error or list of purchased products embedded in receipt
The purchased products list has structure:
[
{
bundleId: <string>,
transactionId: <string>,
productId: <string>,
purchaseDate: <number>,
quantity: <number>,
*expirationDate: <number>,
*isTrialPeriod: <boolean>, // only for subscriptions and if extented = true
*environment: <string>, // only if extented = true
*originalPurchaseDate: <number>, // only if extented = true
*applicationVersion: <string>, // only if extented = true
*originalApplicationVersion: <string> // only if extented = true
},
...
]
Example:
var appleReceiptVerify = require('node-apple-receipt-verify');
// Common initialization, later you can pass options for every request in options
appleReceiptVerify.config({
secret: "1234567890abcdef1234567890abcdef",
environment: ['sandbox']
});
// Callback version
appleReceiptVerify.validate({ receipt: appleReceipt, device: '438498A7-4850-41DB-BCBE-4E1756378E39' }, function (err, products) {
if (err) {
return console.error(err);
}
// ok!
});
// Callback version without device
appleReceiptVerify.validate({ receipt: appleReceipt }, function (err, products) {
if (err) {
return console.error(err);
}
// ok!
});
// Promise version
appleReceiptVerify.validate({ receipt: appleReceipt, device: '438498A7-4850-41DB-BCBE-4E1756378E39' })
.then(function (products) {
// do something
})
.catch(function (err) {
if (err instanceof appleReceiptVerify.EmptyError) {
...
}
else {
...
}
});
If you have any questions, bugs, etc... - contact me.
FAQs
A Node.js module for Apple In-App-Purchase receipt validation for iOS
The npm package node-apple-receipt-verify receives a total of 2,334 weekly downloads. As such, node-apple-receipt-verify popularity was classified as popular.
We found that node-apple-receipt-verify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.