@noidme/mac-print
v0.1.0-beta.0
Published
mac-print — consent-native device identification. The browser signal probes (canvas, WebGL + extensions, audio, ~64 fonts, WebGPU, media codecs, UA-CH, speech voices, screen, math/libm) that feed a device visitorId. Fail-closed by construction: collects n
Downloads
93
Maintainers
Readme
@noidme/mac-print
Consent-native device identification. The browser signal probes that feed a device visitorId —
canvas, WebGL (+ extensions), audio, ~64 fonts, WebGPU, media codecs, UA-CH, speech voices, screen, and
math/libm. Zero-dependency, CSP-safe, and fail-closed by construction: a probe for a purpose that is
not granted is never even constructed.
Part of the noidme SDK family: @noidme/consent provides
the consent decision (the window.noidme bridge); mac-print collects the signals; the mac-print
server engine turns them into a stable, tenant-scoped, epoch-rotated visitorId (with a drift-tolerant
linker). For bot/fraud signals see @noidme/am-i-bot; for
the all-in-one agent see @noidme/glassprint.
Install
npm i @noidme/mac-printOr drop-in via a <script> (exposes window.MacPrint):
<script src="https://cdn.jsdelivr.net/npm/@noidme/mac-print/dist/mac-print.global.js"></script>Use
Consent is read from window.noidme (installed by @noidme/consent). Collection is gated per purpose:
import { ConsentGate, resolveEngine, DEVICE_ID_PROBES } from '@noidme/mac-print';
const gate = new ConsentGate(await resolveEngine(2000)); // waits for the consent engine, fail-closed
const signals = [];
for (const factory of DEVICE_ID_PROBES) {
if (!gate.granted(factory.purpose)) continue; // never construct a probe for a denied purpose
const s = await factory.create(gate).read(); // never throws; null when the API is absent
if (s) signals.push(s);
}
// → seal `signals` and POST to your mac-print server, which returns the visitorId.Each probe emits an opaque, already-canonicalized SignalValue ({ key, axis, value }). The raw,
untrusted strings are only entropy inputs — identity + anti-spoof reasoning happens server-side.
Design
- Fail-closed / consent-native. No engine, or a denied purpose ⇒ nothing is collected.
- Never throws. Every probe returns
nullon absence/failure (e.g. noOffscreenCanvasin Node). - CSP-safe. No external fonts/scripts/styles; uses
OffscreenCanvas.measureText, not DOM injection. - Entropy per axis. Probes declare an axis (
gpu/cpu-fpu/os/display) so correlated signals are de-duplicated by the server before scoring.
License
MIT.
