You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

node-widevine

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node-widevine

Node Widevine

0.1.3
latest
Source
npmnpm
Version published
Weekly downloads
11
-26.67%
Maintainers
1
Weekly downloads
 
Created
Source

node-widevine

  • Disclaimer
  • Installation
  • Examples
  • Build it yourself

Disclaimer

  • This project requires a valid Google-provisioned Private Key and Client Identification blob which are not provided by this project.
  • Public test provisions are available and provided by Google to use for testing projects such as this one.
  • License Servers have the ability to block requests from any provision, and are likely already blocking test provisions on production endpoints.
  • This project does not condone piracy or any action against the terms of the DRM systems.
  • All efforts in this project have been the result of Reverse-Engineering, Publicly available research, and Trial & Error.

Installation

I use pnpm and recommend in doing so too. If you don't want to modify the source code, it is fully compatible with every node package manager.

Install the package via

pnpm:

pnpm install node-widevine

npm:

npm install node-widevine

yarn:

yarn add node-widevine

Examples

Example using bitmovin demo

import { Session } from "widevine";
import { readFileSync } from "fs";

//read cdm files located in the same directory
const privateKey = readFileSync("./device_private_key");
const identifierBlob = readFileSync("./device_client_id_blob");

//pssh found in the mpd manifest
const pssh = Buffer.from(
  "AAAAW3Bzc2gAAAAA7e+LqXnWSs6jyCfc1R0h7QAAADsIARIQ62dqu8s0Xpa7z2FmMPGj2hoNd2lkZXZpbmVfdGVzdCIQZmtqM2xqYVNkZmFsa3IzaioCSEQyAA==",
  "base64"
);
//license url server
const licenseUrl = "https://cwip-shaka-proxy.appspot.com/no_auth";

const session = new Session({ privateKey, identifierBlob }, pssh);

const response = await fetch(licenseUrl, {
  method: "POST",
  body: session.createLicenseRequest()
});

if (response.ok) {
  const successful = session.parseLicense(Buffer.from(await response.arrayBuffer())).length > 0;
  console.log(`successful? ${successful ? "yes" : "no"}`);
}

Build

I use pnpm and if you don't want to change anything in the package.json and in .husky/pre-commit, you have to install pnpm by using npm -g install pnpm

Code

Just run pnpm build to generate the js, map and type definition files from the Typescript source.

Protocol Buffers

If you want to compile the license_protocol.ts file yourself, you need to run pnpm proto:compile

Warning: You need to replace the import statement import _m0 from "protobufjs/minimal"; in the license_protocol.ts file with import _m0 from "protobufjs/minimal.js"; (add the .js extension) or else it will throw an error.

FAQs

Package last updated on 02 Apr 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Open Source Maintainers Feeling the Weight of the EU’s Cyber Resilience Act

Security News

Open Source Maintainers Feeling the Weight of the EU’s Cyber Resilience Act

The EU Cyber Resilience Act is prompting compliance requests that open source maintainers may not be obligated or equipped to handle.

By Sarah Gooding  -  Jul 17, 2025