npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@webas/webas

v1.0.0

Published

WebAS license verification SDK — modular client for api.webas.io/w3/verify

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

webaswebas

Keywords

webaslicenselicensingverificationw3

Readme

@webas/webas

Official WebAS license verification SDK for Node.js applications.

@webas/webas verifies license keys against the WebAS W3 API while keeping the SDK small, dependency-free, and compatible with server-side JavaScript runtimes that support native fetch.

Features

  • Verify licenses with new WebAS().license.verify(...)
  • Keep compatibility with the existing createWebasClient() API
  • Support POST verification and public GET verification routes
  • Send optional domain and HWID lock data
  • Use environment variables for production configuration
  • Cache successful verification results when needed
  • Gate Express applications with ready-made middleware
  • Run without external runtime dependencies

Requirements

  • Node.js 18 or newer
  • A WebAS license key

Installation

npm install @webas/webas

When working from a local monorepo package:

npm install ./packages/webas

Quick Start

const { WebAS } = require('@webas/webas');

const client = new WebAS({
  apiKey: 'nt_live_...',
});

const license = await client.license.verify({
  key: 'W3-XXXX-XXXX',
  hwid: machineId,
  domain: 'example.com',
});

if (!license.valid) {
  console.error(license.code, license.message);
  process.exit(1);
}

console.log('License is valid');

apiKey is accepted by the SDK constructor for applications that already use a WebAS account or product token. The W3 license verification request remains compatible with the existing API and sends the license payload fields: key, domain, hwid, ip, and detailed.

License Verification

new WebAS(options)

Creates a high-level SDK instance.

const { WebAS } = require('@webas/webas');

const client = new WebAS({
  apiKey: process.env.WEBAS_API_KEY,
  baseUrl: process.env.WEBAS_API_URL,
  timeout: 15000,
  cacheTtl: 300000,
});

Available constructor options:

| Option | Default | Description | | --- | --- | --- | | apiKey | null | Optional WebAS account or product token stored on the SDK instance. | | key | WEBAS_LICENSE_KEY | Default license key for verification calls. | | licenseKey | null | Alias for key. | | domain | WEBAS_LICENSE_DOMAIN or WEBAS_DOMAIN | Default domain value sent to the API. | | hwid | WEBAS_HWID or hostname | Default hardware or machine identifier. | | app | null | Product slug for app-specific public verification routes. | | baseUrl | https://api.webas.io | WebAS API base URL. | | expiredUrl | https://webas.io/license-has-expired | Redirect target used by Express middleware. | | timeout | 15000 | Request timeout in milliseconds. | | cacheTtl | 0 | Cache successful verification results for this many milliseconds. | | fetch | globalThis.fetch | Custom fetch implementation. |

client.license.verify(input)

Verifies a license with the W3 API.

const result = await client.license.verify({
  key: 'W3-XXXX-XXXX',
  hwid: 'server-01',
  domain: 'example.com',
  detailed: true,
});

By default, this sends:

POST /w3/verify

with a JSON body containing the provided license fields.

client.license.verifyGet(input)

Uses the public GET verification route.

const result = await client.license.verifyGet({
  key: 'W3-XXXX-XXXX',
  hwid: 'server-01',
  domain: 'example.com',
});

This calls:

GET /w3/verify/:key?domain=...&hwid=...

Product Slug Verification

When app is provided, verification uses the app-specific route:

const result = await client.license.verify({
  key: 'W3-XXXX-XXXX',
  app: 'restorantqr',
  hwid: 'server-01',
  domain: 'example.com',
});

This calls:

GET /w3/:app/:key?domain=...&hwid=...

client.license.verifyOrThrow(input)

Verifies a license and throws WebasLicenseError when valid !== true.

try {
  const result = await client.license.verifyOrThrow({
    key: 'W3-XXXX-XXXX',
    hwid: 'server-01',
  });

  console.log(result.code);
} catch (error) {
  console.error(error.code, error.message);
}

Response Format

The SDK returns the JSON response from the WebAS API.

{
  "success": true,
  "valid": true,
  "code": "LICENSE_VALID",
  "message": "License is valid.",
  "data": {
    "license": {
      "key": "W3-XXXX-XXXX",
      "projectName": "Example App"
    }
  }
}

Invalid or expired licenses return valid: false with a machine-readable code and a human-readable message.

Existing Client API

The original API remains supported.

const { createWebasClient } = require('@webas/webas');

const webas = createWebasClient({
  key: process.env.WEBAS_LICENSE_KEY,
  domain: process.env.WEBAS_LICENSE_DOMAIN,
  hwid: process.env.WEBAS_HWID,
});

const result = await webas.verify();

Available methods:

| Method | Description | | --- | --- | | verify(input, overrides) | Verifies a license with POST by default, or GET when app is provided. | | verifyGet(input) | Verifies a license with the public GET route. | | verifyOrThrow(input) | Verifies and throws WebasLicenseError when invalid. | | isValid(result) | Returns true only for a valid LICENSE_VALID result. | | clearCache() | Clears cached successful verification results. |

The shorthand verify(input, options) export is also available:

const { verify } = require('@webas/webas');

const result = await verify({
  key: 'W3-XXXX-XXXX',
  hwid: 'server-01',
});

Express Middleware

Use the Express helper to block traffic when the license is not valid.

const express = require('express');
const { createLicenseMiddleware } = require('@webas/webas/express');

const app = express();

app.use(createLicenseMiddleware({
  key: process.env.WEBAS_LICENSE_KEY,
  domain: process.env.WEBAS_LICENSE_DOMAIN,
  hwid: process.env.WEBAS_HWID,
}));

app.listen(3000);

By default, invalid requests redirect to:

https://webas.io/license-has-expired

Disable redirects to return a JSON 403 response:

app.use(createLicenseMiddleware({
  redirect: false,
}));

Cluster Bootstrap

For clustered Node.js apps, verify once in the primary process and share the result through WEBAS_LICENSE_VALID.

const cluster = require('cluster');
const os = require('os');
const { bootstrapLicense, createLicenseMiddleware } = require('@webas/webas/express');

if (cluster.isPrimary) {
  bootstrapLicense().then(() => {
    for (let i = 0; i < os.cpus().length; i += 1) {
      cluster.fork();
    }
  });
} else {
  const express = require('express');
  const app = express();

  app.use(createLicenseMiddleware());
  app.listen(3000);
}

Environment Variables

| Variable | Description | | --- | --- | | WEBAS_LICENSE_KEY | Default license key. | | WEBAS_LICENSE_DOMAIN | Default domain sent to the verification API. | | WEBAS_DOMAIN | Fallback domain variable. | | WEBAS_HWID | Default hardware or machine identifier. | | WEBAS_API_URL | API base URL. Defaults to https://api.webas.io. | | WEBAS_LICENSE_EXPIRED_URL | Redirect URL used by Express middleware. |

Errors

WebasLicenseError

Thrown by verifyOrThrow() when the API returns an invalid license result.

const { WebasLicenseError } = require('@webas/webas');

Important properties:

| Property | Description | | --- | --- | | code | API error code, such as LICENSE_EXPIRED. | | valid | Always false. | | result | Original API response. |

WebasNetworkError

Thrown when the request cannot be completed, times out, or fetch is unavailable.

const { WebasNetworkError } = require('@webas/webas');

Caching

Set cacheTtl to cache successful verification responses.

const client = new WebAS({
  cacheTtl: 300000,
});

Cache entries are separated by verification input, including key, domain, hwid, ip, detailed, app, and method.

Clear the cache manually:

client.license.clearCache();

Exports

const {
  WebAS,
  createWebasClient,
  WebasClient,
  verify,
  WebasLicenseError,
  WebasNetworkError,
  getHwid,
  getLicenseDomain,
  getLicenseKey,
} = require('@webas/webas');

Express helpers are available from:

const {
  bootstrapLicense,
  createLicenseMiddleware,
} = require('@webas/webas/express');

License

MIT